Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: seltsame Browser-Startseite ""http://www.%snf%.com/"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.05.2016, 13:24   #1
Rik74
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Tag zusammen,

erstmal Euch nen schönen Feiertag gewünscht!

Ich habe gerade das Gefühl, das sich mein Rechner was eingefangen hat. Seit ein paar Tagen muss ich feststellen, das sich der Firefox mit folgender Startseite öffnet: "hxxp://www.%snf%.com/"
Eingestellt ist in den Einstellungen des Firefox aber definitiv eine andere Seite.

Was kann / was sollte ich Eurer Meinung nach machen?

Danke im Voraus und Gruß
Rik

Alt 26.05.2016, 15:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 26.05.2016, 16:22   #3
Rik74
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Hi Cosinus, vielen Dank für Deine Antwort!

Ich habe MBAM laufen lassen, hier kommen wie gewünscht die LOGs:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 14.05.2016
Suchlaufzeit: 17:22
Protokolldatei: 20160514.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.14.04
Rootkit-Datenbank: v2016.05.06.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: BigWall

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 364553
Abgelaufene Zeit: 9 Min., 42 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.exe, 6572, Löschen bei Neustart, [a22a5a7b891083b3ffdfe3eb61a0e41c]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 38
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CloudPrinter, In Quarantäne, [01cbc80d04955fd7b82805c757acd030], 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, In Quarantäne, [dfed874ea7f238fec33032845ea5f60a], 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0156C57F-19B6-4D60-968B-A1A560009C2B}, Löschen bei Neustart, [d0fc7c59fa9fb383bbf4e9bcf70b28d8], 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{49967A8E-D427-400D-A875-14D920BA7F9E}, Löschen bei Neustart, [fad28d488d0cd363f0bfdec7eb170ff1], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4C00A8E8-9B03-46BA-82D2-CD0BC1B8811D}, Löschen bei Neustart, [864619bca9f0de58d1189e2f2ed52bd5], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{861BB689-DED5-43A0-9AF8-2D377C217591}, Löschen bei Neustart, [f9d38b4ad7c2072f15d537963ac9847c], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snf, Löschen bei Neustart, [725aa332d7c289ad5399804dc63d3ac6], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snp, Löschen bei Neustart, [3b9161745247ea4c0ae33b9250b34db3], 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WebDiscover Browser Launch Task, Löschen bei Neustart, [6c609c393c5db77fb020fac1b152b050], 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WebDiscover Browser Update Task, Löschen bei Neustart, [49835c795742b482844cc3f87b887e82], 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FD13F4A2-B0D8-4CAD-9CCF-D4128EAF25FF}_IS1, In Quarantäne, [8f3dd2039108c670d81aae082dd63bc5], 
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [5c700fc689108da9c1bf6d51cb37f40c], 
PUP.Optional.IHProtect, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [408c5d78c3d651e5ed2b2b539a6931cf], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtGraveair, In Quarantäne, [3d8f7a5bb8e15fd78ca93e90ff047090], 
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\supTab, In Quarantäne, [5b712da87623fe382bb02890b44fae52], 
PUP.Optional.WPM, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [dbf101d4ddbc3402a7e2375d1ae9aa56], 
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [b6162fa644553600f80c721de22101ff], 
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [913b567fabeea78f98c0263661a2e020], 
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, In Quarantäne, [d7f54d88e3b661d5d14e5c704bb8a45c], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASAPI32, In Quarantäne, [19b3c114d8c173c32c7e3a930cf70ef2], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASMANCS, In Quarantäne, [22aa91440a8f31053c6e527b11f29967], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Graveair_RASAPI32, In Quarantäne, [1fad5d78cdcc8aacf9bb9b32f60dc13f], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Graveair_RASMANCS, In Quarantäne, [597325b09702fa3cefc59e2f0cf746ba], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Graveair.exe, In Quarantäne, [4488ece9f3a65adcd622f8d5f3106e92], 
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, In Quarantäne, [3b9195404e4be5510883339bb94a38c8], 
PUP.Optional.IEPluginServices, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [2f9dc70e49500e28b405621b887b0ff1], 
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [aa226b6a0693f3430f0ef99be71cdd23], 
PUP.Optional.InstallCore, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\InstallCore, In Quarantäne, [8f3de6ef7920f046a1358af4778c4fb1], 
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\WebDiscoverBrowser, In Quarantäne, [e7e507ce1e7b45f13bb5991dd52e8e72], 
PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, In Quarantäne, [f3d9e0f5aaef3afc0519a923fa094db3], 
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [309cba1ba6f33600185d347d4db538c8], 
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b01c22b31f7a90a6a8d10ea345bd758b], 
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [5c709243603975c1dc99a90810f256aa], 
PUP.Optional.SweetSearch, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [fcd0a62ff7a2ba7ca7ac4c4352b18a76], 
PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, In Quarantäne, [577523b27326b97ddd4123a90cf708f8], 
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [5676a53075243ff79adb6a4720e2f60a], 
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [cb01a72ed4c562d4e98c842ded1526da], 
PUP.Optional.SystemHealer, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\SYSTEM HEALER, In Quarantäne, [953723b226736ccacde2d9d955ae0df3], 

Registrierungswerte: 31
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0156C57F-19B6-4D60-968B-A1A560009C2B}|Path, \WebDiscover Browser Update Task, Löschen bei Neustart, [d0fc7c59fa9fb383bbf4e9bcf70b28d8]
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{49967A8E-D427-400D-A875-14D920BA7F9E}|Path, \WebDiscover Browser Launch Task, Löschen bei Neustart, [fad28d488d0cd363f0bfdec7eb170ff1]
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4C00A8E8-9B03-46BA-82D2-CD0BC1B8811D}|Path, \snf, Löschen bei Neustart, [864619bca9f0de58d1189e2f2ed52bd5]
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{861BB689-DED5-43A0-9AF8-2D377C217591}|Path, \snp, Löschen bei Neustart, [f9d38b4ad7c2072f15d537963ac9847c]
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FD13F4A2-B0D8-4CAD-9CCF-D4128EAF25FF}_IS1|DisplayName, WebDiscover Browser 2.163.2, In Quarantäne, [8f3dd2039108c670d81aae082dd63bc5]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, In Quarantäne, [d7f54d88e3b661d5d14e5c704bb8a45c]
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [f2daa92c7623a195eade02ccb152867a]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [606c7e570594d75f8345198a22e0fd03]
PUP.Optional.QuickSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_searchff@gmail.com, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com, In Quarantäne, [07c5d1044e4bdc5a3ab5bcccb54ec53b]
PUP.Optional.SweetSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|sweetsearch@gmail.com, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com, In Quarantäne, [cb01a1347425d95d4113a9e644bf1fe1]
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [9c3010c51f7abb7b6b982c63bc47a15f]
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLOUDPRINTER|ImagePath, C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a, In Quarantäne, [696329ac237645f17609735bb74c639d]
PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, In Quarantäne, [f3d9e0f5aaef3afc0519a923fa094db3]
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [309cba1ba6f33600185d347d4db538c8]
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, In Quarantäne, [b01c22b31f7a90a6a8d10ea345bd758b]
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [923a864f9207d85eea8bb4fd4eb4b34d]
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, In Quarantäne, [606cd7fe00997db9116810a113ef04fc]
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [5c709243603975c1dc99a90810f256aa]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [5c70fdd829708da9c501943a07fc6f91]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [6864cc0910892214ebdc9638b74c8f71]
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WebDiscoverBrowser, C:\Program Files\WebDiscoverBrowser\2.163.2\browser.exe --docked, In Quarantäne, [f0dc45904e4b89ad1ce68429cc36b54b]
PUP.Optional.SweetSearch, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MOZILLA\EXTENDS|appid, sweetsearch@gmail.com, In Quarantäne, [fcd0a62ff7a2ba7ca7ac4c4352b18a76]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\ENVIRONMENT|SNF, C:\ProgramData\Graveairs\snp.sc, In Quarantäne, [fad25b7a37620036f7f41bb16c9760a0]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\ENVIRONMENT|SNP, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D?publisher=APSFCovus&co=DE&userid=effe8a5a-2b20-4068-9c4a-e2b8be197b33&searchtype=sc&installDate=14.05.2016&barcodeid=50036003&channelid=3&av=windows, In Quarantäne, [3f8dcd08d5c4c4729953aa22d92a48b8]
PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, In Quarantäne, [577523b27326b97ddd4123a90cf708f8]
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [5676a53075243ff79adb6a4720e2f60a]
PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [cb01a72ed4c562d4e98c842ded1526da]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [9834af265544a492e5e19539e22114ec]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [af1d845127729a9c9334bd1129da3fc1]
PUP.Optional.SystemHealer, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\SYSTEM HEALER|HomePage, hxxp://systemhealer.com/, In Quarantäne, [953723b226736ccacde2d9d955ae0df3]
PUP.Optional.SystemHealer, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\SYSTEM HEALER|SupportPage, hxxp://systemhealer.com/support/#contact, In Quarantäne, [18b47f56a8f1f442238c4a68b152ec14]

Registrierungsdaten: 23
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[6d5fd203514886b04d02cc781be95ca4]
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[ca0205d0b7e2a591888e3e069e6605fb]
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[428aa62f7b1e171fab9ff64e0df79c64]
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[a22a27ae178268ceb462df659b69916f]
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[5e6eeaeb8b0ed2648ec1f64e01036898]
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[6c60d50019806bcb9a7c46fe6b99738d]
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[804ca233633669cdfb4fdd67b2525ea2]
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[7c50587d277291a5130355efd034cd33]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[507cf2e37a1fc86eb9b914320cf8dd23]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[fecefdd8adecc472d4a6da6c4aba639d]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8xHqnrSgsXrRgsPdFlkYQOlqVmTvXdhZN0o8upmqSVGgArBWkXRWd7QXYBkQnr1brMfgOQ8VHXO2liSsA2w1nwwJbsZo,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8xHqnrSgsXrRgsPdFlkYQOlqVmTvXdhZN0o8upmqSVGgArBWkXRWd7QXYBkQnr1brMfgOQ8VHXO2liSsA2w1nwwJbsZo,),Ersetzt,[4f7d10c51287ce6811693511b153768a]
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[b21a478e9207ce687ecd68dc956fd62a]
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[d2fad9fca1f8fd39c5866ed65ea617e9]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[48845382722757dfd2a8a6a000043ec2]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[e6e6d3025a3f49edd8a251f5966e4fb1]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[04c87c5998013cfaa4d7341259ab5ea2]
PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[97353d984e4b7eb81061e75fe321b24e]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[09c323b25940b581b9c196b00301639d]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8xHqnrSgsXrRgsPdFlkYQOlqVmTvXdhZN0o8upmqSVGgArBWkXRWd7QXYBkQnr1brMfgOQ8VHXO2liSsA2w1nwwJbsZo,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8xHqnrSgsXrRgsPdFlkYQOlqVmTvXdhZN0o8upmqSVGgArBWkXRWd7QXYBkQnr1brMfgOQ8VHXO2liSsA2w1nwwJbsZo,),Ersetzt,[ca025580227706303e3cf65049bb29d7]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[22aa2fa6e5b4be781268ed598b7916ea]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[9a32c213584176c06119f452c34143bd]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[4983c5105b3e80b686f5a6a0a064c040]
PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[78546f667c1d7cba8fe2f2542fd5758b]

Ordner: 123
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar, In Quarantäne, [20ac429328712511d24bb8143bc89f61], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter, Löschen bei Neustart, [01cbc80d04955fd7b82805c757acd030], 
PUP.Optional.IEPluginServices, C:\ProgramData\IePluginServices, In Quarantäne, [3993f9dc2c6de056b010e3acb052926e], 
PUP.Optional.IEPluginServices, C:\ProgramData\IePluginServices\update, In Quarantäne, [3993f9dc2c6de056b010e3acb052926e], 
PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate, In Quarantäne, [9b31d3024752c96dc8ffa2ed3ac8b050], 
PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [9b31d3024752c96dc8ffa2ed3ac8b050], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\en, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\en-US, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\es, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\es-419, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\it, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\it-CH, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\pl, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\ru, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\tr, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\vi, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\defaults, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\defaults\preferences, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.SupTab, C:\Program Files (x86)\SupTab, In Quarantäne, [6b61c60faaef75c169d97523649e2bd5], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], 
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], 
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\content, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], 
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\skin, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Caps, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_metadata, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_platform_specific, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_platform_specific\all, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\21.0.0.216, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_metadata, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\1558030d-74d5-0, In Quarantäne, [6d5f9243504900367423e5bc1be7946c], 
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\1558030d-7d55-1, In Quarantäne, [bc1024b14f4a94a2049309984fb36d93], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Graveairs, In Quarantäne, [8c40d5009504f145fd50e6817e86b24e], 

