Win7: Trojaner durch Link über gehakten Skype account?

Cudjo · 27.09.2015, 13:05

Hallo liebes Board

Erstmal Dank im Voraus für eure Arbeit! Ich finde es echt super dass es so hilfsbereite Leute wie euch gibt!

Zu meiner Situation:
Vor ein paar Wochen hat scheinbar jemand meinen Skype account gehackt und an (fast) alle meine Kontakte einen (personalisierten) Link geschickt. Es wäre mir gar nicht aufgefallen, da ich Skype schon seit Monaten nicht mehr verwendet habe, aber zum Glück hat es mir einer meiner Kontakte gleich auf anderen Wegen mitgeteilt, sodass ich das Skype-passwort ändern konnte und alle Kontakte benachrichtigen dass der Link nicht von mir kommt.
Leider habe ich dann in einem Moment völliger geistiger Umnachtung den unglaublich peinlichen Fehler begangen selbst auf einen dieser Links zu klicken. Relativ kurz danach hat mein Laptop auf einmal nur noch sehr langsam reagiert. Der Taskmanager hat angezeigt das ein svchost die CPU stark ausgelastet hat. Durch „Prozess beenden“ wurde es zwar insofern besser, als wieder alles schnell reagiert hat, aber dafür haben Windows-Grundfunktionen nicht mehr normal funktioniert.
Da mir das natürlich mit diesem Timing sehr ungeheuer war, habe ich eine Systemwiederherstellung auf einen Wiederherstellungspunkt von ca eine Woche vorher gemacht und einen kompletten Systemscan mit Panda Cloud Antivirus durchlaufen lassen. Keine Funde. Danach ging der Spuk noch etwas weiter, aber es sind auch ständig irgendwelche Windows und Nvidia Updates gelaufen… Als die alle fertig waren schien wieder alles ganz normal zu sein, aber natürlich bin ich jetzt ziemlich eingeschüchtert irgendwelche sensiblen Daten oder Passwörter einzugeben.

Und nun meine Bitte an euch liebes Board: Könnt ihr mir helfen herauszufinden ob das einfach nur blödes Timing war und der Link gar nichts böses angerichtet hat, oder ob ich den PC komplett neu aufsetzten muss?
Ich sollte vielleicht dazu sagen dass diese Mühle schon einige Jährchen auf dem Buckel hat, und schon so einiges erlebt hat. Das heißt einerseits wäre sicher eh nicht verkehrt ihn mal neu auf zu setzten, andererseits sind so viele Tools und Daten darauf das es echt viel Arbeit wäre und ich nicht sicher bin ob sich dieser Aufwand noch lohnen würde… Außerdem ist leider auch das DVD Laufwerk kaputt, sodass ich gar nicht so recht weis wie ich überhaupt sicher Windows neu installieren kann. Vermutlich muss ich dann auf einem anderen Rechner irgendwie einen bootfähigen USB-Stick erstellen auf dem die Windows-Installationsdateien liegen, oder? Also ich hoffe ihr versteht, dass ich mir das gerne ersparen würde ;-)

Was ich bisher gemacht habe an Vorarbeit (in dieser Reihenfolge da ich leider erst in einem Thread der mir sehr allgemein erschien gelandet bin bevor ich beschlossen habe selbst zu einen anzulegen und die eigentlich „ToDo-List“ entdeckt habe):
1. Malwarebytes Anti-Malware
2. OTL
3. Defogger
4. FRST
5. GMER

Log-Files s.u. in selber Reihenfolge.

In der Anleitung zum posten steht man soll die logs nicht gleich als neuen Beitrag dazu posten, da ihr sonst davon ausgeht das das Problem schon bearbeitet wird. Deshalb habe ich mal intuitiv ein paar als "Code" eingebunden, und den Rest als RAR angehängt. Ich hoffe das passt auch (anstatt zip)!?

