Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste

mayer · 27.01.2015, 20:25

Hallo

ich brauche mal wieder Euren fachmännischen Rat und evtl. Eure geschätzte Hilfe:

Mein PC stürzte heute mehrfach ab mit Bluescreen "Driver equal...".
Systemwiederherstellung brachte nicht die gewünschte Wiederherstellung.
Auffällig ist seitdem:
+ eine hohe CPU-Tätigkeit ohne dass eigentlich gearbeitet wird (30-50%), ebenso eine Auslastung des Arbeitsspeichers von fast 6GB ohne großartige Tätigkeit
+ verantwortlich dafür zig Explorer.exe-Prozesse teils in GB-Größe ebenso viele svhost-Dienste/Prozesse
+ dann wollte ich Malwarebytes laufen lassen: keine Reaktion. Programm startet nicht mehr, Deinstallation, dann lässt es sich zwar downloaden, aber nicht mehr installieren (ohne Fehlermeldung); ebenso Euer MBAM Clean Tool, lässt sich nicht installieren.

"IRGENDWAS" scheint das System zu blocken und zu missbrauchen.
Kennt Ihr die Symptome und gibt´s eine Lösung?

Herzlichen Dank für etwaige Tipps.

Nachfolgend schon mal FRST Log

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by michl (administrator) on MICHL-PC on 27-01-2015 20:12:18
Running from F:\FIX SCHUTZ
Loaded Profiles: michl (Available profiles: michl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() D:\radio streams\Tobit Radio.fx\Server\rfx-server.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(Tobit.Software) D:\radio streams\Tobit Radio.fx\Client\rfx-tray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(LG Electronics) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
() C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\SmartHookTestApp.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377640 2009-05-15] (Acronis)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-13] (Crawler.com)
HKLM\...\Run: [360sd] => C:\PROGRAM FILES\360\360 INTERNET SECURITY\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4393112 2009-05-15] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962640 2009-05-15] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [rfxsrvtray] => d:\Radio Streams\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\MountPoints2: E - E:\setup.exe /AUTORUN
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\MountPoints2: {73b8dbca-35ab-11e1-b6f0-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk
ShortcutTarget: Dual Package.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} ->  No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2836387523-2242442364-2255310912-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Avira Browser Safety - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\abs@avira.com [2014-11-05]
FF Extension: Snap.Do  - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{444cfd05-5764-4bc4-8e89-417723e7621f} [2013-07-11]
FF Extension: DownloadHelper - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-12]
FF Extension: Flash and Video Download - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-08-05]
FF Extension: printpdf - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\printpdf@pavlov.net.xpi [2014-03-10]
FF Extension: DownThemAll! - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com
FF Extension: No Name - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\michl\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 360rp; C:\PROGRAM FILES\360\360 INTERNET SECURITY\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [2449592 2014-11-12] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Radio.fx; d:\Radio Streams\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware) [File not signed]
S3 scan; C:\PROGRAM FILES\360\360 INTERNET SECURITY\scan.dll [420424 2014-04-25] (S.C. BitDefender S.R.L)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-13] (Crawler.com)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19968 2011-02-11] () [File not signed]
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-02-04] (Windows (R) Win 7 DDK provider)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2012-01-18] (Acronis)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)
S3 SANDRA; \??\C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA LITE 2013.SP4\WNT500X64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 19:34 - 2015-01-27 19:41 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-01-27 19:34 - 2015-01-27 19:34 - 00000000 ____D () C:\Users\michl\AppData\Local\SecTaskMan