Dateien: 274
PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.exe, Löschen bei Neustart, [a22a5a7b891083b3ffdfe3eb61a0e41c], 
PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\Joytone.exe, In Quarantäne, [d0fc1abbc0d92115736b6668e120fb05], 
PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\Toughdomcom.exe, In Quarantäne, [3a9272635c3d64d2746aa62821e012ee], 
PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\Zonelax.bin, In Quarantäne, [24a8d302f8a1f541130ee7467e86d22e], 
PUP.Optional.SkyTech, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [ac201eb7247543f339123aec33ce46ba], 
PUP.Optional.SystemHealer, C:\Users\BigWall\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [f3d98c49edac88aef0d29ebc4fb239c7], 
PUP.Optional.DeltaHomes, C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-homes.com_0.localstorage, In Quarantäne, [a3298f4664353105e69fafc858aba858], 
PUP.Optional.DeltaHomes, C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-homes.com_0.localstorage-journal, In Quarantäne, [2ba12ea7f6a3c17587fe80f719ea49b7], 
PUP.Optional.WebDiscoverBrowser, C:\Users\Public\Desktop\WebDiscover Browser.lnk, In Quarantäne, [d8f48e47712858dec12b1e98c83bc040], 
PUP.Optional.WebDiscoverBrowser, C:\Windows\System32\Tasks\WebDiscover Browser Launch Task, In Quarantäne, [5f6d44911d7c61d514ba2b907a8935cb], 
PUP.Optional.WebDiscoverBrowser, C:\Windows\System32\Tasks\WebDiscover Browser Update Task, In Quarantäne, [21abb02535642b0bb618b60581827888], 
PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\ApplicationHosting.dat, In Quarantäne, [ad1f21b43861999dea64d6f12cd755ab], 
PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\md.xml, In Quarantäne, [804cf6df4f4abb7b4b044b7c18ebec14], 
PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\noah.dat, In Quarantäne, [e7e5884dfb9ed95d450b06c118eb966a], 
PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\uninstall_temp.ico, In Quarantäne, [795329ac5f3ad95d044d4a7d996a3ec2], 
PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\lobby.dat, In Quarantäne, [1ab2815491080531825c42857a89bc44], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Lamcof.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\BioEx.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Quadhold.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Strongtough.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Tempfax.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Top-Air.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.dat, Löschen bei Neustart, [01cbc80d04955fd7b82805c757acd030], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\Config.xml, In Quarantäne, [01cbc80d04955fd7b82805c757acd030], 
PUP.Optional.Linkury.ACMB1, C:\Windows\SysWOW64\findit.xml, In Quarantäne, [0fbd11c4c6d340f69e48b21a4db6bd43], 
PUP.Optional.Linkury.ACMB1, C:\Windows\System32\Tasks\snf, In Quarantäne, [d2fafadb425786b00edafad22dd638c8], 
PUP.Optional.Linkury.ACMB1, C:\Windows\System32\Tasks\snp, In Quarantäne, [6f5d4f867623c67094559b31e1229e62], 
PUP.Optional.IEPluginServices, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [3993f9dc2c6de056b010e3acb052926e], 
PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [9b31d3024752c96dc8ffa2ed3ac8b050], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome.manifest, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\install.rdf, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\index.html, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\js.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\icon.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\logo.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\simple.css, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\style.css, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\addonmanager.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\aes.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\config.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\dialogs.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\last_tab.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\misc.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\properties.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\remoterequest.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\restoreprefs.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\settings.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\domain, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\expirationDate, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\hotsearch, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\hotsearch_uptime, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\name, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\path, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\set_country, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\TABts, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\uid, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\updateTime, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\url, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SupTab, C:\Users\Theke\SupTab\_ver, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], 
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome.manifest, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], 
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\install.rdf, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], 
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], 
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], 
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\skin\icon.png, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Certificate Revocation Lists, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\First Run, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Local State, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom Prefix Set, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Csd Whitelist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download Whitelist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Extension Blacklist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Inclusion Whitelist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing IP Blacklist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing UwS List, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing UwS List Prefix Set, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\ChromeDWriteFontCache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Current Session, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Current Tabs, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Google Profile.ico, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\History, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\History-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Network Action Predictor, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Network Action Predictor-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Network Persistent State, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Origin Bound Certs, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Origin Bound Certs-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Preferences, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Secure Preferences, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Shortcuts, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Shortcuts-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Visited Links, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_0, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_1, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_2, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_3, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000001, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000002, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000003, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\index, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\000003.log, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\CURRENT, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\LOCK, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\000003.log, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\CURRENT, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOCK, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOG, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\MANIFEST-000001, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_background.js, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_window.js, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\manifest.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css\craw_window.css, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html\craw_window.html, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\flapper.gif, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_128.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_16.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_close.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_hover.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_maximize.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_pressed.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata\verified_contents.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_0, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_1, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_2, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_3, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\index, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\DC00.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\DC01.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\DC02.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld\66CE.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld\66CF.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld\66D0.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\CURRENT, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\manifest.fingerprint, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\manifest.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_metadata\verified_contents.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_platform_specific\all\ev_hashes_whitelist.bin, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\21.0.0.216\manifest.fingerprint, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\21.0.0.216\manifest.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\manifest.fingerprint, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\manifest.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_metadata\verified_contents.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_pnacl_json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_0, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_1, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_2, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_3, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\index, In Quarantäne, [56760bca3267de58de9e7925fe047a86], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Graveairs\ff.HP, In Quarantäne, [8c40d5009504f145fd50e6817e86b24e], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Graveairs\ff.NT, In Quarantäne, [8c40d5009504f145fd50e6817e86b24e], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Graveairs\snp.sc, In Quarantäne, [8c40d5009504f145fd50e6817e86b24e], 
PUP.Optional.Linkury.ACMB1, C:\Users\BigWall\AppData\Roaming\Config.xml, In Quarantäne, [a02cebeaa6f3c96d49d0acbb2ed6da26], 
PUP.Optional.Linkury.ACMB1, C:\Users\BigWall\AppData\Roaming\InstallationConfiguration.xml, In Quarantäne, [b8145e777029280e50cadd8ab450cc34], 
PUP.Optional.DeltaHomes.ShrtCln, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "delta-homes");), Ersetzt,[3795369f118895a112d26ff42ada0cf4]
PUP.Optional.Linkury.ACMB1, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\Graveairs\\ff.NT");), Ersetzt,[cefe686dc1d8e94d39a0a2c5758f7090]
PUP.Optional.Linkury.ACMB1, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (user_pref("browser.startup.homepage", "C:\\ProgramData\\Graveairs\\ff.HP), Ersetzt,[d3f9f9dc900985b104ddd19843c103fd]
PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (), Schlecht: (quick_searchff@gmail.com), Ersetzt,[b21adcf939608ea808e31b4ee1237c84]
PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (), Schlecht: (sweetsearch@gmail.com), Ersetzt,[a12b8a4b52475adcaf40bbaef90ba15f]
PUP.Optional.Linkury.ACMB1, C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\Graveairs\\ff.NT");), Ersetzt,[933908cd7722f343c51424439c68a55b]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
__________________

Alt 26.05.2016, 16:23   #4
Rik74
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
durchgeführt von Theke (ACHTUNG: der Benutzer ist kein Administrator) auf THEKEWIN7 (26-05-2016 17:13:18)
Gestartet von C:\Users\Theke\Desktop
Geladene Profile: BigWall & Theke (Verfügbare Profile: BigWall & Theke)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

konnte nicht auf den Prozess zugreifen -> smss.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> wininit.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> services.exe
konnte nicht auf den Prozess zugreifen -> lsass.exe
konnte nicht auf den Prozess zugreifen -> lsm.exe
konnte nicht auf den Prozess zugreifen -> winlogon.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> nvvsvc.exe
konnte nicht auf den Prozess zugreifen -> nvSCPAPISvr.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> MsMpEng.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> nvxdsync.exe
konnte nicht auf den Prozess zugreifen -> nvvsvc.exe
konnte nicht auf den Prozess zugreifen -> wisptis.exe
konnte nicht auf den Prozess zugreifen -> spoolsv.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> armsvc.exe
konnte nicht auf den Prozess zugreifen -> mDNSResponder.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> EpsonPE.exe
konnte nicht auf den Prozess zugreifen -> DeviceControlLog.exe
konnte nicht auf den Prozess zugreifen -> PCSVC.exe
konnte nicht auf den Prozess zugreifen -> mqsvc.exe
konnte nicht auf den Prozess zugreifen -> sqlservr.exe
konnte nicht auf den Prozess zugreifen -> SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Jumping Bytes) D:\Programme\PureSync\PureSyncTray.exe
(Binary Fortress Software) D:\Programme\TrayStatus\TrayStatus.exe
(KYOCERA MITA Corporation) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe
(Adobe Systems Inc.) D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
konnte nicht auf den Prozess zugreifen -> Service_KMS.exe
konnte nicht auf den Prozess zugreifen -> SFUSVC.exe
konnte nicht auf den Prozess zugreifen -> sqlwriter.exe
konnte nicht auf den Prozess zugreifen -> NsCatCom.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> TeamViewer_Service.exe
konnte nicht auf den Prozess zugreifen -> vmware-usbarbitrator64.exe
konnte nicht auf den Prozess zugreifen -> NisSrv.exe
konnte nicht auf den Prozess zugreifen -> SearchIndexer.exe
konnte nicht auf den Prozess zugreifen -> OSPPSVC.EXE
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> WUDFHost.exe
konnte nicht auf den Prozess zugreifen -> WUDFHost.exe
konnte nicht auf den Prozess zugreifen -> wmpnetwk.exe
konnte nicht auf den Prozess zugreifen -> WUDFHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
konnte nicht auf den Prozess zugreifen -> tv_w32.exe
konnte nicht auf den Prozess zugreifen -> tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE
(Dropbox, Inc.) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(MagicLine GmbH) \\Magiclinevm7\d\programe\magicline\sml.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
konnte nicht auf den Prozess zugreifen -> TrustedInstaller.exe
(Adobe Systems, Incorporated) D:\Programme\Adobe\CS6\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(David Harris) \\mailserver\PMAIL\Programs\WINPM-32.EXE
(NETGEAR Inc.) D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe
() D:\Programme\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Malwarebytes) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe
konnte nicht auf den Prozess zugreifen -> SearchProtocolHost.exe
konnte nicht auf den Prozess zugreifen -> SearchFilterHost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EpsonAPD4SV] => C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE [212608 2013-11-14] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [Vidalia] => D:\Programme\Vidalia Bridge Bundle\Vidalia\vidalia.exe [6239727 2014-06-05] ()
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [PureSync] => D:\Programme\PureSync\PureSyncTray.exe [1043312 2016-03-08] (Jumping Bytes)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [TrayStatus] => D:\Programme\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [Dropbox Update] => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk [2016-05-14]
ShortcutTarget: Scanner File Utility.lnk -> D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe (KYOCERA MITA Corporation)
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-10-17]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BuchungenV4.01.accdb - Verknüpfung.lnk [2014-06-25]
ShortcutTarget: BuchungenV4.01.accdb - Verknüpfung.lnk -> D:\Programme\Buchungsprogramm\BuchungenV4.01.accdb ()
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicLine.lnk [2014-12-05]
ShortcutTarget: MagicLine.lnk -> X:\Programe\MagicLine\SML.exe (MagicLine GmbH)
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR Genie.lnk [2015-08-28]
ShortcutTarget: NETGEAR Genie.lnk -> D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
GroupPolicyScripts: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 212.37.37.50
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{C23795F5-05BE-4B5B-905C-831E17ABC665}: [DhcpNameServer] 8.8.8.8 212.37.37.50