Vielen Dank für eure Hilfe, und hoffentlich bis bald,
Cudjo

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
durchgeführt von Kuyumo (Administrator) auf KUYUMO-PC (26-09-2015 23:42:16)
Gestartet von C:\Users\Kuyumo\Desktop\Trojaner suche
Geladene Profile: Kuyumo (Verfügbare Profile: Kuyumo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Foxit Software Inc.) C:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [497024 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\Run: [Dropbox Update] => C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe [13400208 2015-04-11] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
GroupPolicyScripts: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog9 01 C:\Windows\system32\RSLSP.dll [380928 2012-09-22] (Ratajik Software)
Winsock: Catalog9 02 C:\Windows\system32\RSLSP.dll [380928 2012-09-22] (Ratajik Software)
Winsock: Catalog9 03 C:\Windows\system32\RSLSP.dll [380928 2012-09-22] (Ratajik Software)
Winsock: Catalog9 04 C:\Windows\system32\RSLSP.dll [380928 2012-09-22] (Ratajik Software)
Winsock: Catalog9 15 C:\Windows\system32\RSLSP.dll [380928 2012-09-22] (Ratajik Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{157083F9-E1BC-43FB-9031-4D9F7C095960}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Tcpip\..\Interfaces\{D06B54E8-0068-4988-97D0-1FFDB3AC2F07}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F2FE0A98-C1E7-4857-99A5-1D9E871E5B89}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Tcpip\..\Interfaces\{F97E0CC5-690B-4B30-961A-9D3D96B3FBAC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000 - (Kein Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  Keine Datei
SearchScopes: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = 
SearchScopes: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000 -> {58ADF134-0921-45D6-927B-2B7BE8E16062} URL = hxxp://www.ecosia.org/search.php?q={searchTerms}&service=
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default
FF NewTab: www.google.com
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-02-02] (Adobe Systems, Inc.)
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [Keine Datei]
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll [2014-06-26] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3683629333-2777190142-3868084316-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kuyumo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll Keine Datei
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\searchplugins\ecosia.xml [2014-01-13]
FF Extension: Xmarks - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\foxmarks@kei.com [2015-06-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-11-01]
FF Extension: Hide My Ass! Web Proxy - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\extension@hidemyass.com.xpi [2014-08-12]
FF Extension: stealthy - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\stealthyextension@gmail.com.xpi [2012-02-11]
FF Extension: NoScript - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-11-23]
FF Extension: Mozilla Archive Format - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2014-08-07]
FF Extension: Video DownloadHelper - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-11-19]
FF Extension: Adblock Plus - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-19]
FF Extension: QuickWiki - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi [2011-09-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-13]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://aartemis.com/?type=hp&ts=1388738059&from=cor&uid=3219913727_1789_6009F25C","hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.99\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Google Talk Plugin) - C:\Users\Kuyumo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll => Keine Datei
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Kuyumo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => Keine Datei
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Kuyumo\AppData\Roaming\Mozilla\plugins\npo1d.dll => Keine Datei
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll => Keine Datei
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => Keine Datei
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll => Keine Datei
CHR Profile: C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-07-15]
CHR Extension: (Google Docs) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-21]
CHR Extension: (Google Drive) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-21]
CHR Extension: (YouTube) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-21]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2013-04-21]
CHR Extension: (Google-Suche) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-21]
CHR Extension: (Google Kalender) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-08-16]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-21]
CHR Extension: (Google Notizen – Notizen & Listen) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-08-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-06-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-15]
CHR Extension: (Google Zeichnungen) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-08-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-21]
CHR Extension: (TabCloud) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2013-04-21]
CHR Extension: (Google Mail) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-21]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Datei ist nicht signiert]
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S4 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [Datei ist nicht signiert]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [919184 2015-06-24] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20694160 2015-06-24] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S4 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S4 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-18] (Absolute Software Corp.)
S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S4 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2014-05-31] (Protect Software GmbH)
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2010-12-27] (Alcor Micro, Corp.)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S3 AXIOM; C:\Windows\System32\DRIVERS\MAudioAxiom.sys [115336 2010-02-19] (M-Audio)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [Datei ist nicht signiert]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-11-08] (DT Soft Ltd)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [87040 2009-07-29] (ELAN Microelectronic Corp.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [48472 2012-01-05] (Focusrite Audio Engineering Limited.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2010-12-27] (ASUS)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [86800 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202128 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109584 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [126480 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [41744 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99856 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61712 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120592 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281232 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [205456 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108432 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [239888 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94864 2015-02-09] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [41648 2015-05-19] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [140048 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100624 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1766592 2010-12-27] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [Datei ist nicht signiert]
S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [34280 2011-05-10] (Yamaha Corporation)
S3 L6UX2; System32\Drivers\L6UX2.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-26 23:41 - 2015-09-26 23:42 - 00000000 ____D C:\FRST
2015-09-26 23:38 - 2015-09-26 23:38 - 00000000 _____ C:\Users\Kuyumo\defogger_reenable
2015-09-26 20:08 - 2015-09-26 23:42 - 00000000 ____D C:\Users\Kuyumo\Desktop\Trojaner suche
2015-09-25 12:05 - 2015-09-25 12:06 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 12:05 - 2015-09-25 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-25 12:05 - 2015-09-25 12:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-25 12:05 - 2015-09-25 12:05 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-09-25 12:05 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-25 12:05 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-25 12:05 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-22 20:14 - 2015-09-22 21:14 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-21 20:30 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-09-13 13:17 - 2015-09-13 13:17 - 00000000 ____D C:\Program Files\AGEIA Technologies
2015-09-13 13:12 - 2015-08-18 10:47 - 24200312 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 15294072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 11272048 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 11209376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 10704560 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-13 13:12 - 2015-08-18 10:47 - 03987576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 01059504 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234181.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00912688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234181.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00907440 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00869040 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00021015 _____ C:\Windows\system32\nvinfo.pb
2015-09-13 11:49 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-13 11:49 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-13 11:49 - 2015-08-15 07:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-13 11:49 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-13 11:49 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-13 11:49 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-13 11:49 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-13 11:49 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-13 11:49 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-13 11:49 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-13 11:49 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-13 11:49 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-13 11:49 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-13 11:49 - 2015-08-15 07:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-13 11:49 - 2015-08-15 07:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-13 11:49 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-13 11:49 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-13 11:49 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-13 11:49 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-13 11:49 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-13 11:49 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-13 11:49 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-13 11:49 - 2015-08-15 07:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-13 11:49 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-13 11:49 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-13 11:49 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-13 11:49 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-13 11:49 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-13 11:48 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-13 11:48 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-13 11:48 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-13 11:48 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-13 11:48 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-13 11:48 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-13 11:48 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-13 11:48 - 2015-07-22 19:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-13 11:48 - 2015-07-22 19:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-13 11:48 - 2015-07-22 19:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-13 11:48 - 2015-07-22 19:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-13 11:48 - 2015-07-22 19:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-13 11:48 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-13 11:48 - 2015-07-22 19:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-13 11:48 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-13 11:48 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-13 11:48 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-13 11:48 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-13 11:48 - 2015-07-22 18:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-13 11:48 - 2015-07-22 18:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-13 11:48 - 2015-07-22 18:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-13 11:48 - 2015-07-22 18:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-13 11:48 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-13 11:48 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-13 11:48 - 2015-06-25 11:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-13 11:48 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-13 11:48 - 2015-06-25 11:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-13 11:47 - 2015-09-02 03:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-13 11:47 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-13 11:47 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-13 11:47 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-13 11:47 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-13 11:47 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-13 11:47 - 2015-08-26 19:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-13 11:47 - 2015-08-26 19:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-13 11:47 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-13 11:47 - 2015-08-26 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-13 11:47 - 2015-08-05 19:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-13 11:47 - 2015-08-04 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-13 11:47 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-13 11:47 - 2015-08-04 19:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-13 11:47 - 2015-08-04 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-13 11:47 - 2015-08-04 19:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-13 11:47 - 2015-08-04 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-13 11:44 - 2015-09-15 19:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-13 11:43 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-13 11:27 - 2015-05-11 13:56 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\Kuyumo\Desktop\procexp.exe
2015-09-04 18:29 - 2015-09-04 18:29 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-26 23:38 - 2010-12-27 18:32 - 00000000 ____D C:\Users\Kuyumo
2015-09-26 23:14 - 2014-11-19 03:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-26 22:58 - 2015-06-17 21:47 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000UA.job
2015-09-26 22:50 - 2014-10-13 16:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-26 22:48 - 2010-12-27 20:02 - 00000000 ____D C:\Users\Kuyumo\AppData\Local\Google
2015-09-26 22:21 - 2010-12-27 18:12 - 01671035 _____ C:\Windows\WindowsUpdate.log
2015-09-26 21:58 - 2015-06-17 21:47 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000Core.job
2015-09-26 21:25 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-26 21:25 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-26 21:10 - 2010-12-27 18:09 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-26 20:09 - 2010-12-27 20:09 - 00000000 ___RD C:\Users\Kuyumo\Desktop\Download
2015-09-26 15:00 - 2015-03-14 19:40 - 00000000 ___RD C:\Users\Kuyumo\Google Drive
2015-09-26 14:59 - 2015-04-03 01:06 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Copy
2015-09-26 14:59 - 2014-10-13 16:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-26 14:59 - 2014-01-03 22:50 - 00089560 _____ C:\Windows\setupact.log
2015-09-26 14:59 - 2010-12-27 18:36 - 00078032 ____N (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-26 14:58 - 2010-12-27 18:39 - 00188956 _____ C:\Windows\PFRO.log
2015-09-26 14:58 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-26 00:38 - 2012-10-06 19:28 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\AIMP3
2015-09-25 12:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-25 12:53 - 2015-07-12 19:39 - 00001092 _____ C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-09-25 12:53 - 2015-06-28 00:38 - 00002184 _____ C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-25 12:53 - 2015-02-07 21:17 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-09-25 12:53 - 2014-11-19 01:29 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-09-25 12:53 - 2014-05-24 09:13 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-09-25 12:53 - 2014-04-26 18:59 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-09-25 12:53 - 2014-04-26 18:59 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-09-25 12:53 - 2014-01-03 10:35 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2015-09-25 12:53 - 2014-01-03 10:35 - 00001895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2015-09-25 12:53 - 2014-01-03 10:35 - 00001874 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2015-09-25 12:53 - 2012-11-24 17:56 - 00001798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-09-25 12:53 - 2012-04-06 16:09 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2015-09-25 12:53 - 2012-04-05 17:34 - 00001967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-09-25 12:53 - 2011-10-17 12:59 - 00001849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-09-25 12:53 - 2011-06-15 12:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-09-25 12:53 - 2010-12-30 20:31 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2015-09-25 12:53 - 2010-12-27 18:13 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-25 12:53 - 2009-07-14 06:46 - 00001491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-25 12:53 - 2009-07-14 06:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-09-25 12:53 - 2009-07-14 06:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-09-25 12:53 - 2009-07-14 06:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-09-25 12:53 - 2009-07-14 06:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-09-25 12:52 - 2015-07-18 15:37 - 00001059 _____ C:\Users\Kuyumo\Desktop\Will And The People - Friends - Verknüpfung.lnk
2015-09-25 12:52 - 2015-07-13 09:07 - 00001172 _____ C:\Users\Kuyumo\Desktop\OneDrive.lnk
2015-09-25 12:52 - 2015-06-21 23:25 - 00001232 _____ C:\Users\Kuyumo\Desktop\Kaufen, Produkte - Verknüpfung.lnk
2015-09-25 12:52 - 2015-04-22 21:51 - 00001759 _____ C:\Users\Kuyumo\Desktop\2015_Frühling - Verknüpfung.lnk
2015-09-25 12:52 - 2015-04-07 19:12 - 00000697 _____ C:\Users\Kuyumo\Desktop\Barracuda Copy.lnk
2015-09-25 12:52 - 2015-04-03 13:47 - 00001386 _____ C:\Users\Kuyumo\Desktop\temp.rtf - Verknüpfung.lnk
2015-09-25 12:52 - 2015-04-03 04:59 - 00001462 _____ C:\Users\Kuyumo\Desktop\Serienstatus.txt - Verknüpfung.lnk
2015-09-25 12:52 - 2015-03-14 19:40 - 00001707 _____ C:\Users\Kuyumo\Desktop\Google Drive.lnk
2015-09-25 12:52 - 2014-03-22 13:21 - 00001009 _____ C:\Users\Kuyumo\Desktop\Dropbox.lnk
2015-09-25 11:26 - 2010-12-27 18:21 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-24 12:14 - 2015-04-18 10:19 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\vlc
2015-09-22 21:14 - 2012-04-03 12:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 21:14 - 2011-09-17 18:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-21 20:29 - 2010-12-27 18:10 - 00017408 _____ C:\Windows\system32\rpcnetp.dll
2015-09-15 22:15 - 2015-04-22 20:27 - 00000000 ____D C:\Windows\rescache
2015-09-15 19:48 - 2012-05-04 07:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-13 13:17 - 2011-11-04 01:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-09-13 13:16 - 2012-09-25 18:02 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-13 12:30 - 2009-07-14 06:33 - 00553768 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-13 12:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-09-13 10:40 - 2012-06-17 22:19 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Dropbox
2015-09-12 13:40 - 2011-01-13 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-12 09:09 - 2011-05-13 20:08 - 00000000 ____D C:\Windows\pss
2015-09-12 09:06 - 2011-11-25 13:20 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\PhotoScape
2015-09-12 09:06 - 2011-10-27 17:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-11 19:44 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-11 19:31 - 2015-04-04 12:38 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-11 19:31 - 2014-11-11 12:01 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-11 19:31 - 2014-11-07 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
2015-09-11 19:31 - 2012-12-22 16:05 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\MediaMonkey
2015-09-11 19:31 - 2010-12-30 20:47 - 00000000 ___RD C:\Program Files\Skype
2015-09-11 19:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-11 19:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-09-11 19:30 - 2010-12-30 20:47 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Skype
2015-09-11 19:30 - 2010-12-30 20:47 - 00000000 ____D C:\ProgramData\Skype
2015-09-11 19:03 - 2013-07-29 12:57 - 00000000 ____D C:\Windows\system32\MRT
2015-09-06 15:58 - 2012-06-17 22:24 - 00000000 ___RD C:\Users\Kuyumo\Dropbox
2015-09-06 15:55 - 2015-06-28 00:37 - 00000000 ____D C:\Users\Kuyumo\OneDrive
2015-09-06 01:15 - 2015-07-12 19:39 - 00000000 ____D C:\Users\Kuyumo\AppData\Local\Wunderlist