2015-01-27 17:49 - 2015-01-27 17:49 - 01233116 _____ () C:\Windows\system32\CFG1825226089
2015-01-27 15:03 - 2015-01-27 19:12 - 00000000 ____D () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-27 13:04 - 2015-01-27 13:04 - 00000000 ____D () C:\Users\michl\AppData\Local\{1EC9D653-8571-4EFF-B1BB-065BC6A64CCA}
2015-01-27 01:04 - 2015-01-27 01:04 - 00000000 ____D () C:\Users\michl\AppData\Local\{76574F3D-BA67-4C0A-A757-3ACB490F3E46}
2015-01-26 13:03 - 2015-01-26 13:03 - 00000000 ____D () C:\Users\michl\AppData\Local\{B4D20EAA-6BE4-40A9-9E00-1097DE3C4364}
2015-01-25 23:52 - 2015-01-25 23:52 - 00000000 ____D () C:\Users\michl\Documents\OneNote-Notizbücher
2015-01-25 15:27 - 2015-01-25 15:27 - 00000000 ____D () C:\Users\michl\AppData\Local\{C5286E2C-C3DD-48DC-ABF5-753E83D0E805}
2015-01-24 18:47 - 2015-01-24 18:47 - 00000000 ____D () C:\Users\michl\AppData\Local\{89C399CC-7CD0-47FF-B074-B40CED9DB21F}
2015-01-23 13:12 - 2015-01-23 13:12 - 00000000 ____D () C:\Users\michl\AppData\Local\{78F7CAC5-C179-437C-A0C8-7E258217521F}
2015-01-23 00:40 - 2015-01-23 00:40 - 00000000 ____D () C:\Users\michl\AppData\Local\{79214486-8019-4526-ADD4-C8D41BB7C0E6}
2015-01-22 10:01 - 2015-01-22 10:01 - 00000000 ____D () C:\Users\michl\AppData\Local\{7AA8571B-66CE-459E-B3CF-8547D3F5C038}
2015-01-21 14:10 - 2015-01-21 14:10 - 00000000 ____D () C:\Users\michl\AppData\Local\{72682D33-30DE-45CB-95F0-3F0A6206D74C}
2015-01-21 02:09 - 2015-01-21 02:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{B06864F7-55BD-46C4-8269-0E8759CCC81B}
2015-01-20 14:08 - 2015-01-20 14:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{DB2480CB-2EFB-42F6-8335-E4392EC42861}
2015-01-20 02:08 - 2015-01-20 02:08 - 00000000 ____D () C:\Users\michl\AppData\Local\{F50EBD7C-6D98-4C70-A381-59DE45BEDB7F}
2015-01-19 14:07 - 2015-01-19 14:07 - 00000000 ____D () C:\Users\michl\AppData\Local\{52ADD48E-C094-4E89-A3C0-6EFCF151B3DB}
2015-01-18 22:37 - 2015-01-18 22:38 - 00000000 ____D () C:\Users\michl\AppData\Local\{3E6A9985-7C11-4789-88E5-F7EA8C379E3A}
2015-01-17 02:58 - 2015-01-17 02:58 - 00000000 ____D () C:\Users\michl\AppData\Local\{EB2A09AA-271A-41E5-9688-7264EB638E9D}
2015-01-17 01:32 - 2015-01-17 01:32 - 01186995 _____ () C:\Users\michl\Downloads\retro-frames.zip
2015-01-16 14:17 - 2015-01-16 14:17 - 00000000 ____D () C:\Users\michl\AppData\Local\{461EA139-1C80-4D58-B8D4-FFA8133EFCE1}
2015-01-16 00:11 - 2015-01-16 00:11 - 00000000 ____D () C:\Users\michl\AppData\Local\{201EA74E-289A-4779-9EAC-42D25811D08A}
2015-01-15 12:10 - 2015-01-15 12:10 - 00000000 ____D () C:\Users\michl\AppData\Local\{ADFA7D86-C977-4AE4-8006-5647BEE1DA90}
2015-01-15 00:09 - 2015-01-15 00:10 - 00000000 ____D () C:\Users\michl\AppData\Local\{1251B94C-785E-4A8E-8EB0-8C20479E64AD}
2015-01-14 12:13 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:13 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:13 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:13 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:13 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:13 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:13 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:13 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:13 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:13 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:13 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:13 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:13 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:09 - 2015-01-14 12:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{70685963-37C2-4A4B-86DD-8F1B98812DA9}
2015-01-13 15:50 - 2015-01-13 15:50 - 00000000 ____D () C:\Users\michl\AppData\Local\{C73287A1-9827-4439-BEB9-3CABF49EEF1B}
2015-01-13 13:25 - 2015-01-13 13:25 - 00000356 _____ () C:\Users\michl\Desktop\Startpage Web Suchen.website
2015-01-13 13:25 - 2015-01-13 13:25 - 00000350 _____ () C:\Users\michl\Desktop\Qwant.website
2015-01-12 11:40 - 2015-01-12 11:40 - 00000000 ____D () C:\Users\michl\AppData\Local\{DEF0A906-DCF2-4A93-A23D-D05AC41D3CA0}
2015-01-11 13:40 - 2015-01-11 13:40 - 00000000 ____D () C:\Users\michl\AppData\Local\{C2D5863C-A276-4C58-B2F6-42BDF5221744}
2015-01-10 16:46 - 2015-01-10 16:46 - 00000000 ____D () C:\Users\michl\AppData\Local\{999CF59E-732B-4C10-B096-E1BAE4D2CDD9}
2015-01-09 16:23 - 2015-01-09 16:23 - 00000000 ____D () C:\Users\michl\AppData\Local\{18ACD4CE-745B-4574-B47A-4B3B9D97F592}