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=0003446E&OHP=http%3A%2F%2Fwww.delta%2Dhomes.com%2F%3Ftype%3Dhp%26ts%3D1429785819%26from%3Dient04230%26uid%3DWDCXWD10EZEX%2D08RKKA0%5FWD%2DWCC1S814898848988&OSP=http%3A%2F%2Fdo%2Dsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3D%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3D%26uid%3DST500DM002%2D1BC142%5FW2A27G6AXXXXW2A27G6A%26ts%3D1420373293%26type%3Ddefault%26q%3D%7BsearchTerms%7D
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bigwall.de/bigwall/deutsch/klettercentrum-muensterland.html
URLSearchHook: [S-1-5-21-496564312-1949498514-2425945064-1000] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM-x32 -> ielnksrch URL = 
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> DefaultScope {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
DPF: HKLM-x32 {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://192.168.3.90/RtspVaPgDec.cab
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} hxxp://192.168.3.88/aplugLiteDL.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default
FF NewTab: C:\\ProgramData\\Graveairs\\ff.NT
FF Homepage: hxxp://bigwall.de/bigwall/deutsch/klettercentrum-muensterland.html
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "socks", "localhost"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2012-07-13] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2014-02-11] (VMware, Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Extension: flickr original - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\extensions\flickr@jzlabs.com.xpi [2016-04-28]
FF Extension: ADB Helper - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\adbhelper@mozilla.org [2016-02-05]
FF Extension: Ghostery - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\firefox@ghostery.com.xpi [2016-05-04]
FF Extension: Valence - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\fxdevtools-adapters@mozilla.org [2016-02-23]
FF Extension: Video DownloadHelper - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]
FF Extension: Adblock Plus - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-17] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-26]
CHR Extension: (Google Drive) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-26]
CHR Extension: (YouTube) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-26]
CHR Extension: (Google-Suche) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-26]
CHR Extension: (Embedder for Google Business View™) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehloahmpmbpgpkkdnlnidpokncaaomak [2014-07-01]
CHR Extension: (Bookmark Manager) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-22]
CHR Extension: (Google Wallet) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-26]
CHR Extension: (Google Mail) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-26]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-25] (Adobe Systems) [Datei ist nicht signiert]
R2 EpsonPEService; C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe [914584 2012-01-30] (Seiko Epson Corporation)
R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [396288 2013-11-18] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [551936 2013-11-18] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 MSSQL$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation)
S3 NETGEARGenieDaemon; D:\Programme\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 Service KMSELDI; d:\Programme\KMSpico\Service_KMS.exe [735936 2015-08-16] (@ByELDI) [Datei ist nicht signiert]
R2 SFUSVC; D:\Programme\TriumphAdler\ScannerUtility\SFUSVC.exe [274499 2003-09-16] (KYOCERA MITA CORPORATION) [Datei ist nicht signiert]
S4 SQLAgent$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 EpsCe; C:\Windows\system32\Drivers\EpsCe.sys [91944 2014-06-25] (Seiko Epson Corporation)
S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [21640 2013-11-18] (SEIKO EPSON CORPORATION)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-14] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-05-07] (CACE Technologies, Inc.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation)
R3 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-03-01] (Seiko Epson Corporation)
S2 EpsCe2; \??\C:\Windows\system32\Drivers\EpsCe2.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-26 17:13 - 2016-05-26 17:14 - 00029316 ____C C:\Users\Theke\Desktop\FRST.txt
2016-05-26 17:13 - 2016-05-26 17:13 - 00000000 ___DC C:\FRST
2016-05-26 17:12 - 2016-05-26 17:12 - 02383360 ____C (Farbar) C:\Users\Theke\Desktop\FRST64.exe
2016-05-19 14:35 - 2016-05-19 14:35 - 00000000 __SDC C:\Users\Theke\Documents\Meine Datenquellen
2016-05-14 17:23 - 2016-05-14 17:28 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\Hemag-CAD
2016-05-14 17:21 - 2016-05-14 17:21 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-14 17:21 - 2016-05-14 17:21 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-14 17:20 - 2016-05-14 17:20 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-05-14 17:20 - 2016-03-10 14:09 - 00064896 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-14 17:20 - 2016-03-10 14:08 - 00140672 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-14 17:20 - 2016-03-10 14:08 - 00027008 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-14 17:00 - 2016-05-14 17:52 - 00000000 ___DC C:\ProgramData\Hemag-CAD
2016-05-14 17:00 - 2016-05-14 17:00 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Hemag-CAD
2016-05-14 16:59 - 2016-05-14 16:59 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\dlg
2016-05-14 16:58 - 2016-05-14 16:58 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Opera Software
2016-05-14 16:56 - 2016-05-14 16:56 - 06494208 ____C C:\Users\BigWall\AppData\Roaming\agent.dat
2016-05-14 16:56 - 2016-05-14 16:56 - 01626777 ____C C:\Users\BigWall\AppData\Roaming\Joytone.tst
2016-05-14 16:56 - 2016-05-14 16:56 - 00127488 ____C C:\Users\BigWall\AppData\Roaming\Installer.dat
2016-05-14 16:56 - 2016-05-14 16:56 - 00072717 ____C C:\Users\BigWall\AppData\Roaming\Toughdomcom.tst
2016-05-14 16:56 - 2016-05-14 16:56 - 00018432 ____C C:\Users\BigWall\AppData\Roaming\Main.dat
2016-05-13 11:32 - 2016-05-13 11:32 - 00000000 ____D C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-12 14:02 - 2016-05-12 14:03 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-05-12 14:02 - 2016-05-12 14:03 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-12 14:02 - 2016-05-12 14:03 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-05-12 14:02 - 2016-05-12 14:03 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-11 15:19 - 2016-05-11 22:44 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 15:18 - 2016-05-11 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 15:18 - 2016-05-11 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 15:18 - 2016-05-11 22:41 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 15:18 - 2016-05-11 22:41 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 15:18 - 2016-05-11 22:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 15:18 - 2016-05-11 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 15:18 - 2016-05-11 22:39 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 15:18 - 2016-05-11 22:39 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 15:18 - 2016-05-11 22:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 15:18 - 2016-05-11 22:39 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 15:18 - 2016-05-11 22:39 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 15:18 - 2016-05-11 22:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 15:18 - 2016-05-11 22:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 15:18 - 2016-05-11 22:29 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 15:18 - 2016-05-11 22:29 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-06 11:08 - 2016-05-07 10:13 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-04-30 12:32 - 2016-04-30 12:32 - 00003189 _____ C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProfiCash.exe.lnk
2016-04-30 11:33 - 2016-04-30 11:33 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-04-30 11:06 - 2016-04-30 11:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe
2016-04-30 11:06 - 2016-04-30 11:06 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftsrch.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\ftsrch.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx041e.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\ftlx041e.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx0411.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\ftlx0411.dll
2016-04-29 10:34 - 2016-04-29 10:34 - 00001651 ____C C:\Users\Theke\Desktop\Pegasus.LNK
2016-04-28 20:56 - 2016-04-28 20:56 - 00000000 ____D C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pegasus Mail

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-26 11:10 - 2009-07-14 06:45 - 00031600 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-26 11:10 - 2009-07-14 06:45 - 00031600 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-26 11:06 - 2014-04-17 18:50 - 00002246 ____H C:\Users\Theke\Documents\Default.rdp
2016-05-26 11:01 - 2014-04-15 20:58 - 00765264 ____C C:\Windows\system32\perfh007.dat
2016-05-26 11:01 - 2014-04-15 20:58 - 00174254 ____C C:\Windows\system32\perfc007.dat
2016-05-26 11:01 - 2009-07-14 07:13 - 01805518 ____C C:\Windows\system32\PerfStringBackup.INI
2016-05-26 11:01 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\inf
2016-05-26 11:00 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\system32\FxsTmp
2016-05-26 10:56 - 2014-11-10 19:35 - 00000000 __RDC C:\Users\Theke\Dropbox
2016-05-26 10:55 - 2014-04-15 13:52 - 00000000 ___DC C:\ProgramData\NVIDIA
2016-05-26 10:55 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-05-24 21:39 - 2014-12-13 12:22 - 00000000 ___DC C:\Program Files (x86)\TeamViewer
2016-05-24 13:48 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-20 13:44 - 2015-12-01 11:08 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 04:06 - 2016-03-05 16:22 - 00000977 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-14 18:21 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\system
2016-05-14 18:08 - 2015-06-18 13:57 - 00001224 ____C C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA.job
2016-05-14 17:38 - 2014-09-27 09:58 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-14 17:37 - 2016-01-20 18:38 - 00000735 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2016-05-14 17:37 - 2015-08-28 13:28 - 00000912 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2016-05-14 17:37 - 2015-07-23 13:50 - 00002181 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-14 17:37 - 2015-07-23 13:50 - 00001153 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-14 17:37 - 2015-03-25 11:59 - 00000769 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-05-14 17:37 - 2014-07-04 10:27 - 00002453 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2016-05-14 17:37 - 2014-07-04 10:27 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2016-05-14 17:37 - 2014-07-04 10:18 - 00001091 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-05-14 17:37 - 2014-07-04 10:15 - 00000991 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-05-14 17:37 - 2014-06-25 15:09 - 00002079 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2016-05-14 17:37 - 2014-06-25 15:08 - 00002061 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2016-05-14 17:37 - 2014-04-15 16:34 - 00002471 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-05-14 17:37 - 2014-04-15 16:33 - 00002507 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-14 17:37 - 2014-04-15 16:13 - 00002111 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-05-14 17:37 - 2014-04-15 11:01 - 00001333 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-14 17:37 - 2014-04-15 11:01 - 00001314 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-14 17:37 - 2009-07-14 07:01 - 00001282 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-14 17:37 - 2009-07-14 06:57 - 00001535 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-14 17:37 - 2009-07-14 06:57 - 00001318 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-14 17:37 - 2009-07-14 06:57 - 00001234 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-14 17:37 - 2009-07-14 06:54 - 00001198 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-14 17:37 - 2009-07-14 06:49 - 00001266 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-14 17:35 - 2014-04-17 18:12 - 00000000 ___DC C:\Users\Theke
2016-05-14 17:25 - 2014-07-01 15:21 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-14 17:06 - 2015-07-09 21:24 - 00000000 ____D C:\Users\Theke\AppData\Local\CrashDumps
2016-05-14 16:57 - 2014-04-17 18:12 - 00001451 _____ C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-14 16:19 - 2015-06-18 13:57 - 00001172 ____C C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core.job
2016-05-14 14:35 - 2014-07-01 15:21 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 16:38 - 2014-06-25 09:45 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 16:38 - 2014-06-25 09:45 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 11:32 - 2014-11-10 19:31 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\Dropbox
2016-05-12 21:12 - 2014-12-11 14:38 - 00000000 ___DC C:\Windows\system32\appraiser
2016-05-12 13:55 - 2009-07-14 06:45 - 05524632 ____C C:\Windows\system32\FNTCACHE.DAT
2016-05-12 13:54 - 2010-11-21 09:16 - 00000000 ___DC C:\Program Files\Windows Journal
2016-05-11 22:38 - 2014-04-15 13:34 - 00000000 ___DC C:\Windows\system32\MRT
2016-05-11 22:29 - 2014-04-15 13:34 - 139319312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-07 19:06 - 2015-06-07 10:45 - 00369168 ____C (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2016-05-07 19:06 - 2015-06-07 10:45 - 00281104 ____C (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2016-05-07 19:06 - 2015-06-07 10:45 - 00106000 ____C (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2016-05-07 19:06 - 2015-06-07 10:45 - 00096784 ____C (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2016-05-07 19:06 - 2015-06-07 10:45 - 00035344 ____C (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2016-05-07 10:13 - 2014-06-25 09:44 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 21:46 - 2015-04-04 19:07 - 00000000 __SDC C:\Windows\SysWOW64\GWX
2016-05-06 21:46 - 2015-04-04 19:07 - 00000000 __SDC C:\Windows\system32\GWX
2016-05-04 14:42 - 2014-04-17 18:12 - 00254168 _____ C:\Users\Theke\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-02 13:40 - 2014-04-15 13:08 - 00000000 ___DC C:\Users\BigWall
2016-04-30 12:24 - 2014-10-09 13:42 - 00000000 ___DC C:\ProgramData\Oracle
2016-04-30 11:22 - 2016-01-30 11:26 - 00097856 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-30 11:22 - 2015-10-11 10:33 - 00000000 ___DC C:\Users\Theke\.oracle_jre_usage
2016-04-30 11:22 - 2015-10-11 10:32 - 00000000 ___DC C:\Users\BigWall\.oracle_jre_usage
2016-04-30 11:22 - 2015-10-11 10:32 - 00000000 ___DC C:\Program Files (x86)\Java
2016-04-30 11:22 - 2014-10-22 08:42 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-30 11:19 - 2014-04-17 18:39 - 00990275 ____C C:\Windows\unins000.exe
2016-04-30 11:19 - 2014-04-17 18:39 - 00041340 ____C C:\Windows\unins000.dat
2016-04-29 11:34 - 2014-08-05 16:02 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\VMware
2016-04-28 20:57 - 2014-07-26 11:42 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\tor