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-11-01 19:50 - 2012-10-31 07:50 - 0000044 ____H () C:\Program Files\04aeb981.tmp
2012-12-24 18:17 - 2012-12-24 18:17 - 0038437 _____ () C:\Users\Kuyumo\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2012-10-22 18:21 - 2012-12-05 12:38 - 0000028 _____ () C:\Users\Kuyumo\AppData\Roaming\PhonerLitesettings.ini
2011-01-15 21:06 - 2012-06-21 12:41 - 0000600 _____ () C:\Users\Kuyumo\AppData\Roaming\winscp.rnd
2012-01-22 15:28 - 2015-04-27 21:55 - 0005632 _____ () C:\Users\Kuyumo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-29 02:05 - 2015-03-29 02:05 - 0036301 _____ () C:\Users\Kuyumo\AppData\Local\recently-used.xbel
2011-06-14 18:57 - 2014-02-09 02:06 - 0007602 _____ () C:\Users\Kuyumo\AppData\Local\resmon.resmoncfg
2014-11-06 22:08 - 2014-11-06 22:08 - 0000000 _____ () C:\Users\Kuyumo\AppData\Local\{A93FD393-7598-4AE6-B457-BB627964D6E9}
2012-12-09 02:29 - 2012-12-09 02:29 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2014-04-06 13:49 - 2014-04-06 13:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-30 20:48 - 2010-12-30 20:48 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Einige Dateien in TEMP:
====================
C:\Users\Kuyumo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7jw2oy.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-23 14:02