2015-01-08 11:16 - 2015-01-08 11:16 - 00000000 ____D () C:\Users\michl\AppData\Local\{3908BE42-B47E-4B78-A29E-F93481B528D8}
2015-01-07 12:27 - 2015-01-07 12:27 - 00000000 ____D () C:\Users\michl\AppData\Local\{D8317690-0E4B-4CB2-989A-7FE2762B6F41}
2015-01-06 14:35 - 2015-01-06 14:36 - 00000000 ____D () C:\Users\michl\AppData\Local\{43F1DC67-E07F-4DD1-B40C-4A46CFD25A1B}
2015-01-05 13:41 - 2015-01-05 13:41 - 00000000 ____D () C:\Users\michl\AppData\Local\{549E4629-4375-4B25-9F66-617A9F221D5A}
2015-01-04 13:28 - 2015-01-04 13:28 - 00000000 ____D () C:\Users\michl\AppData\Local\{920D33C0-A2BF-4C05-9999-278302552EA9}
2015-01-03 15:21 - 2015-01-03 15:21 - 00000000 ____D () C:\Neuer Ordner 1
2015-01-03 15:17 - 2015-01-03 15:17 - 00000000 ____D () C:\ProgramData\LAUNCHER
2015-01-03 15:11 - 2015-01-03 15:11 - 00000000 ____D () C:\ProgramData\RMBWIZARD
2015-01-03 15:09 - 2015-01-03 15:09 - 00002507 _____ () C:\Users\michl\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk
2015-01-03 15:09 - 2015-01-03 15:09 - 00002339 _____ () C:\Users\michl\Desktop\Paragon Recovery Media Builder™.lnk
2015-01-03 15:09 - 2015-01-03 15:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2015-01-03 15:09 - 2015-01-03 15:09 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2014 Free
2015-01-03 15:08 - 2015-01-03 15:08 - 00000000 ____D () C:\Program Files\Paragon Software
2015-01-03 15:06 - 2015-01-03 15:06 - 00000000 ____D () C:\ProgramData\explauncher
2015-01-03 13:29 - 2015-01-03 13:29 - 00000000 ____D () C:\Users\michl\AppData\Roaming\zebNet
2015-01-03 13:28 - 2015-01-03 13:28 - 00001239 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\zebNet® Backup for Live Mail Free Edition.lnk
2015-01-03 13:28 - 2015-01-03 13:28 - 00001227 _____ () C:\Users\Public\Desktop\zebNet® Backup for Live Mail Free Edition.lnk
2015-01-03 13:28 - 2015-01-03 13:28 - 00000000 ____D () C:\Program Files\zebNet
2015-01-03 13:27 - 2015-01-27 19:23 - 00000000 __SHD () C:\360Rec
2015-01-03 13:00 - 2015-01-03 13:01 - 00000000 ____D () C:\Users\michl\AppData\Local\{9CBA7F02-D074-45BA-81E2-6BFF11CA0AE0}
2015-01-02 19:31 - 2015-01-03 14:50 - 00000586 _____ () C:\Users\michl\Desktop\Paragon Backup & Recovery 2014 Free Edition - Download - COMPUTER BILD.website
2015-01-02 19:31 - 2015-01-03 14:47 - 00000754 _____ () C:\Users\michl\Desktop\Übersicht Die beste Backup-Freeware - NETZWELT.website
2015-01-02 19:30 - 2015-01-02 19:30 - 00000452 _____ () C:\Users\michl\Desktop\FreeFileSync Verzeichnisse synchronisieren - NETZWELT.website
2015-01-02 15:16 - 2015-01-02 15:16 - 00000000 ____D () C:\Users\michl\AppData\Local\{F4F21EF0-3F5E-4707-865D-FDB485F51FA0}
2015-01-01 16:55 - 2015-01-01 16:55 - 00000000 ____D () C:\Users\michl\AppData\Local\{1729C4BB-B0C7-4B34-B766-1DA6A21EF08B}
2014-12-31 16:03 - 2014-12-31 16:03 - 00000000 ____D () C:\Users\michl\AppData\Local\{B060A75E-C08D-4273-9D5B-17C8F61D67E5}
2014-12-30 23:47 - 2014-12-30 23:47 - 00000863 _____ () C:\Users\michl\Desktop\MediathekView - Download TV-Sender.lnk
2014-12-30 16:59 - 2014-12-30 16:59 - 00000000 ____D () C:\Users\michl\AppData\Local\{AFBB72BB-93DA-4B0A-924B-B2542CC79861}
2014-12-30 01:48 - 2014-12-30 01:48 - 00000000 ____D () C:\Users\michl\AppData\Local\{89D58324-68FF-448C-BACA-03B537E04DFC}
2014-12-29 10:50 - 2014-12-29 10:50 - 00000000 ____D () C:\Users\michl\AppData\Local\{B77BD829-0130-4039-966C-8AFB364B651A}
2014-12-28 13:09 - 2014-12-28 13:09 - 00000000 ____D () C:\Users\michl\AppData\Local\{A0EAEFA9-A40F-499D-ABDA-73A7C26506E8}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 20:12 - 2014-10-27 14:50 - 00000000 ____D () C:\FRST
2015-01-27 19:51 - 2014-11-14 17:38 - 00000000 ____D () C:\Users\michl\AppData\Roaming\360safe
2015-01-27 19:48 - 2012-01-18 13:44 - 00007680 _____ () C:\Users\michl\AppData\Local\resmon.resmoncfg
2015-01-27 19:42 - 2014-04-16 00:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 19:25 - 2013-03-14 11:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 19:18 - 2014-11-14 17:34 - 01779773 ____N () C:\Windows\WindowsUpdate.log
2015-01-27 18:17 - 2013-06-25 07:14 - 00000863 _____ () C:\Users\michl\Desktop\Abendzeitung München.website
2015-01-27 17:01 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 17:01 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 16:58 - 2011-04-12 08:43 - 00717444 _____ () C:\Windows\system32\perfh007.dat