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-12 11:28 - 2015-09-04 16:49 - 0000132 ____C () C:\Users\Theke\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2014-07-08 20:35 - 2015-07-17 16:11 - 0000132 ____C () C:\Users\Theke\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2015-03-23 16:02 - 2015-05-30 17:47 - 0000132 ____C () C:\Users\Theke\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-08-14 14:27 - 2014-08-14 14:27 - 0038432 ____C () C:\Users\Theke\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-07-06 17:25 - 2015-12-29 21:32 - 0001456 _____ () C:\Users\Theke\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-07-10 14:01 - 2015-03-23 20:09 - 0005632 _____ () C:\Users\Theke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-14 14:42 - 2015-07-07 13:21 - 0000600 _____ () C:\Users\Theke\AppData\Local\PUTTY.RND
2016-01-08 11:56 - 2016-01-08 11:56 - 0000862 ____C () C:\Users\Theke\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
C:\Users\Theke\AppData\Local\Temp\CIB166F.tmp.exe
C:\Users\Theke\AppData\Local\Temp\CIB1FFE.tmp.exe
C:\Users\Theke\AppData\Local\Temp\CIB75CE.tmp.exe
C:\Users\Theke\AppData\Local\Temp\CIB9BE7.tmp.exe
C:\Users\Theke\AppData\Local\Temp\CIBC477.tmp.exe
C:\Users\Theke\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Theke\AppData\Local\Temp\ose00000.exe
C:\Users\Theke\AppData\Local\Temp\PureSyncInst.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden. der Benutzer ist kein Administrator

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
durchgeführt von Theke (2016-05-26 17:14:27)
Gestartet von C:\Users\Theke\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-04-15 11:08:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-496564312-1949498514-2425945064-500 - Administrator - Disabled)
BigWall (S-1-5-21-496564312-1949498514-2425945064-1000 - Administrator - Enabled) => C:\Users\BigWall
Gast (S-1-5-21-496564312-1949498514-2425945064-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-496564312-1949498514-2425945064-1011 - Limited - Enabled)
Theke (S-1-5-21-496564312-1949498514-2425945064-1001 - Limited - Enabled) => C:\Users\Theke

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.5 - Sereby Corporation)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.4.1 - Angry IP Scanner)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Berker TS RTR Plugin 0.0.1.0 (HKLM-x32\...\{E11AC1A7-2F59-4911-90ED-E0B55D2101D6}) (Version: 0.0.1.0 - Berker GmbH & Co. KG)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bully Dog Update Agent (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\87038f485ccfb0f5) (Version: 1.1.7.8 - Bully Dog Technologies)
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.2.1 - Nikon Corporation)
CIB pdf brewer (HKLM\...\{230C73B3-78DF-4201-AC19-7BEE33311621}) (Version: 2.7.0002 - CIB software GmbH)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Dropbox (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.1.0.100 - EasternGraphics)
EPSON Advanced Printer Driver 4 (HKLM-x32\...\{11FF6AF6-0141-4EF8-829A-989459A1E5D8}) (Version: 4.55.0400 - SEIKO EPSON CORPORATION)
EPSON APD4 Point and Print Support (x32 Version: 4.55.0400 - SEIKO EPSON CORPORATION) Hidden
EPSON Port Communication Service (HKLM\...\{41D2226A-AD7F-423E-A85C-A09FBD4B53DE}) (Version: 3.9.0 - SEIKO EPSON CORPORATION)
EPSON TM Coupon Package (HKLM-x32\...\{60ED98A7-BE97-4F26-B32E-5087337C6044}) (Version: 1.20.0000 - Seiko Epson Corporation) <==== ACHTUNG
EPSON TM Virtual Port Driver Ver.8.30b (HKLM-x32\...\{3D7277B3-B0BE-497C-A626-55F063254B5B}) (Version: 8.30.0000 - SEIKO EPSON CORPORATION)
Fakturama 1.6.8 (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\5723-2630-1175-8368) (Version: 1.6.8 - Fakturama.org)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
GDR 4042 für SQL Server 2008 R2 (KB3045313) (64-bit) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.)
Hager TR131 - Berker 8505 01 00 Plug-In (HKLM-x32\...\{C30F8D97-FB69-4EB5-A6D4-A89B27DF167E}) (Version: 1.1.0 - Hager Group)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
InstPortMon (x32 Version: 1.3.0.0 - InstPortMon) Hidden
iSpy (64 bit) (HKLM\...\{4C5C6F38-E560-4A88-8F68-735D7A258F28}) (Version: 6.5.1.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{122ec9b4-1264-45d8-b64c-b73493549025}) (Version: 6.5.1.0 - DeveloperInABox)
IZArc 4.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.2 - Ivan Zahariev)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
KG-819 (HKLM-x32\...\KG-819V2.00) (Version: V2.00 - Quanzhou Wouxun Electronics Co.£¬Ltd. Right)
KM-NET Remote Operation Panel (HKLM-x32\...\{7325D304-E5D4-11D3-A677-00C04FC337BE}) (Version:  - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
KNX eteC Falcon Runtime v2.1 (x32 Version: 2.1.5213.27900 - KNX Association cvba) Hidden
KNX ETS4 (HKLM-x32\...\KNX ETS4) (Version: 4.1.3614.46489 - KNX Association cvba)
KNX ETS4 (x32 Version: 4.1.3614.46489 - KNX Association cvba) Hidden
KNX ETS4 Additional Runtime (x32 Version: 4.0.0.0 - KNX Association cvba) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Magicline - Client - Installation (HKLM-x32\...\{E40C9183-4FB7-11DB-9529-000C6E0CFD35}) (Version: 8.50.0000 - Studioline Schulz und Lorenzen KG)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{D9473D19-26F1-4B91-BBAC-4089CB41BC48}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{B2213E4E-F502-4D36-BE95-9293C866EF3F}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 37.0.2178.43 (HKLM-x32\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.308.2 - Tracker Software Products (Canada) Ltd.)
Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version:  - David Harris)
Pegasus Mail HTML Renderer 2.4.9.9 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Pegasus Mail v4.72 Release 1, Build 572 (Deutsche Komplettversi (HKLM-x32\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version:  - Sven Henze)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.1.1 - Nikon Corporation)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
PL-2303HXD Vista Driver Installer (HKLM-x32\...\{503C86BF-22CB-4806-B2AE-AA79DFD8BA35}) (Version: 3.0.0.1 - Prolific Technology Inc.)
Profi cash (HKLM-x32\...\Profi cash) (Version:  - )
PureSync (x32 Version: 4.1.0 - Jumping Bytes) Hidden
PureSync 4.1.0 (HKLM-x32\...\PureSync) (Version: 4.1.0 - Jumping Bytes)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scanner File Utility (HKLM-x32\...\{2CA99244-798C-11D6-AF02-0010B5A02D6F}) (Version: 4.11.03 - )
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SketchUp 2014 (HKLM-x32\...\{9E620BD5-AEEC-492D-9065-D71FCD4C52F1}) (Version: 14.1.1282 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SolarWinds Active Diagnostics 1.1.0.230 (HKLM-x32\...\{B8FB6695-3797-4DAA-B113-13CB8BBEF9C7}) (Version: 1.1.0.230 - SolarWinds, Inc.)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{F4264106-F90E-4076-98CF-1B878DB14513}) (Version: 10.0.1600.22 - Microsoft Corporation)
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
SuperMailer 8.01 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 8.01 - Mirko Boeer Softwareentwicklungen)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
TextPad 7 (HKLM\...\{F5AF1DA4-4929-4BFA-B948-7BDD98A5405F}) (Version: 7.3.0 - Helios)
Tor 0.2.4.22 (HKLM-x32\...\Tor) (Version:  - )
TrayStatus 1.2.3 (HKLM-x32\...\d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1) (Version: 1.2.3.0 - Binary Fortress Software)
Vidalia 0.2.21 (HKLM-x32\...\Vidalia) (Version:  - )
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.1557 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.)
WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core.job => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA.job => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>  <==== ACHTUNG
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>  <==== ACHTUNG

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Theke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Theke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Theke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () D:\Programme\FileZilla FTP Client\fzshellext_64.dll
2015-12-12 12:50 - 2012-07-20 14:39 - 02469888 _____ () D:\Programme\IZArc\IZArcCM64.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\petzldealer.com -> hxxps://www.petzldealer.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2014-07-04 11:25 - 00002831 ___AC C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

Da befinden sich 34 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 212.37.37.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: TeamViewer9 => 2

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{2AF505A6-FD82-4E5D-BECC-8BACD281B4FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B732E66-00C9-44FC-83E6-3B65C42394DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E92CF607-CF51-43A4-8028-008ACB195E89}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE523324-55BB-4AE4-A5EC-8C96545B54BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D5675ABB-915F-4C4E-B5AD-BEBA6CC79466}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe
FirewallRules: [{489C99D0-75B8-4621-A4BA-D187EE25676E}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe
FirewallRules: [{7C93B7F1-5FE2-4577-8831-EABCE06C4FCD}] => (Block) D:\Programme\Adobe\Photoshop CS2\Photoshop.exe
FirewallRules: [{A252E2D6-8687-4079-9E5C-7DBCFCB50987}] => (Block) D:\Programme\Adobe\Photoshop CS2\ImageReady.exe
FirewallRules: [{5483C2D1-DBB0-46F2-9219-4B6BDCD4C0D1}] => (Block) E:\VOLKSWAGEN\Keygen.exe
FirewallRules: [{D24A7F60-05E0-4201-840B-395D607B3D1E}] => (Allow) D:\Programme\TriumphAdler\ScannerUtility\NsCatConf.exe
FirewallRules: [{2F390EDC-EC39-445D-923D-CC1E4DB68672}] => (Allow) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe
FirewallRules: [{18E008FA-D8D2-4C86-854E-31010171471C}] => (Allow) D:\Programme\Adobe\CS6\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{618B0A4D-6057-48AB-84DB-2C3E0E0BEE73}] => (Allow) D:\Programme\Adobe\CS6\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{86E75673-2560-4B66-BB59-F9C1DC40FC50}] => (Allow) LPort=7935
FirewallRules: [{4E0CDC5B-0F52-4967-888C-B5A3D1E95808}] => (Block) C:\Program Files (x86)\ETS4\ETS4.exe
FirewallRules: [TCP Query User{46E1C863-2B72-40B2-88F2-83A7B5B3073A}D:\programme\vidalia bridge bundle\tor\tor.exe] => (Allow) D:\programme\vidalia bridge bundle\tor\tor.exe
FirewallRules: [UDP Query User{F0E7EFF3-36C2-4253-9246-3703460A6B1F}D:\programme\vidalia bridge bundle\tor\tor.exe] => (Allow) D:\programme\vidalia bridge bundle\tor\tor.exe
FirewallRules: [TCP Query User{9E0B22FC-5921-4A83-9D93-6348D240433E}E:\advanced\autorun.exe] => (Allow) E:\advanced\autorun.exe
FirewallRules: [UDP Query User{4C2169F9-71F6-4197-AFCD-F45FB3B065FA}E:\advanced\autorun.exe] => (Allow) E:\advanced\autorun.exe
FirewallRules: [{CE1715D7-3622-4AF0-84F2-3132919AEA2C}] => (Allow) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BE84BABE-DC31-4622-9AEC-802B76B9D0B7}] => (Allow) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6131C880-C76E-468D-86B6-FD61373BA71E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B784CA0-A0CF-4F4C-995D-93908687B91D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{85F4C43F-FA8C-409C-8AAD-F07FA5F002BE}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{67A4F906-DE22-4AAA-B2CF-6A291C4A7B3A}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{F0F9A621-96C0-4D38-B926-3ADA1E7FF6C3}\\mailserver\pmail\programs\winpm-32.exe] => (Allow) \\mailserver\pmail\programs\winpm-32.exe
FirewallRules: [UDP Query User{602D4885-E883-4AEB-A8C2-8E36933DEED1}\\mailserver\pmail\programs\winpm-32.exe] => (Allow) \\mailserver\pmail\programs\winpm-32.exe
FirewallRules: [TCP Query User{501707A5-E750-40A4-9B2E-56E6A7DB6485}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2DF280B3-F7AF-40A7-B3B7-DD80125A0C40}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F251C477-55FA-470B-AEFE-3C321C1BA986}D:\programme\netgear genie\bin\netgeargenie.exe] => (Allow) D:\programme\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{542A6A53-843B-4BA7-BD40-96627228F5E2}D:\programme\netgear genie\bin\netgeargenie.exe] => (Allow) D:\programme\netgear genie\bin\netgeargenie.exe
FirewallRules: [{56F7E30C-A277-4F0F-AFDA-0233C3E55B8F}] => (Allow) LPort=1688
FirewallRules: [{91A8F7B3-A2C1-4FA3-8A3D-2A38F0FDAFF9}] => (Allow) D:\Programme\KMSpico\Service_KMS.exe
FirewallRules: [{2FCA0C05-9E95-4FED-9C20-50DB52C40863}] => (Allow) D:\Programme\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{C20CEFF4-3B10-4E41-9AC3-856F4D9115C9}D:\programme\netgear genie\bin\netgeargenie.exe] => (Block) D:\programme\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{308204A6-74A7-4655-A08C-36E192BF7E64}D:\programme\netgear genie\bin\netgeargenie.exe] => (Block) D:\programme\netgear genie\bin\netgeargenie.exe
FirewallRules: [{C59A5CAB-1029-4BB9-8175-F5BB1121DAD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{531C66F8-2593-4160-8241-6079B2152AD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{6CB8C93F-1C54-4BB9-B739-1120AA23CFFD}D:\programme\superscan\superscan4.1.exe] => (Allow) D:\programme\superscan\superscan4.1.exe
FirewallRules: [UDP Query User{0801E5DD-D24F-491E-930F-D74F93CD2121}D:\programme\superscan\superscan4.1.exe] => (Allow) D:\programme\superscan\superscan4.1.exe
FirewallRules: [TCP Query User{F4A24CB2-F064-494C-998C-AADBF499F8AC}D:\programme\ispy\ispy.exe] => (Allow) D:\programme\ispy\ispy.exe
FirewallRules: [UDP Query User{815CAEE5-3C5F-4A37-B242-98284E8F92BE}D:\programme\ispy\ispy.exe] => (Allow) D:\programme\ispy\ispy.exe
FirewallRules: [{E198830E-7026-4913-BC91-BB84177C1E90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BBE6B44A-6A29-4A2C-8798-0CC6A5CA4F88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DB5B5E0-7968-4583-A394-379B219F8492}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C8DCA76B-6F71-4709-A6D5-C37A0939B46B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E5914E6A-FDA3-4756-96FA-7B6BE214A6AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/26/2016 03:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 3.3.168.192.in-addr.arpa. PTR ThekeWin7.local.