==================== Ende vom FRST.txt ============================

--- --- ---

[/CODE]

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-27 13:13:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000092 Hitachi_ rev.FBEO 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Kuyumo\AppData\Local\Temp\axdiipog.sys


---- Kernel code sections - GMER 2.1 ----

.text    ntkrnlpa.exe!ZwReplaceKey + 1525                                                                  8464AB55 1 Byte  [06]
.text    ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            84684BB2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text    C:\Windows\system32\drivers\ACEDRV09.sys                                                          section is writeable [0xA5625000, 0x3326E, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV09.sys                                                          entry point in ".pklstb" section [0xA566A000]
.relo2   C:\Windows\system32\drivers\ACEDRV09.sys                                                          unknown last section [0xA5686000, 0x8E, 0x42000040]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!NtCreateFile                         771E56B0 5 Bytes  JMP 615F374A C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!NtFlushBuffersFile                   771E5A40 5 Bytes  JMP 615F348A C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!NtQueryFullAttributesFile            771E60D0 5 Bytes  JMP 615F35C2 C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!NtReadFile                           771E63A0 5 Bytes  JMP 615F34C4 C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!NtReadFileScatter                    771E63B0 5 Bytes  JMP 6194CB1D C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!NtWriteFile                          771E6B50 5 Bytes  JMP 615F38EE C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!NtWriteFileGather                    771E6B60 5 Bytes  JMP 6194CB6D C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!LdrLoadDll                           77202576 5 Bytes  JMP 7146A161 C:\Program Files\Mozilla Firefox\mozglue.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D  76C8952E 7 Bytes  JMP 6193510F C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] kernel32.dll!QueryPerformanceCounter + 13      76C8C535 7 Bytes  JMP 61935EF6 C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] kernel32.dll!LoadAppInitDlls + 355             76C8F5F6 7 Bytes  JMP 616BDBC1 C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] USER32.dll!GetWindowInfo                       768B4B5E 5 Bytes  JMP 6242E1E3 C:\Program Files\Mozilla Firefox\xul.dll
.text    C:\Program Files\Mozilla Firefox\firefox.exe[3576] GDI32.dll!GetViewportOrgEx + 26C               771587DB 7 Bytes  JMP 61934981 C:\Program Files\Mozilla Firefox\xul.dll

---- Registry - GMER 2.1 ----

Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@B4FCF6A2       2153

---- EOF - GMER 2.1 ----
         
 --- --- ---

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 25.09.2015
Suchlaufzeit: 12:07
Protokolldatei: Malewarebytes Anti-Malware Ergbisse.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.25.01
Rootkit-Datenbank: v2015.09.22.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Kuyumo

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 383633
Abgelaufene Zeit: 42 Min., 40 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 11
PUP.Optional.SupTab, HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c154cd67c9c296a095805896738f9967], 
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\delta-homesSoftware, , [e82d77bdb2d9181e9722cd78ba4936ca], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2613550, , [24f152e2bad154e290cda4dad2323bc5], 
PUP.Optional.Elex, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ifohbjbgfchkkfhphahclmkpgejiplfo, , [8491d95b2e5db581ea2e237812f2fe02], 
PUP.Optional.ExtendedProtection, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ogfjmhfnldnajmfaofeiaepghjenbgjo, , [868f2d07236868ced00dbcdfda2a669a], 
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [7b9a86aeacdfe45293fd2d09ce3550b0], 
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [1bfab4800784d16597ff3260fa0a7a86], 
PUP.Optional.SupTab, HKLM\SOFTWARE\SUPTAB, , [61b41e1603882a0c79c1942ef014926e], 
PUP.Optional.IEPluginServices, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, , [7f961d1799f2a393735fa300da2a8f71], 
PUP.Optional.InstallCore, HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\InstallCore, , [1afbae8683088aac0e58f9acb351fe02], 
PUP.Optional.Conduit, HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [6da85fd5a2e9ef475b2e157da75d57a9], 