2015-01-27 16:58 - 2011-04-12 08:43 - 00155004 _____ () C:\Windows\system32\perfc007.dat
2015-01-27 16:58 - 2009-07-14 06:13 - 01656676 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 16:54 - 2014-04-16 00:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 16:54 - 2013-02-04 02:04 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-01-27 16:54 - 2012-01-18 15:55 - 00000000 ____D () C:\Users\michl\AppData\Roaming\vlc
2015-01-27 16:54 - 2012-01-18 14:33 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Winamp
2015-01-27 16:54 - 2012-01-03 02:52 - 00000000 ____D () C:\Users\michl
2015-01-27 16:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 16:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-27 16:53 - 2014-07-23 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-27 16:53 - 2014-07-23 12:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 16:53 - 2014-05-22 22:36 - 00000000 ____D () C:\ProgramData\Protexis64
2015-01-27 16:53 - 2013-02-04 02:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-27 16:53 - 2012-01-13 23:18 - 00000000 ____D () C:\ProgramData\InstallShield
2015-01-27 16:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-27 16:06 - 2013-10-17 22:30 - 14028800 _____ () C:\Users\michl\AppData\Roaming\Sandra.mdb
2015-01-27 15:25 - 2014-11-17 11:31 - 00000684 _____ () C:\Users\michl\Desktop\Anti-Botnet-Beratungszentrum Säubern.website
2015-01-27 15:08 - 2014-10-26 01:06 - 00000000 ___HD () C:\Users\michl\AppData\Roaming\1A828502
2015-01-27 09:50 - 2013-05-22 23:24 - 00000000 ____D () C:\Users\michl\Documents\Benutzerdefinierte Office-Vorlagen
2015-01-27 09:50 - 2013-02-04 14:31 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-27 00:37 - 2013-02-07 14:09 - 00000493 _____ () C:\Users\michl\Desktop\Wortschatz.website
2015-01-26 15:51 - 2012-01-16 17:19 - 00097004 _____ () C:\Users\michl\Desktop\offene2+++.txt
2015-01-26 14:18 - 2013-03-08 17:28 - 00000000 ____D () C:\Users\michl\AppData\Local\CrashDumps
2015-01-26 02:00 - 2014-11-14 17:38 - 00000000 ____D () C:\ProgramData\360SD
2015-01-26 01:06 - 2014-08-24 17:11 - 00000559 _____ () C:\Users\michl\Desktop\freisteller  clipping Magic 
2015-01-25 16:24 - 2013-02-04 15:11 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Media Player Classic
2015-01-25 16:23 - 2013-11-11 23:52 - 00000514 _____ () C:\Users\michl\Desktop\Zattoo -webTV.website
2015-01-23 16:15 - 2014-12-02 01:22 - 00000547 _____ () C:\Users\michl\Desktop\Polizeiruf Rostock - Bukow 02 (2010) - Aquarius (312) - YouTube.website
2015-01-21 16:10 - 2014-11-12 07:32 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC
2015-01-21 15:00 - 2013-02-04 18:15 - 00000186 _____ () C:\Users\michl\Desktop\Übersetzungen.url
2015-01-21 14:01 - 2009-07-14 05:45 - 07993328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-21 02:26 - 2013-02-14 01:18 - 00460440 _____ () C:\Windows\FontData.fdb
2015-01-21 02:26 - 2012-01-03 03:14 - 00835400 _____ () C:\Users\michl\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 01:36 - 2014-11-25 02:40 - 00000595 _____ () C:\Users\michl\Desktop\CorelDRAW X6 Praxis - Falzprospekt  Corel-Tutorials.de.website
2015-01-18 11:37 - 2014-02-15 10:43 - 00000000 ____D () C:\Users\michl\.mediathek3
2015-01-16 15:25 - 2012-01-18 14:12 - 00000000 ____D () C:\Users\michl\AppData\Roaming\FileZilla
2015-01-15 14:02 - 2009-07-14 03:34 - 00000448 _____ () C:\Windows\win.ini
2015-01-14 13:02 - 2013-07-24 00:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:00 - 2013-02-05 19:19 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 14:05 - 2014-07-23 12:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 15:07 - 2014-05-27 10:34 - 00000000 ____D () C:\Users\michl\AppData\Local\Downloaded Installations
2015-01-03 14:45 - 2014-12-16 18:25 - 00000677 _____ () C:\Users\michl\Desktop\SALE Reduzierte Produkte aus allen DaWanda-Kategorien - 212.093 einzigartige Produkte bei DaWanda online kaufen.website
2015-01-03 14:40 - 2014-10-08 20:58 - 00000941 _____ () C:\Users\michl\Desktop\Website des Jahres 2014.website
2015-01-03 14:40 - 2014-08-17 12:54 - 00000000 ____D () C:\Users\michl\Desktop\reise 2014
2015-01-03 13:28 - 2014-11-16 03:01 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-03 13:15 - 2014-11-20 13:08 - 00000966 _____ () C:\Users\michl\Desktop\Video Downloader Clipfish, Bild.de.website
2015-01-03 11:37 - 2014-04-23 15:18 - 00000000 ____D () C:\Users\michl\Downloads\musik down