Error: (05/26/2016 03:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.3.3:5353   19 3.3.168.192.in-addr.arpa. PTR ThekeWin7-2.local.

Error: (05/26/2016 10:57:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2016 01:37:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2016 01:50:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2016 01:48:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ThekeWin7.local already in use; will try ThekeWin7-2.local instead

Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 ThekeWin7.local. Addr 192.168.3.3

Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.3.3:5353   16 ThekeWin7.local. AAAA FD00:0000:0000:0000:48BB:2BE1:1267:8EDF

Error: (05/23/2016 01:47:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 ThekeWin7.local. Addr 192.168.3.3


Systemfehler:
=============
Error: (05/26/2016 12:44:59 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/26/2016 10:56:28 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/26/2016 10:55:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WebDiscover Browser Startup Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2016 10:55:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "EPSON PCS Parallel Port Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (05/26/2016 10:55:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "EpsCe2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2016 10:55:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (05/26/2016 10:55:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (05/25/2016 09:50:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/25/2016 05:40:48 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/25/2016 01:36:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


==================== Speicherinformationen =========================== 

Prozessor: AMD FX(tm)-4130 Quad-Core Processor 
Prozentuale Nutzung des RAM: 90%
Installierter physikalischer RAM: 4079.23 MB
Verfügbarer physikalischer RAM: 407.79 MB
Summe virtueller Speicher: 8156.64 MB
Verfügbarer virtueller Speicher: 2485.54 MB

==================== Laufwerke ================================

Drive c: (System) (Fixed) (Total:59.62 GB) (Free:1.08 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.41 GB) (Free:703.75 GB) NTFS
Drive m: () (Network) (Total:1829.34 GB) (Free:623.68 GB) 
Drive x: (Programme) (Network) (Total:97.66 GB) (Free:91.69 GB) NTFS

==================== MBR & Partitionstabelle ==================

==================== Ende von Addition.txt ============================
         

Alt 26.05.2016, 22:01   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Zitat:
durchgeführt von Theke (ACHTUNG: der Benutzer ist kein Administrator)
Ohne Adminrechte kann das nix werden

Zitat:
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
E:\VOLKSWAGEN\Keygen.exe
Dein Ernst? Gecrackte Software? Das auf einem System, das sehr nach gewerblichen Gebrauch aussieht?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2016, 09:55   #6
Rik74
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



okay, werde die Scans nochmal als Admin durchführen und berichten.

Den "Volkswagen-Keygen" kenne ich nicht - der Rechner war aber ne Zeitlang ohne Adminrechte ausgestattet, vielleicht hat einer meiner Mitarbeiter irgendwas versucht zu installieren? Und: Laufwerk E ist bei mir das DVD-Laufwerk? Verstehe ich nicht...

Gruß
Rik

Alt 27.05.2016, 09:59   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Was heißt hier Mitarbeiter?
Wenn das ein Büro-PC ist und ihr da gecrackte Software verwendet kann man nur noch mit dem Kopf schütteln. Abgesehen davon ist die IT-Abteilung der Firma für die Sicherheit und Malwareentfernung zuständig.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2016, 10:29   #8
Rik74
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Hi Cosinus!

hab nun die Scanner nochmal durchlaufen lassen, hier die LOGs:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 27.05.2016
Suchlaufzeit: 10:48
Protokolldatei: 20160527..txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.27.02
Rootkit-Datenbank: v2016.05.20.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: BigWall

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 365644
Abgelaufene Zeit: 8 Min., 50 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [b22cdffbb0e91b1b3d50596c57ace21e], 

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 3
PUP.Optional.Linkury.Gen, C:\Users\BigWall\AppData\Roaming\Joytone.tst, , [548a9545b1e884b240b337aa986b7090], 
PUP.Optional.Linkury.Gen, C:\Users\BigWall\AppData\Roaming\Toughdomcom.tst, , [a935eded1b7e171f43b0c21fcb38ce32], 
PUP.Optional.Linkury.ACMB1, C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\Graveairs\\ff.NT");), ,[c11d65754c4d8da9ee57f781778dd729]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         


Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
durchgeführt von BigWall (Administrator) auf THEKEWIN7 (27-05-2016 10:56:40)
Gestartet von C:\Users\Theke\Desktop
Geladene Profile: BigWall & Theke &  (Verfügbare Profile: BigWall & Theke)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(@ByELDI) D:\Programme\KMSpico\Service_KMS.exe
(KYOCERA MITA CORPORATION) D:\Programme\TriumphAdler\ScannerUtility\SFUSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(KYOCERA MITA Corporation) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Jumping Bytes) D:\Programme\PureSync\PureSyncTray.exe
(Binary Fortress Software) D:\Programme\TrayStatus\TrayStatus.exe
(KYOCERA MITA Corporation) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe
(Adobe Systems Inc.) D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE
(Dropbox, Inc.) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe
(MagicLine GmbH) \\MAGICLINEVM7\D\Programe\MagicLine\SML.exe
(Jumping Bytes) C:\Program Files (x86)\Common Files\Jumping Bytes\jbUpdater.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(David Harris) \\mailserver\PMAIL\Programs\winpm-32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EpsonAPD4SV] => C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE [212608 2013-11-14] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [Vidalia] => D:\Programme\Vidalia Bridge Bundle\Vidalia\vidalia.exe [6239727 2014-06-05] ()
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\MountPoints2: {4d78e51f-c47c-11e3-8fa3-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Vidalia] => D:\Programme\Vidalia Bridge Bundle\Vidalia\vidalia.exe [6239727 2014-06-05] ()
HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4d78e51f-c47c-11e3-8fa3-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [PureSync] => D:\Programme\PureSync\PureSyncTray.exe [1043312 2016-03-08] (Jumping Bytes)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [TrayStatus] => D:\Programme\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [Dropbox Update] => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PureSync] => D:\Programme\PureSync\PureSyncTray.exe [1043312 2016-03-08] (Jumping Bytes)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TrayStatus] => D:\Programme\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk [2016-05-14]
ShortcutTarget: Scanner File Utility.lnk -> D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe (KYOCERA MITA Corporation)
Startup: C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk [2016-05-14]
ShortcutTarget: Zahlungserinnerung.lnk -> D:\Programme\ProfiCash\wzed.exe ()
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-10-17]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BuchungenV4.01.accdb - Verknüpfung.lnk [2014-06-25]
ShortcutTarget: BuchungenV4.01.accdb - Verknüpfung.lnk -> D:\Programme\Buchungsprogramm\BuchungenV4.01.accdb ()
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\BigWall\AppData\Roaming\Dropbox\bin\Dropbox.exe (Keine Datei)
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicLine.lnk [2014-12-05]
ShortcutTarget: MagicLine.lnk -> X:\Programe\MagicLine\SML.exe (Keine Datei)
Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR Genie.lnk [2015-08-28]
ShortcutTarget: NETGEAR Genie.lnk -> D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
GroupPolicyScripts: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 212.37.37.50
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{C23795F5-05BE-4B5B-905C-831E17ABC665}: [DhcpNameServer] 8.8.8.8 212.37.37.50