Registrierungswerte: 7
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, , [7b9a86aeacdfe45293fd2d09ce3550b0]
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567&type=default&q={searchTerms}, , [ef2667cde4a7c86ecbc5fc3aed16f30d]
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550, , [1bfab4800784d16597ff3260fa0a7a86]
PUP.Optional.QuickStart, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\extensions\quick_start@gmail.com, , [50c5de56cfbcfd39d4495265be46c838]
PUP.Optional.SupTab, HKLM\SOFTWARE\SUPTAB|ptid, wpm0226, , [61b41e1603882a0c79c1942ef014926e]
PUP.Optional.Conduit, HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550, , [6da85fd5a2e9ef475b2e157da75d57a9]
PUP.Optional.QuickStart, HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, , [45d03ef6028995a1011a90272ada53ad]

Registrierungsdaten: 5
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567),,[d5402113e7a41026c15233448580956b]
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567),,[57be94a0206bab8be62d86f163a2d927]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[92830e26c6c5bf77651eb9bda263da26]
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567),,[67ae0d277417fb3b26eec1b6ae57b24e]
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567),,[36df90a493f844f2c74d1a5d6d98ee12]

Ordner: 13
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\cachedIcons, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\facebook, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.IEPluginService, C:\ProgramData\IePluginService, , [8392e252305be551377433e942c116ea], 
PUP.Optional.IEPluginService, C:\ProgramData\IePluginService\update, , [8392e252305be551377433e942c116ea], 
PUP.Optional.SupTab, C:\Program Files\SupTab, , [dd3820149cef1026ad824ce0e02338c8], 

Dateien: 71
PUP.Optional.ExtendedProtection, C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx, , [3cd9c2726f1c43f30dcfd1caa65e738d], 
PUP.Optional.NewTab, C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, , [cf4647ed3d4e70c6c133c8e89b69837d], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\notificationDB.sqlite, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\servicesMap.json, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\DialogsAPI.js, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\PIE.htc, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\settings.js, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\version.txt, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\AppNotification.js, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\initialNotification.html, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\main.html, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\NotificationDialogStyle.css, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\sampleNotification.html, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\close.png, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\like.png, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Next.png, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Next_hover.png, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\powered-by.png, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Prev.png, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Prev_hover.png, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\settings.png, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\Thumbs.db, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\cachedIcons\http___storage_conduit_com_50_261_CT2613550_Images_634084971246361250.png, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\facebook\menu-de-de.xml, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\facebook\settings.xml, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\Chat.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\DataStructures.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\EBEncryption.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\ExternalLibraryLoader.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\HTTP.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\IO.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\Log.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\MainSingleton.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\MD5.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\Notifications.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\ObserversAndEvents.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\Prefs.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\SearchProtector.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\SearchSuggestIO.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\String.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\TEAEncryption.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\Timer.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\Twitter.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\URL.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\Windows.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.7.0.6\XML.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\Chat.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\DataStructures.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\EBEncryption.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\ExternalLibraryLoader.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\HTTP.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\IO.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\Log.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\MainSingleton.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\MD5.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\Notifications.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\ObserversAndEvents.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\Prefs.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\SearchProtector.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\SearchSuggestIO.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\String.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\TEAEncryption.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\Timer.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\Twitter.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\URL.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\Windows.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.ConduitTB.Gen, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\conduitCommon\modules\3.8.0.8\XML.jsm, , [69ac3ff598f32a0c912135d137cc946c], 
PUP.Optional.IEPluginService, C:\ProgramData\IePluginService\update\conf, , [8392e252305be551377433e942c116ea], 
PUP.Optional.Conduit, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}");), ,[977e46eeadde6ccaa03101ae57aeb24e]
PUP.Optional.Conduit, C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=");), ,[090c59db8803dc5a686db0ffac59fd03]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

schrauber · 27.09.2015, 13:17

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Cudjo · 27.09.2015, 15:40

Code:

ATTFilter

 

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:38 on 26/09/2015 (Kuyumo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:23-09-2015
durchgeführt von Kuyumo (2015-09-26 23:44:19)
Gestartet von C:\Users\Kuyumo\Desktop\Trojaner suche
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2010-12-27 16:31:56)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3683629333-2777190142-3868084316-500 - Administrator - Disabled)
Gast (S-1-5-21-3683629333-2777190142-3868084316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3683629333-2777190142-3868084316-1015 - Limited - Enabled)
Kuyumo (S-1-5-21-3683629333-2777190142-3868084316-1000 - Administrator - Enabled) => C:\Users\Kuyumo