==================== Files in the root of some directories =======

2013-04-21 16:41 - 2007-12-01 16:22 - 0315392 _____ () C:\Program Files (x86)\GMLMatting.8bf
2013-04-21 16:41 - 2013-04-21 16:41 - 0000053 _____ () C:\Program Files (x86)\GMLMatting.ini
2013-07-06 00:57 - 2013-07-07 23:26 - 0004509 _____ () C:\Users\michl\AppData\Roaming\CamStudio.cfg
2013-04-21 16:40 - 2014-12-22 01:54 - 0000270 _____ () C:\Users\michl\AppData\Roaming\FotoSketcher.ini
2013-10-17 22:30 - 2015-01-27 16:06 - 14028800 _____ () C:\Users\michl\AppData\Roaming\Sandra.mdb
2012-01-18 13:44 - 2015-01-27 19:48 - 0007680 _____ () C:\Users\michl\AppData\Local\resmon.resmoncfg
2012-01-13 23:06 - 2012-01-13 23:07 - 0000000 _____ () C:\Users\michl\AppData\Local\{3D1C37FE-3ED0-4FD6-B2AF-A2725ABC9B82}
2012-01-13 23:07 - 2012-01-13 23:07 - 0000000 _____ () C:\Users\michl\AppData\Local\{86518487-0454-4710-9F1D-1F507D40ED99}
2014-01-30 17:04 - 2014-01-30 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-04-30 13:59 - 2013-04-30 19:33 - 0000000 _____ () C:\ProgramData\as98213.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 16:41

==================== End Of Log ============================

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste

Log-Analyse und Auswertung: Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste

Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste

Ähnliche Themen: Malwarebytes lässt sich nicht mehr starten - hohe CPU-Auslastung durch Dienste