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-496564312-1949498514-2425945064-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=0003446E&OHP=http%3A%2F%2Fwww.delta%2Dhomes.com%2F%3Ftype%3Dhp%26ts%3D1429785819%26from%3Dient04230%26uid%3DWDCXWD10EZEX%2D08RKKA0%5FWD%2DWCC1S814898848988&OSP=http%3A%2F%2Fdo%2Dsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3D%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3D%26uid%3DST500DM002%2D1BC142%5FW2A27G6AXXXXW2A27G6A%26ts%3D1420373293%26type%3Ddefault%26q%3D%7BsearchTerms%7D
HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=0003446E&OHP=http%3A%2F%2Fwww.delta%2Dhomes.com%2F%3Ftype%3Dhp%26ts%3D1429785819%26from%3Dient04230%26uid%3DWDCXWD10EZEX%2D08RKKA0%5FWD%2DWCC1S814898848988&OSP=http%3A%2F%2Fdo%2Dsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3D%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3D%26uid%3DST500DM002%2D1BC142%5FW2A27G6AXXXXW2A27G6A%26ts%3D1420373293%26type%3Ddefault%26q%3D%7BsearchTerms%7D
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bigwall.de/bigwall/deutsch/klettercentrum-muensterland.html
HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bigwall.de/bigwall/deutsch/klettercentrum-muensterland.html
SearchScopes: HKLM-x32 -> ielnksrch URL = 
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> DefaultScope {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
DPF: HKLM-x32 {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://192.168.3.90/RtspVaPgDec.cab
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} hxxp://192.168.3.88/aplugLiteDL.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2012-07-13] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2014-02-11] (VMware, Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\user.js [2015-04-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-17] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (YouTube) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Google-Suche) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Google Wallet) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Google Mail) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-25] (Adobe Systems) [Datei ist nicht signiert]
R2 EpsonPEService; C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe [914584 2012-01-30] (Seiko Epson Corporation)
R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [396288 2013-11-18] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [551936 2013-11-18] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 MSSQL$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation)
S3 NETGEARGenieDaemon; D:\Programme\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Service KMSELDI; d:\Programme\KMSpico\Service_KMS.exe [735936 2015-08-16] (@ByELDI) [Datei ist nicht signiert]
R2 SFUSVC; D:\Programme\TriumphAdler\ScannerUtility\SFUSVC.exe [274499 2003-09-16] (KYOCERA MITA CORPORATION) [Datei ist nicht signiert]
S4 SQLAgent$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 EpsCe; C:\Windows\system32\Drivers\EpsCe.sys [91944 2014-06-25] (Seiko Epson Corporation)
S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [21640 2013-11-18] (SEIKO EPSON CORPORATION)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-27] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-05-07] (CACE Technologies, Inc.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation)
R3 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-03-01] (Seiko Epson Corporation)
S2 EpsCe2; \??\C:\Windows\system32\Drivers\EpsCe2.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-26 17:14 - 2016-05-26 17:15 - 00037573 ____C C:\Users\Theke\Desktop\Addition.txt
2016-05-26 17:13 - 2016-05-27 10:56 - 00029785 ____C C:\Users\Theke\Desktop\FRST.txt
2016-05-26 17:13 - 2016-05-27 10:56 - 00000000 ___DC C:\FRST
2016-05-26 17:12 - 2016-05-26 17:12 - 02383360 ____C (Farbar) C:\Users\Theke\Desktop\FRST64.exe
2016-05-19 14:35 - 2016-05-19 14:35 - 00000000 __SDC C:\Users\Theke\Documents\Meine Datenquellen
2016-05-14 17:23 - 2016-05-14 17:28 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\Hemag-CAD
2016-05-14 17:21 - 2016-05-27 10:48 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-14 17:21 - 2016-05-14 17:21 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-14 17:20 - 2016-05-14 17:20 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-05-14 17:20 - 2016-03-10 14:09 - 00064896 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-14 17:20 - 2016-03-10 14:08 - 00140672 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-14 17:20 - 2016-03-10 14:08 - 00027008 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-14 17:00 - 2016-05-14 17:52 - 00000000 ___DC C:\ProgramData\Hemag-CAD
2016-05-14 17:00 - 2016-05-14 17:00 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Hemag-CAD
2016-05-14 16:59 - 2016-05-14 17:36 - 00000722 ____C C:\Users\BigWall\Desktop\HEMAG S-CAD.lnk
2016-05-14 16:59 - 2016-05-14 17:36 - 00000722 ____C C:\Users\BigWall\Desktop\HEMAG P-CAD.lnk
2016-05-14 16:59 - 2016-05-14 16:59 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HEMAG CAD
2016-05-14 16:59 - 2016-05-14 16:59 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\dlg
2016-05-14 16:58 - 2016-05-14 16:58 - 00003864 ____C C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463237915
2016-05-14 16:58 - 2016-05-14 16:58 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Opera Software
2016-05-14 16:58 - 2016-05-14 16:58 - 00000000 ___DC C:\Users\BigWall\AppData\Local\Opera Software
2016-05-14 16:56 - 2016-05-14 16:56 - 06494208 ____C C:\Users\BigWall\AppData\Roaming\agent.dat
2016-05-14 16:56 - 2016-05-14 16:56 - 01626777 ____C C:\Users\BigWall\AppData\Roaming\Joytone.tst
2016-05-14 16:56 - 2016-05-14 16:56 - 00127488 ____C C:\Users\BigWall\AppData\Roaming\Installer.dat
2016-05-14 16:56 - 2016-05-14 16:56 - 00072717 ____C C:\Users\BigWall\AppData\Roaming\Toughdomcom.tst
2016-05-14 16:56 - 2016-05-14 16:56 - 00018432 ____C C:\Users\BigWall\AppData\Roaming\Main.dat
2016-05-13 11:32 - 2016-05-13 11:32 - 00000000 ____D C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-12 14:02 - 2016-05-12 14:03 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-05-12 14:02 - 2016-05-12 14:03 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-12 14:02 - 2016-05-12 14:03 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-05-12 14:02 - 2016-05-12 14:03 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-11 15:19 - 2016-05-11 22:44 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 15:18 - 2016-05-11 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 15:18 - 2016-05-11 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 15:18 - 2016-05-11 22:41 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 15:18 - 2016-05-11 22:41 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 15:18 - 2016-05-11 22:41 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 15:18 - 2016-05-11 22:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 15:18 - 2016-05-11 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 15:18 - 2016-05-11 22:39 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 15:18 - 2016-05-11 22:39 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 15:18 - 2016-05-11 22:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 15:18 - 2016-05-11 22:39 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 15:18 - 2016-05-11 22:39 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 15:18 - 2016-05-11 22:39 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 15:18 - 2016-05-11 22:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 15:18 - 2016-05-11 22:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 15:18 - 2016-05-11 22:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 15:18 - 2016-05-11 22:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 15:18 - 2016-05-11 22:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 15:18 - 2016-05-11 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 15:18 - 2016-05-11 22:29 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 15:18 - 2016-05-11 22:29 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-06 11:08 - 2016-05-07 10:13 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-04-30 12:32 - 2016-04-30 12:32 - 00003189 _____ C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProfiCash.exe.lnk
2016-04-30 11:33 - 2016-04-30 11:33 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-04-30 11:06 - 2016-04-30 11:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe
2016-04-30 11:06 - 2016-04-30 11:06 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftsrch.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\ftsrch.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx041e.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\ftlx041e.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx0411.dll
2016-04-30 11:06 - 2016-04-30 11:06 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\ftlx0411.dll
2016-04-29 10:34 - 2016-04-29 10:34 - 00001651 ____C C:\Users\Theke\Desktop\Pegasus.LNK
2016-04-28 20:56 - 2016-04-28 20:56 - 00000000 ____D C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pegasus Mail

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-27 10:52 - 2009-07-14 06:45 - 00031600 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 10:52 - 2009-07-14 06:45 - 00031600 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 10:43 - 2014-04-15 20:58 - 00765264 ____C C:\Windows\system32\perfh007.dat
2016-05-27 10:43 - 2014-04-15 20:58 - 00174254 ____C C:\Windows\system32\perfc007.dat
2016-05-27 10:43 - 2009-07-14 07:13 - 01805518 ____C C:\Windows\system32\PerfStringBackup.INI
2016-05-27 10:43 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\inf
2016-05-27 10:39 - 2014-11-10 19:35 - 00000000 __RDC C:\Users\Theke\Dropbox
2016-05-27 10:37 - 2014-04-15 13:52 - 00000000 ___DC C:\ProgramData\NVIDIA
2016-05-27 10:37 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-05-26 19:12 - 2015-04-04 19:07 - 00000000 __SDC C:\Windows\SysWOW64\GWX
2016-05-26 19:12 - 2015-04-04 19:07 - 00000000 __SDC C:\Windows\system32\GWX
2016-05-26 15:20 - 2015-06-07 10:45 - 00000000 ___DC C:\Users\BigWall\AppData\Local\NETGEARGenie
2016-05-26 11:06 - 2014-04-17 18:50 - 00002246 ____H C:\Users\Theke\Documents\Default.rdp
2016-05-26 11:00 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\system32\FxsTmp
2016-05-24 21:39 - 2014-12-13 12:22 - 00000000 ___DC C:\Program Files (x86)\TeamViewer
2016-05-24 13:48 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-20 13:44 - 2015-12-01 11:08 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 04:06 - 2016-03-05 16:22 - 00000977 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-14 18:21 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\system
2016-05-14 18:08 - 2015-06-18 13:57 - 00001224 ____C C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA.job
2016-05-14 17:54 - 2014-12-27 11:53 - 00003886 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-14 17:38 - 2014-09-27 09:58 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-14 17:37 - 2016-01-20 18:38 - 00000735 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2016-05-14 17:37 - 2015-08-28 13:28 - 00000912 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2016-05-14 17:37 - 2015-07-23 13:50 - 00002181 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-14 17:37 - 2015-07-23 13:50 - 00001153 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-14 17:37 - 2015-03-25 11:59 - 00000769 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-05-14 17:37 - 2014-07-04 10:27 - 00002453 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2016-05-14 17:37 - 2014-07-04 10:27 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2016-05-14 17:37 - 2014-07-04 10:18 - 00001091 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-05-14 17:37 - 2014-07-04 10:15 - 00000991 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-05-14 17:37 - 2014-06-25 15:09 - 00002079 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2016-05-14 17:37 - 2014-06-25 15:08 - 00002061 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2016-05-14 17:37 - 2014-04-15 16:34 - 00002471 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-05-14 17:37 - 2014-04-15 16:33 - 00002507 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-14 17:37 - 2014-04-15 16:13 - 00002111 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-05-14 17:37 - 2014-04-15 13:09 - 00001421 ____C C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-14 17:37 - 2014-04-15 11:01 - 00001333 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-14 17:37 - 2014-04-15 11:01 - 00001314 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-14 17:37 - 2009-07-14 07:01 - 00001282 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-14 17:37 - 2009-07-14 06:57 - 00001535 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-14 17:37 - 2009-07-14 06:57 - 00001318 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-14 17:37 - 2009-07-14 06:57 - 00001234 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-14 17:37 - 2009-07-14 06:54 - 00001198 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-14 17:37 - 2009-07-14 06:49 - 00001266 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-14 17:36 - 2016-02-12 15:28 - 00000727 ____C C:\Users\BigWall\Desktop\MagicISO.lnk
2016-05-14 17:36 - 2014-09-29 14:37 - 00000695 ____C C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Start Menu\Profi cash.lnk
2016-05-14 17:36 - 2014-04-17 18:40 - 00000813 ____C C:\Users\BigWall\Desktop\Pegasus Mail.LNK
2016-05-14 17:36 - 2014-04-17 15:55 - 00000640 ____C C:\Users\BigWall\Desktop\MagicDaSi.lnk
2016-05-14 17:36 - 2014-04-17 15:46 - 00000624 ____C C:\Users\BigWall\Desktop\Tools.lnk
2016-05-14 17:36 - 2014-04-17 15:46 - 00000616 ____C C:\Users\BigWall\Desktop\MagicLine.lnk
2016-05-14 17:35 - 2014-04-17 18:12 - 00000000 ___DC C:\Users\Theke
2016-05-14 17:25 - 2014-07-01 15:21 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-14 17:06 - 2015-07-09 21:24 - 00000000 ____D C:\Users\Theke\AppData\Local\CrashDumps
2016-05-14 17:06 - 2014-04-15 16:13 - 00254168 ____C C:\Users\BigWall\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-14 16:57 - 2014-04-17 18:12 - 00001451 _____ C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-14 16:19 - 2015-06-18 13:57 - 00001172 ____C C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core.job
2016-05-14 14:35 - 2014-07-01 15:21 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 16:38 - 2014-09-27 09:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 16:38 - 2014-06-25 09:45 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 16:38 - 2014-06-25 09:45 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 11:32 - 2014-11-10 19:31 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\Dropbox
2016-05-12 21:12 - 2014-12-11 14:38 - 00000000 ___DC C:\Windows\system32\appraiser
2016-05-12 13:55 - 2009-07-14 06:45 - 05524632 ____C C:\Windows\system32\FNTCACHE.DAT
2016-05-12 13:54 - 2010-11-21 09:16 - 00000000 ___DC C:\Program Files\Windows Journal
2016-05-11 22:38 - 2014-04-15 13:34 - 00000000 ___DC C:\Windows\system32\MRT
2016-05-11 22:29 - 2014-04-15 13:34 - 139319312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 14:20 - 2014-07-01 15:21 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 14:20 - 2014-07-01 15:21 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-07 19:06 - 2015-06-07 10:45 - 00369168 ____C (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2016-05-07 19:06 - 2015-06-07 10:45 - 00281104 ____C (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2016-05-07 19:06 - 2015-06-07 10:45 - 00106000 ____C (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2016-05-07 19:06 - 2015-06-07 10:45 - 00096784 ____C (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2016-05-07 19:06 - 2015-06-07 10:45 - 00035344 ____C (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2016-05-07 10:13 - 2014-06-25 09:44 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-04 14:42 - 2014-04-17 18:12 - 00254168 _____ C:\Users\Theke\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-02 13:40 - 2014-04-15 13:08 - 00000000 ___DC C:\Users\BigWall
2016-04-30 12:24 - 2014-10-09 13:42 - 00000000 ___DC C:\ProgramData\Oracle
2016-04-30 11:22 - 2016-01-30 11:26 - 00097856 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-30 11:22 - 2015-10-11 10:33 - 00000000 ___DC C:\Users\Theke\.oracle_jre_usage
2016-04-30 11:22 - 2015-10-11 10:32 - 00000000 ___DC C:\Users\BigWall\.oracle_jre_usage
2016-04-30 11:22 - 2015-10-11 10:32 - 00000000 ___DC C:\Program Files (x86)\Java
2016-04-30 11:22 - 2014-10-22 08:42 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-30 11:19 - 2014-04-17 18:39 - 00990275 ____C C:\Windows\unins000.exe
2016-04-30 11:19 - 2014-04-17 18:39 - 00041340 ____C C:\Windows\unins000.dat
2016-04-29 11:34 - 2014-08-05 16:02 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\VMware
2016-04-28 20:58 - 2014-07-26 11:42 - 00000000 ___DC C:\Users\BigWall\AppData\Local\Vidalia
2016-04-28 20:57 - 2014-07-26 11:42 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\tor

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-05-14 16:56 - 2016-05-14 16:56 - 6494208 ____C () C:\Users\BigWall\AppData\Roaming\agent.dat
2016-05-14 16:56 - 2016-05-14 16:56 - 0127488 ____C () C:\Users\BigWall\AppData\Roaming\Installer.dat
2016-05-14 16:56 - 2016-05-14 16:56 - 1626777 ____C () C:\Users\BigWall\AppData\Roaming\Joytone.tst
2016-05-14 16:56 - 2016-05-14 16:56 - 0018432 ____C () C:\Users\BigWall\AppData\Roaming\Main.dat
2016-05-14 16:56 - 2016-05-14 16:56 - 0072717 ____C () C:\Users\BigWall\AppData\Roaming\Toughdomcom.tst