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AIMP3 (HKLM\...\AIMP3) (Version: v3.60.1492, 24.04.2015 - AIMP DevTeam)
Alcor Micro USB Card Reader (HKLM\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Alice MOBILE E1692 (HKLM\...\Alice MOBILE E1692) (Version: 11.002.03.49.192 - Huawei Technologies Co.,Ltd)
Applied Acoustics Systems - Lounge Lizard EP-3 v3.1.2 (HKLM\...\Lounge Lizard EP-3) (Version:  - )
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.24 - ASUS)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
ControlDeck (HKLM\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.3 - ASUS)
Copy (HKLM\...\{01418318-8619-4119-969F-A06C63DF05A8}) (Version: 3.2.0.478 - Barracuda Networks, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Dexpot (HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\Dexpot) (Version: 1.6.7 - Dexpot GbR)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
DVDx 4.0 Open Edition (HKLM\...\DVDx 4.0 Open Edition) (Version: 4.0 (Open Edition) - labDV)
ETDWare PS/2-x86 7.0.5.7_WHQL (HKLM\...\Elantech) (Version:  - )
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (HKLM\...\Firebird SQL Server D) (Version: 2.0.0.1 - MAGIX AG)
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Focusrite Scarlett Plug-in Suite 1.1 (HKLM\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.1 - Focusrite Audio Engineering Ltd.)
Focusrite USB 2.0 Audio Driver 2.3 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.3 - Focusrite Audio Engineering Limited.)
foobar2000 v1.3.7 (HKLM\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.124.715 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Free Video Dub version 2.0.21.822 (HKLM\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 4.3.3.920 (HKLM\...\Free Video to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{E5360B00-4DEF-4F6E-8ED9-B2C31875D813}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Inkscape 0.48.3.1 (HKLM\...\Inkscape) (Version: 0.48.3.1 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
LibreOffice 4.2.3.3 (HKLM\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation)
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
MAGIX Foto Manager 2007 4.1.1.75 (D) (HKLM\...\MAGIX Foto Manager 2007 D) (Version: 4.1.1.75 - MAGIX AG)
MAGIX Goya burnR 2.3.1.3 (D) (HKLM\...\MAGIX Goya burnR D) (Version: 2.3.1.3 - MAGIX AG)
MAGIX Music Manager 2007 8.1.1.108 (D) (HKLM\...\MAGIX Music Manager 2007 D) (Version: 8.1.1.108 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
MAGIX Video deluxe 2007 2008 7.0.0.26 (D) (HKLM\...\MAGIX Video deluxe 2007 2008 D) (Version: 7.0.0.26 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MediaMonkey Remote Server version 1.5.282B (HKLM\...\{DFE645FA-57F3-4EE8-8DD4-7521660D9C30}_is1) (Version: 1.5.282B - Erlend Dahl)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{E5AB3F65-7FAC-41C6-B176-7599D2404BB2}) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 11.0 (x86 de) (HKLM\...\Mozilla Thunderbird 11.0 (x86 de)) (Version: 11.0 - Mozilla)
Mp3tag v2.65a (HKLM\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.1.0 - Panda Security)
Panda Free Antivirus (Version: 7.82.00.0000 - Panda Security) Hidden
Pd-0.43.4-extended (HKLM\...\pd_is1) (Version:  - puredata.info)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 Asian Fonts Pack (HKLM\...\{D06CFA0D-6DF0-435F-8789-70F708C02942}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 Convert Module (HKLM\...\{74A43682-C44A-42F2-B161-2C7C359745A0}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 Create Module (HKLM\...\{03EC56DE-6424-43D7-A020-1EEE3E8159DE}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 Edit Module (HKLM\...\{8528EEBC-9EBE-44A7-9DFB-EE401BA916C7}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 Forms Module (HKLM\...\{0BC399ED-8482-413D-B77F-DE105FF6FB8D}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 Insert Module (HKLM\...\{877454F9-FD7F-49A4-A8BB-4519F6899ABA}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 OCR Module (Version: 2.0.17.17583 - pdfforge GmbH) Hidden
PDF Architect 2 Review Module (HKLM\...\{BA69CEF3-309F-43ED-80C8-512A16620897}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 Secure Module (HKLM\...\{6141DFFC-17B5-4B20-B9F2-B7675F29E057}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
PhonerLite 1.95 (HKLM\...\PhonerLite_is1) (Version: 1.95 - sipgate GmbH)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Pidgin (HKLM\...\Pidgin) (Version: 2.7.9 - )
Pinguin Audio Meter v2.2 (HKLM\...\Pinguin Audio Meter v2.2) (Version:  - )
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
RawTherapee Version 4.1 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.1 - rawtherapee.com)
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Scribus 1.4.4 (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
SketchUp 8 (HKLM\...\{B8F4A45C-581C-4707-8EF2-2B9E6722270C}) (Version: 3.0.16944 - Trimble Navigation Limited)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.11.201309191111 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.174 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.174 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StationRipper 2.98.5 (HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\StationRipper) (Version: 2.98.5 - Ratajik Software)
Steinberg Cubase 5 (HKLM\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg Hypersonic 2 (HKLM\...\HS2_is1) (Version:  - Steinberg Media Technologies GmbH.)
Steinberg LoopMash Content (HKLM\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Stellarium 0.11.3 (HKLM\...\Stellarium_is1) (Version:  - )
Syncrosofts Lizenz Kontrolle (HKLM\...\Syncrosoft's License Control) (Version:  - SIA Syncrosoft)
Telegram Desktop version 0.8.55 (HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.8.55 - Telegram Messenger LLP)
TeXnicCenter Version 1.0 Stable RC1 (HKLM\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoLAN Movie Creator (HKLM\...\VLMC) (Version:  - )
VirtualDJ Home FREE (HKLM\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.8 - Azureus Software, Inc.)
Waves Mercury Bundle (HKLM\...\Waves Mercury Bundle) (Version: 5.0 - Team AiR)
Waves SSL Collection v1.2 (HKLM\...\Waves SSL Collection v1.2) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (01/05/2012 2.3.128.0) (HKLM\...\0B8B34F4BB96072BB79F86A0EDC21145F80BC191) (Version: 01/05/2012 2.3.128.0 - Focusrite)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.2.9 (HKLM\...\winscp3_is1) (Version: 4.2.9 - Martin Prikryl)
XMedia Recode Version 3.2.0.2 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.2 - XMedia Recode)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yamaha USB-MIDI Driver (HKLM\...\InstallShield_{1669F2CD-E15C-4F53-A1F0-FBFC37B391D5}) (Version: 3.1.1.1 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.1.1 - Yamaha Corporation) Hidden
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Kuyumo\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Kuyumo\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Kuyumo\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Kuyumo\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Kuyumo\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Kuyumo\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kuyumo\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Kuyumo\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