Einige Dateien in TEMP:
====================
C:\Users\BigWall\AppData\Local\Temp\ose00000.exe
C:\Users\Theke\AppData\Local\Temp\CIB166F.tmp.exe
C:\Users\Theke\AppData\Local\Temp\CIB1FFE.tmp.exe
C:\Users\Theke\AppData\Local\Temp\CIB75CE.tmp.exe
C:\Users\Theke\AppData\Local\Temp\CIB9BE7.tmp.exe
C:\Users\Theke\AppData\Local\Temp\CIBC477.tmp.exe
C:\Users\Theke\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Theke\AppData\Local\Temp\ose00000.exe
C:\Users\Theke\AppData\Local\Temp\PureSyncInst.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-09 12:23

==================== Ende von FRST.txt ============================
         

Alt 27.05.2016, 10:30   #9
Rik74
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
durchgeführt von BigWall (2016-05-27 11:26:17)
Gestartet von C:\Users\Theke\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-04-15 11:08:46)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-496564312-1949498514-2425945064-500 - Administrator - Disabled)
BigWall (S-1-5-21-496564312-1949498514-2425945064-1000 - Administrator - Enabled) => C:\Users\BigWall
Gast (S-1-5-21-496564312-1949498514-2425945064-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-496564312-1949498514-2425945064-1011 - Limited - Enabled)
Theke (S-1-5-21-496564312-1949498514-2425945064-1001 - Limited - Enabled) => C:\Users\Theke

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.5 - Sereby Corporation)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.4.1 - Angry IP Scanner)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Berker TS RTR Plugin 0.0.1.0 (HKLM-x32\...\{E11AC1A7-2F59-4911-90ED-E0B55D2101D6}) (Version: 0.0.1.0 - Berker GmbH & Co. KG)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bully Dog Update Agent (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\87038f485ccfb0f5) (Version: 1.1.7.8 - Bully Dog Technologies)
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.2.1 - Nikon Corporation)
CIB pdf brewer (HKLM\...\{230C73B3-78DF-4201-AC19-7BEE33311621}) (Version: 2.7.0002 - CIB software GmbH)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Dropbox (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.1.0.100 - EasternGraphics)
EPSON Advanced Printer Driver 4 (HKLM-x32\...\{11FF6AF6-0141-4EF8-829A-989459A1E5D8}) (Version: 4.55.0400 - SEIKO EPSON CORPORATION)
EPSON APD4 Point and Print Support (x32 Version: 4.55.0400 - SEIKO EPSON CORPORATION) Hidden
EPSON Port Communication Service (HKLM\...\{41D2226A-AD7F-423E-A85C-A09FBD4B53DE}) (Version: 3.9.0 - SEIKO EPSON CORPORATION)
EPSON TM Coupon Package (HKLM-x32\...\{60ED98A7-BE97-4F26-B32E-5087337C6044}) (Version: 1.20.0000 - Seiko Epson Corporation) <==== ACHTUNG
EPSON TM Virtual Port Driver Ver.8.30b (HKLM-x32\...\{3D7277B3-B0BE-497C-A626-55F063254B5B}) (Version: 8.30.0000 - SEIKO EPSON CORPORATION)
Fakturama 1.6.8 (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\5723-2630-1175-8368) (Version: 1.6.8 - Fakturama.org)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
GDR 4042 für SQL Server 2008 R2 (KB3045313) (64-bit) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.)
Hager TR131 - Berker 8505 01 00 Plug-In (HKLM-x32\...\{C30F8D97-FB69-4EB5-A6D4-A89B27DF167E}) (Version: 1.1.0 - Hager Group)
HEMAG CAD (HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\HEMAG CAD 4.0) (Version: 4.0 - Heinz Martin AG)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
InstPortMon (x32 Version: 1.3.0.0 - InstPortMon) Hidden
iSpy (64 bit) (HKLM\...\{4C5C6F38-E560-4A88-8F68-735D7A258F28}) (Version: 6.5.1.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{122ec9b4-1264-45d8-b64c-b73493549025}) (Version: 6.5.1.0 - DeveloperInABox)
IZArc 4.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.2 - Ivan Zahariev)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
KG-819 (HKLM-x32\...\KG-819V2.00) (Version: V2.00 - Quanzhou Wouxun Electronics Co.£¬Ltd. Right)
KM-NET Remote Operation Panel (HKLM-x32\...\{7325D304-E5D4-11D3-A677-00C04FC337BE}) (Version:  - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
KNX eteC Falcon Runtime v2.1 (x32 Version: 2.1.5213.27900 - KNX Association cvba) Hidden
KNX ETS4 (HKLM-x32\...\KNX ETS4) (Version: 4.1.3614.46489 - KNX Association cvba)
KNX ETS4 (x32 Version: 4.1.3614.46489 - KNX Association cvba) Hidden
KNX ETS4 Additional Runtime (x32 Version: 4.0.0.0 - KNX Association cvba) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Magicline - Client - Installation (HKLM-x32\...\{E40C9183-4FB7-11DB-9529-000C6E0CFD35}) (Version: 8.50.0000 - Studioline Schulz und Lorenzen KG)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{D9473D19-26F1-4B91-BBAC-4089CB41BC48}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{B2213E4E-F502-4D36-BE95-9293C866EF3F}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 37.0.2178.43 (HKLM-x32\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.308.2 - Tracker Software Products (Canada) Ltd.)
Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version:  - David Harris)
Pegasus Mail HTML Renderer 2.4.9.9 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Pegasus Mail v4.72 Release 1, Build 572 (Deutsche Komplettversi (HKLM-x32\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version:  - Sven Henze)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.1.1 - Nikon Corporation)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
PL-2303HXD Vista Driver Installer (HKLM-x32\...\{503C86BF-22CB-4806-B2AE-AA79DFD8BA35}) (Version: 3.0.0.1 - Prolific Technology Inc.)
Profi cash (HKLM-x32\...\Profi cash) (Version:  - )
PureSync (x32 Version: 4.1.0 - Jumping Bytes) Hidden
PureSync 4.1.0 (HKLM-x32\...\PureSync) (Version: 4.1.0 - Jumping Bytes)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scanner File Utility (HKLM-x32\...\{2CA99244-798C-11D6-AF02-0010B5A02D6F}) (Version: 4.11.03 - )
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SketchUp 2014 (HKLM-x32\...\{9E620BD5-AEEC-492D-9065-D71FCD4C52F1}) (Version: 14.1.1282 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SolarWinds Active Diagnostics 1.1.0.230 (HKLM-x32\...\{B8FB6695-3797-4DAA-B113-13CB8BBEF9C7}) (Version: 1.1.0.230 - SolarWinds, Inc.)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{F4264106-F90E-4076-98CF-1B878DB14513}) (Version: 10.0.1600.22 - Microsoft Corporation)
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
SuperMailer 8.01 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 8.01 - Mirko Boeer Softwareentwicklungen)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
TextPad 7 (HKLM\...\{F5AF1DA4-4929-4BFA-B948-7BDD98A5405F}) (Version: 7.3.0 - Helios)
Tor 0.2.4.22 (HKLM-x32\...\Tor) (Version:  - )
TrayStatus 1.2.3 (HKLM-x32\...\d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1) (Version: 1.2.3.0 - Binary Fortress Software)
Vidalia 0.2.21 (HKLM-x32\...\Vidalia) (Version:  - )
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.1557 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.)
WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> D:\Programme\TextPad\System\shellext64.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0156C57F-19B6-4D60-968B-A1A560009C2B} - kein Dateipfad
Task: {1BA50406-2782-4AB4-86B5-57FFDA8EABF6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2536D31F-5BA6-4929-BF5B-7C80157B1D55} - System32\Tasks\Opera scheduled Autoupdate 1463237915 => C:\Program Files (x86)\Opera\launcher.exe
Task: {36697B45-F91B-4AEB-8B2C-B5B0D4B21CA4} - System32\Tasks\AutoPico Daily Restart => d:\Programme\KMSpico\AutoPico.exe [2015-08-16] (@ByELDI)
Task: {42022E71-177B-419F-BA55-2DC04DA82D48} - System32\Tasks\{05A95BC9-1363-43EF-AF4D-6104D68E6F53} => pcalua.exe -a "C:\Users\BigWall\AppData\Local\Temp\Temp1_Visu_Version_43.zip\Version 4.3\Setup.exe"
Task: {46D21548-6B37-4331-A32A-209EC09CC502} - System32\Tasks\{DC8E7AFD-49B9-4797-B1E0-C39D115E6086} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain
Task: {49967A8E-D427-400D-A875-14D920BA7F9E} - kein Dateipfad
Task: {4C00A8E8-9B03-46BA-82D2-CD0BC1B8811D} - kein Dateipfad
Task: {64125A1C-6A67-4F47-AF96-6800765584A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {6C1A6ED9-C12D-4E8A-9058-BA024699F5C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {76665B5F-090F-498B-8175-FC1AD68040FF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {861BB689-DED5-43A0-9AF8-2D377C217591} - kein Dateipfad
Task: {C587B278-05EF-4A95-A571-C73BC4E95E57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D0855C12-0738-4134-B89A-9CB536A3E06C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {E2BDAC0B-4145-43C3-BC63-0B1D87E9AC53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F422E66C-4BAF-4F4B-B2A0-7C5803E4F567} - System32\Tasks\{82D122E8-AA86-4958-9426-4DD200739127} => E:\setup.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core.job => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA.job => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-04-15 13:52 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () D:\Programme\FileZilla FTP Client\fzshellext_64.dll
2015-12-12 12:50 - 2012-07-20 14:39 - 02469888 _____ () D:\Programme\IZArc\IZArcCM64.dll
2014-06-25 13:28 - 2000-11-09 11:17 - 00190464 _____ () D:\Programme\TriumphAdler\ScannerUtility\HgTiff2Pdf.dll
2015-09-24 17:41 - 2015-09-24 17:41 - 00019968 _____ () D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-09-24 17:41 - 2015-09-24 17:41 - 00105984 _____ () D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
2015-12-11 13:30 - 2016-04-19 21:47 - 00034768 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-05-13 11:32 - 2016-04-19 21:48 - 00019408 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-05-13 11:32 - 2016-04-19 21:47 - 00116688 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 13:30 - 2016-04-19 21:47 - 00093640 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 13:30 - 2016-04-19 21:47 - 00018376 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 13:30 - 2016-05-07 00:35 - 00019760 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00105928 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-05-13 11:32 - 2016-04-19 21:47 - 00392144 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 13:30 - 2016-05-07 00:35 - 00381752 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 13:30 - 2016-04-19 21:47 - 00692688 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00020816 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 13:30 - 2016-04-19 21:48 - 00121296 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 01682760 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00020808 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 13:30 - 2016-05-07 00:35 - 00021840 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00038696 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-05-13 11:32 - 2016-04-19 21:49 - 00020936 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00024528 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00114640 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00124880 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-12 17:10 - 2016-05-07 00:35 - 00021832 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00175560 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00030160 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00043472 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00028616 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00048592 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00026456 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00057808 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00117056 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00052024 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 13:30 - 2016-04-19 21:47 - 00134608 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-05-13 11:32 - 2016-04-19 21:47 - 00134088 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-05-13 11:32 - 2016-04-19 21:48 - 00240584 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-02-12 17:10 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 17:10 - 2016-05-07 00:35 - 00021824 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 17:10 - 2016-05-07 00:35 - 00019776 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-12 17:10 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00024392 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-05-13 11:32 - 2016-04-19 21:50 - 00036296 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\librsync.dll
2016-05-13 11:32 - 2016-05-07 00:34 - 00020280 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 13:30 - 2016-05-07 00:35 - 00023376 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00350152 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-12 17:10 - 2016-05-07 00:35 - 00022352 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00084280 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-05-13 11:32 - 2016-05-07 00:34 - 01826096 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 13:30 - 2016-04-19 21:48 - 00083912 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\sip.pyd
2016-05-13 11:32 - 2016-05-07 00:35 - 03928880 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 01971504 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00531248 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-05-13 11:32 - 2016-05-07 00:35 - 00132912 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-05-13 11:32 - 2016-05-07 00:35 - 00223544 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-05-13 11:32 - 2016-05-07 00:34 - 00207672 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 13:30 - 2016-04-19 21:49 - 00060880 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32print.pyd
2015-12-11 13:30 - 2016-05-07 00:35 - 00024904 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-05-13 11:32 - 2016-05-07 00:35 - 00546096 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-05-13 11:32 - 2016-05-07 00:35 - 00357680 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
1999-04-26 22:00 - 1999-04-26 22:00 - 00377856 _____ () C:\Windows\SysWOW64\TX32.DLL
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-30 10:45 - 2016-03-29 09:53 - 00670408 _____ () \\mailserver\PMAIL\Programs\tcpip.dll
2016-04-30 10:44 - 2014-02-12 03:43 - 00643948 _____ () \\mailserver\PMAIL\Programs\sqlite3.dll
2016-04-30 10:45 - 2013-06-28 16:39 - 00557568 _____ () \\mailserver\PMAIL\Programs\DICT.RLO