26-09-2015 18:47:20 Geplanter Prüfpunkt

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {06A2ADEC-834F-49FD-BC5F-FA4D82036B56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {0FB2007F-4987-44F4-A05D-7A2CD0786646} - System32\Tasks\Dexpot\3 => C:\Program Files\Dexpot\autodex.exe [2013-05-03] (Dexpot GbR) <==== ACHTUNG
Task: {11073E34-5C2C-41A3-BEED-16213FF93CEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {12871A99-DBCC-40E0-9C43-7FDA3DECCB2F} - \P4GIntlCtrl -> Keine Datei <==== ACHTUNG
Task: {2DBF508A-1565-46FE-8328-B75DA529B628} - \{9FF32B65-B939-49A8-8B6F-1FB511D77034} -> Keine Datei <==== ACHTUNG
Task: {326F93DC-866C-4A90-8312-1A5E6969A6E1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000Core => C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {4EBDBA66-9F22-4C97-8253-F0BC23E0CF41} - \{211E640C-03BA-48B5-AADA-0D7584D3AD42} -> Keine Datei <==== ACHTUNG
Task: {5749107C-F382-43F1-BEF2-7479ECEEDFEF} - \{731989C4-575C-4B5C-84D3-A858CD9A0FDB} -> Keine Datei <==== ACHTUNG
Task: {66FDBC32-8920-4C73-A9D0-CD2E07C7CFDA} - \{F19624C5-9D58-4F54-BAD1-E90402DDD595} -> Keine Datei <==== ACHTUNG
Task: {7F5A5805-B51E-4130-914F-DE1632EF2D6A} - \{0E624EB7-9755-4A91-8B53-791C0910D843} -> Keine Datei <==== ACHTUNG
Task: {8CE742C1-8652-4D99-BE0C-183270965499} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {9472A80D-1FF4-4551-AA6E-11F7D5957E6D} - System32\Tasks\Dexpot\1 => C:\Program Files\Dexpot\autodex.exe [2013-05-03] (Dexpot GbR) <==== ACHTUNG
Task: {96826D2B-353E-4A69-B111-E07A7F2DA398} - \{7197A01F-C984-4764-B203-E0BBE9997DFA} -> Keine Datei <==== ACHTUNG
Task: {9A10E978-57AF-4201-BD5E-AA9098049172} - \{D2E4F7BD-2F0A-41E0-8FD8-C47F3B4FCC86} -> Keine Datei <==== ACHTUNG
Task: {9A6A5C05-F690-4463-B9BD-B3CCC19E16AE} - \{8C3DBA8B-09E7-4E71-A4FC-78D09DBEEA74} -> Keine Datei <==== ACHTUNG
Task: {AB3823B7-7F50-475E-BA1D-9FFB8ABC3E8C} - \CreateChoiceProcessTask -> Keine Datei <==== ACHTUNG
Task: {B7F9E5BA-5182-454C-9B3E-E4C73425E4C6} - \ASUS P4G -> Keine Datei <==== ACHTUNG
Task: {C033BE67-F5C1-43CA-B9D4-0B1F67273144} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {C932FAF9-1AE1-4C44-9BB7-94085F9E5DA2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {D1E8EE0E-8643-4DC4-AC46-1C5A197126B5} - \{622AFCE5-0CD9-4FE8-9F1B-7D156CC48D3E} -> Keine Datei <==== ACHTUNG
Task: {E8B50414-9657-40A4-B88B-55DFBD8CE828} - \ASUSControlDeck -> Keine Datei <==== ACHTUNG
Task: {EB072184-629E-4FEC-95C6-AAD0B3CE1423} - \{EAB7CE3C-6D9D-423E-993F-B3FE214F05AD} -> Keine Datei <==== ACHTUNG
Task: {F571AA95-976E-4AFD-BE53-7531FFAB4B06} - \{DA355A7F-7E83-4335-8EA3-7721D0245F61} -> Keine Datei <==== ACHTUNG
Task: {FF5CBE05-29C1-422D-92C7-BF7CF8A15858} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000UA => C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000Core.job => C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000UA.job => C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2010-12-27 19:04 - 2007-08-08 01:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2012-09-25 18:02 - 2015-08-18 01:28 - 00106800 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2012-11-29 23:59 - 2012-11-29 23:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-12-27 20:50 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2015-06-30 19:36 - 2015-06-24 13:37 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2015-09-26 14:59 - 2015-09-26 14:59 - 00098816 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32api.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00110080 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\pywintypes27.dll
2015-09-26 14:59 - 2015-09-26 14:59 - 00364544 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\pythoncom27.dll
2015-09-26 14:59 - 2015-09-26 14:59 - 00045568 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\_socket.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 01161216 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\_ssl.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00320512 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32com.shell.shell.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00713216 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\_hashlib.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 01176576 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\wx._core_.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00806400 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\wx._gdi_.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00816128 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\wx._windows_.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 01067008 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\wx._controls_.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00733184 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\wx._misc_.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00682496 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\pysqlite2._sqlite.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00087552 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\_ctypes.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00119808 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32file.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00108544 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32security.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00007168 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\hashobjs_ext.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00068096 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\usb_ext.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00167936 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32gui.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00018432 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32event.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00128512 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\_elementtree.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00127488 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\pyexpat.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00013824 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\common.time34.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00036864 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\_psutil_windows.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00038912 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32inet.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00011264 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32crypt.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00077312 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\wx._html2.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00027136 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\_multiprocessing.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00020480 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\_yappi.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00035840 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32process.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00686080 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\unicodedata.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00123392 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\wx._wizard.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00024064 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32pipe.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00010240 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\select.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00025600 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32pdh.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00525640 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\windows._lib_cacheinvalidation.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00017408 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32profile.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00022528 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\win32ts.pyd
2015-09-26 14:59 - 2015-09-26 14:59 - 00078848 _____ () C:\Users\Kuyumo\AppData\Local\Temp\_MEI59522\wx._animate.pyd
2015-09-21 21:00 - 2015-09-19 00:13 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.99\libglesv2.dll
2015-09-21 21:00 - 2015-09-19 00:13 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.99\libegl.dll
2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Kuyumo\Desktop\NC_2015_WEB_Visionssuche.pdf:com.dropbox.attributes