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\petzldealer.com -> hxxps://www.petzldealer.com

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2014-07-04 11:25 - 00002831 ___AC C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

Da befinden sich 34 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-496564312-1949498514-2425945064-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 212.37.37.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: TeamViewer9 => 2

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{2AF505A6-FD82-4E5D-BECC-8BACD281B4FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B732E66-00C9-44FC-83E6-3B65C42394DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E92CF607-CF51-43A4-8028-008ACB195E89}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE523324-55BB-4AE4-A5EC-8C96545B54BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D5675ABB-915F-4C4E-B5AD-BEBA6CC79466}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe
FirewallRules: [{489C99D0-75B8-4621-A4BA-D187EE25676E}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe
FirewallRules: [{7C93B7F1-5FE2-4577-8831-EABCE06C4FCD}] => (Block) D:\Programme\Adobe\Photoshop CS2\Photoshop.exe
FirewallRules: [{A252E2D6-8687-4079-9E5C-7DBCFCB50987}] => (Block) D:\Programme\Adobe\Photoshop CS2\ImageReady.exe
FirewallRules: [{5483C2D1-DBB0-46F2-9219-4B6BDCD4C0D1}] => (Block) E:\VOLKSWAGEN\Keygen.exe
FirewallRules: [{D24A7F60-05E0-4201-840B-395D607B3D1E}] => (Allow) D:\Programme\TriumphAdler\ScannerUtility\NsCatConf.exe
FirewallRules: [{2F390EDC-EC39-445D-923D-CC1E4DB68672}] => (Allow) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe
FirewallRules: [{18E008FA-D8D2-4C86-854E-31010171471C}] => (Allow) D:\Programme\Adobe\CS6\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{618B0A4D-6057-48AB-84DB-2C3E0E0BEE73}] => (Allow) D:\Programme\Adobe\CS6\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{86E75673-2560-4B66-BB59-F9C1DC40FC50}] => (Allow) LPort=7935
FirewallRules: [{4E0CDC5B-0F52-4967-888C-B5A3D1E95808}] => (Block) C:\Program Files (x86)\ETS4\ETS4.exe
FirewallRules: [TCP Query User{46E1C863-2B72-40B2-88F2-83A7B5B3073A}D:\programme\vidalia bridge bundle\tor\tor.exe] => (Allow) D:\programme\vidalia bridge bundle\tor\tor.exe
FirewallRules: [UDP Query User{F0E7EFF3-36C2-4253-9246-3703460A6B1F}D:\programme\vidalia bridge bundle\tor\tor.exe] => (Allow) D:\programme\vidalia bridge bundle\tor\tor.exe
FirewallRules: [TCP Query User{9E0B22FC-5921-4A83-9D93-6348D240433E}E:\advanced\autorun.exe] => (Allow) E:\advanced\autorun.exe
FirewallRules: [UDP Query User{4C2169F9-71F6-4197-AFCD-F45FB3B065FA}E:\advanced\autorun.exe] => (Allow) E:\advanced\autorun.exe
FirewallRules: [{CE1715D7-3622-4AF0-84F2-3132919AEA2C}] => (Allow) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BE84BABE-DC31-4622-9AEC-802B76B9D0B7}] => (Allow) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6131C880-C76E-468D-86B6-FD61373BA71E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B784CA0-A0CF-4F4C-995D-93908687B91D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{85F4C43F-FA8C-409C-8AAD-F07FA5F002BE}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{67A4F906-DE22-4AAA-B2CF-6A291C4A7B3A}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{F0F9A621-96C0-4D38-B926-3ADA1E7FF6C3}\\mailserver\pmail\programs\winpm-32.exe] => (Allow) \\mailserver\pmail\programs\winpm-32.exe
FirewallRules: [UDP Query User{602D4885-E883-4AEB-A8C2-8E36933DEED1}\\mailserver\pmail\programs\winpm-32.exe] => (Allow) \\mailserver\pmail\programs\winpm-32.exe
FirewallRules: [TCP Query User{501707A5-E750-40A4-9B2E-56E6A7DB6485}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2DF280B3-F7AF-40A7-B3B7-DD80125A0C40}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F251C477-55FA-470B-AEFE-3C321C1BA986}D:\programme\netgear genie\bin\netgeargenie.exe] => (Allow) D:\programme\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{542A6A53-843B-4BA7-BD40-96627228F5E2}D:\programme\netgear genie\bin\netgeargenie.exe] => (Allow) D:\programme\netgear genie\bin\netgeargenie.exe
FirewallRules: [{56F7E30C-A277-4F0F-AFDA-0233C3E55B8F}] => (Allow) LPort=1688
FirewallRules: [{91A8F7B3-A2C1-4FA3-8A3D-2A38F0FDAFF9}] => (Allow) D:\Programme\KMSpico\Service_KMS.exe
FirewallRules: [{2FCA0C05-9E95-4FED-9C20-50DB52C40863}] => (Allow) D:\Programme\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{C20CEFF4-3B10-4E41-9AC3-856F4D9115C9}D:\programme\netgear genie\bin\netgeargenie.exe] => (Block) D:\programme\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{308204A6-74A7-4655-A08C-36E192BF7E64}D:\programme\netgear genie\bin\netgeargenie.exe] => (Block) D:\programme\netgear genie\bin\netgeargenie.exe
FirewallRules: [{C59A5CAB-1029-4BB9-8175-F5BB1121DAD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{531C66F8-2593-4160-8241-6079B2152AD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{6CB8C93F-1C54-4BB9-B739-1120AA23CFFD}D:\programme\superscan\superscan4.1.exe] => (Allow) D:\programme\superscan\superscan4.1.exe
FirewallRules: [UDP Query User{0801E5DD-D24F-491E-930F-D74F93CD2121}D:\programme\superscan\superscan4.1.exe] => (Allow) D:\programme\superscan\superscan4.1.exe
FirewallRules: [TCP Query User{F4A24CB2-F064-494C-998C-AADBF499F8AC}D:\programme\ispy\ispy.exe] => (Allow) D:\programme\ispy\ispy.exe
FirewallRules: [UDP Query User{815CAEE5-3C5F-4A37-B242-98284E8F92BE}D:\programme\ispy\ispy.exe] => (Allow) D:\programme\ispy\ispy.exe
FirewallRules: [{E198830E-7026-4913-BC91-BB84177C1E90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BBE6B44A-6A29-4A2C-8798-0CC6A5CA4F88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DB5B5E0-7968-4583-A394-379B219F8492}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C8DCA76B-6F71-4709-A6D5-C37A0939B46B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E5914E6A-FDA3-4756-96FA-7B6BE214A6AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/27/2016 10:39:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2016 03:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 3.3.168.192.in-addr.arpa. PTR ThekeWin7.local.

Error: (05/26/2016 03:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.3.3:5353   19 3.3.168.192.in-addr.arpa. PTR ThekeWin7-2.local.

Error: (05/26/2016 10:57:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2016 01:37:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2016 01:50:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2016 01:48:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ThekeWin7.local already in use; will try ThekeWin7-2.local instead

Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 ThekeWin7.local. Addr 192.168.3.3

Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.3.3:5353   16 ThekeWin7.local. AAAA FD00:0000:0000:0000:48BB:2BE1:1267:8EDF


Systemfehler:
=============
Error: (05/27/2016 10:48:52 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/27/2016 10:38:53 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/27/2016 10:37:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WebDiscover Browser Startup Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/27/2016 10:37:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "EPSON PCS Parallel Port Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (05/27/2016 10:37:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "EpsCe2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/27/2016 10:37:18 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (05/27/2016 10:37:18 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (05/26/2016 07:05:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/26/2016 12:44:59 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/26/2016 10:56:28 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


==================== Speicherinformationen =========================== 

Prozessor: AMD FX(tm)-4130 Quad-Core Processor 
Prozentuale Nutzung des RAM: 58%
Installierter physikalischer RAM: 4079.23 MB
Verfügbarer physikalischer RAM: 1678.77 MB
Summe virtueller Speicher: 8156.64 MB
Verfügbarer virtueller Speicher: 5552.28 MB

==================== Laufwerke ================================

Drive c: (System) (Fixed) (Total:59.62 GB) (Free:1.26 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.41 GB) (Free:705 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0004FDE0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 59.6 GB) (Disk ID: 00085727)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Von einer gecrackten Softrware auf meinem Rechner weiß ich nichts...

Alt 27.05.2016, 11:22   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Kannst du bitte meine Posting lesen?
Ist das jetzt ein gewerblich genutztes System oder nicht?

Zitat:
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
Da ist auch noch Adobe Software gecrackt neben dem "Volkswagen" Keygen und gecrackter Microsoft Software
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2016, 11:56   #11
Rik74
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



ja, es ist ein gewerblicher Rechner, aber ne IT-Abteilung haben wir nicht, die bin ich so weit wie es geht selber... ;(

Alt 27.05.2016, 12:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Ahja ok. Aber bevor es hier Support gibt liest du mal das => http://www.trojaner-board.de/108423-...-anfragen.html

Denn wir löschen nachträglich keine Logfiles auch wenn dein Chef vllt später meint das müssen wir tun

UND: sämtliche gecrackte Software muss runter!

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.05.2016, 10:45   #13
Rik74
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Moin Cosinuns,

soweit mir bekannt, haben wir keine gecrackte Software auf dem Rechner...

Gruß und Danke
Rik

Alt 29.05.2016, 20:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



1. KMSpico => bekannter Office-Crack
2. Einträge in der hosts Datei für Adobe, damit kein Kontakt zu den Adobe-Servern mehr hergestellt werden. Auch typisch für gecrackte Software
3. Volkswagen Keygen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.05.2016, 20:18   #15
Rik74
 
seltsame Browser-Startseite ""http://www.%snf%.com/" - Standard

seltsame Browser-Startseite ""http://www.%snf%.com/"



Hi Kosinus,

Danke für Deine Antwort, ich werde dem mal nachgehen. Office nutzen wir schon lange nicht mehr, entweder Lieber-Office oder OpenOffice, Adobe wird nur der Reader verwendet und dieser Volkswagen Keygen sagt mir auch nichts...
Danke!

Antwort

Themen zu seltsame Browser-Startseite ""http://www.%snf%.com/"
andere, definitiv, eingefangen, einstellungen, eurer, feiertag, feststellen, firefox, folge, folgender, gefangen, gen, gestellt, meinung, rechner, schöne, schönen, seite, seltsame, startseite, stelle, tagen, zusammen, öffnet



Ähnliche Themen: seltsame Browser-Startseite ""http://www.%snf%.com/"


  1. Plötzlich Software "picexa.exe" installiert, "delta-homes.com" als Startseite in sämtlichen Browsern
    Log-Analyse und Auswertung - 10.04.2015 (11)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Startseite "http://search.conduit.com"
    Plagegeister aller Art und deren Bekämpfung - 15.04.2014 (11)
  4. Tab mit "http://rvzr-a.akamaihd.net" öffnen sich im Browser
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (49)
  5. Ungwollte Startseite/Suchmaschine: " http://www.searchnu.com/413" - wie entferne ich das?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2013 (11)
  6. Ungewollte Startseite bei Chrome: " http://wisersearch.com/?channel=de_nt" - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (17)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. ohne mein zutun wird "http://wisersearch.com/?channel=de" als Startseite ausgeführt.
    Log-Analyse und Auswertung - 26.09.2013 (19)
  9. Startseite "http://www.searchnu.com/406" beim öffnen von Chrome
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (19)
  10. Startseite " http://www.searchnu.com/406 " bei CHROME
    Log-Analyse und Auswertung - 29.10.2012 (14)
  11. Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden
    Log-Analyse und Auswertung - 02.04.2012 (28)
  12. Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData"
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (1)
  13. ungewollte startseite "http://www.searchqu.com/410"
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (11)
  14. als startseite erscheint "http://www.searchqu.com/410"
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (10)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)

Zum Thema seltsame Browser-Startseite ""http://www.%snf%.com/" - Tag zusammen, erstmal Euch nen schönen Feiertag gewünscht! Ich habe gerade das Gefühl, das sich mein Rechner was eingefangen hat. Seit ein paar Tagen muss ich feststellen, das sich der - seltsame Browser-Startseite ""http://www.%snf%.com/"...
Archiv
Du betrachtest: seltsame Browser-Startseite ""http://www.%snf%.com/" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.