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CVPND => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: PDF Architect 2 => 3
MSCONFIG\Services: PDF Architect 2 Creator => 2
MSCONFIG\Services: pdfforge CrashHandler => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UPnPService => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: winzipersvc => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: Wpm => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kuyumo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Kuyumo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmIcoSinglun => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Copy => "C:\Users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: StereoLinksInstall => "C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Video_deluxe_2007_2008\TrayServer.exe

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{B090CAF8-8FCA-4DEA-85EE-0F1AA969A09A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{ABAC6F4D-A7A0-47A9-A45D-78972B08AC53}C:\program files\phonerlite\phonerlite.exe] => (Allow) C:\program files\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{83B74767-32D9-43AD-8701-D0054D70C972}C:\program files\phonerlite\phonerlite.exe] => (Allow) C:\program files\phonerlite\phonerlite.exe
FirewallRules: [TCP Query User{45F562FA-086D-4FF6-B107-38C1763EE2CA}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{0689C11A-D911-4FC1-A773-94D93DF49ABD}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{424780C0-E364-4009-BD27-4F08AC830F0C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F8C5FC46-AE1D-4426-8A5F-8988BEB6F9E9}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{7AEDD441-DE03-4EE3-B91E-149B9D95B555}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1DB91E81-9748-4A42-931C-E14AB0BF4FF0}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{CFA565C5-182B-4DC1-94B5-F26480ACCF66}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{189226CB-0673-487A-9F91-AFA841A1719C}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{2635A629-84D3-4989-A4B8-1B869CDB1E5E}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{3EAA45E4-6155-4BDA-A48B-0518CA04F5B1}C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FAFDA98A-577A-4DA2-8DFE-7CFA9136B8E0}C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{68683327-CB50-4233-896F-814491CAFF81}C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{23A1C165-F5B5-4589-ADDA-C89D5A9B7F23}C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{1A5A4602-7660-4B9D-9405-7D43C26FBB43}C:\program files\mediamonkey remote server\mediamonkey remote server.exe] => (Allow) C:\program files\mediamonkey remote server\mediamonkey remote server.exe
FirewallRules: [UDP Query User{9EC6ADCF-A3BB-4529-AFA4-FF8F3D5C28D4}C:\program files\mediamonkey remote server\mediamonkey remote server.exe] => (Allow) C:\program files\mediamonkey remote server\mediamonkey remote server.exe
FirewallRules: [TCP Query User{1C19014A-D5EE-4548-9711-1B7EF48948E5}C:\program files\mediamonkey remote server\mediamonkey remote server.exe] => (Block) C:\program files\mediamonkey remote server\mediamonkey remote server.exe
FirewallRules: [UDP Query User{25274D2F-9364-4318-BC76-5289AB0289EF}C:\program files\mediamonkey remote server\mediamonkey remote server.exe] => (Block) C:\program files\mediamonkey remote server\mediamonkey remote server.exe
FirewallRules: [TCP Query User{D0E59A5C-02A1-48F6-8992-F152FC6CCD21}C:\program files\pd\bin\pd.exe] => (Allow) C:\program files\pd\bin\pd.exe
FirewallRules: [UDP Query User{A4696A0F-45A2-45D4-BB9C-FD6DB6F0B3A5}C:\program files\pd\bin\pd.exe] => (Allow) C:\program files\pd\bin\pd.exe
FirewallRules: [TCP Query User{892098FE-2EE1-4F76-AEE7-FF20FAFC6937}C:\program files\pd\bin\pd.com] => (Allow) C:\program files\pd\bin\pd.com
FirewallRules: [UDP Query User{CE639E23-A772-4FBA-AA18-8828907FA28E}C:\program files\pd\bin\pd.com] => (Allow) C:\program files\pd\bin\pd.com
FirewallRules: [{73C4D5FB-A313-431B-A667-4E9B25F2C8B9}] => (Allow) C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{93F51D34-7C28-4E99-9B2B-63766D7C6C90}] => (Allow) C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [TCP Query User{66D00285-16A5-4CD0-9155-E09F0ABA2C39}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{C109FE68-B29D-4B52-A131-E209010A68A6}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [TCP Query User{007E2909-95DA-43B8-8332-45CBB1D78FC4}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{2361F8C1-0E35-4053-9A95-C440A28ED518}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{3A579B08-5B8C-4139-A182-12FE41A0E600}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{B6B2CE5E-1AD3-4320-BE60-A8529E20BB09}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{EAC6D196-C72B-442F-8F9A-ED8B0EA7031B}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{AC0B5579-8618-4A33-8336-B871E7220B2F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{3B9498D5-B17D-412B-A444-70D2107A34E1}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{38E879C4-A79B-4E04-A8D4-1CC09508D2A1}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{18A2C598-AC38-4C33-B93D-F8898E592DFF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B5F015E9-8E8B-4C1E-9FF3-D2F91DB66974}] => (Allow) LPort=2869
FirewallRules: [{1AC7B0E1-B9D5-4786-9784-DD67C6872E19}] => (Allow) LPort=1900
FirewallRules: [{BF7AF384-CA25-4B15-AECE-404F2CBA27C9}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{4C6AE9BC-3769-4659-B44B-0265DED542C8}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{B35E7C2C-678F-4A94-B0D8-03EC2A19D19A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{656548CC-0E73-4814-9F21-2DED0F4FA4D9}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{6B9CE1D6-D0A8-4D53-A35C-C725F99BBA9B}] => (Allow) LPort=0
FirewallRules: [{816B73F9-70CC-4E5C-8CD1-236D2D497484}] => (Allow) LPort=2869
FirewallRules: [{5B5896D0-E1E7-4114-B6B6-74DEF8A75AC2}] => (Allow) LPort=1900
FirewallRules: [{15B80C39-89A7-445D-AA9C-0A2C6FC95D12}] => (Allow) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
FirewallRules: [{0FAAC6FE-6409-47C0-82DC-2F682745D968}] => (Allow) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
FirewallRules: [{099D512D-CF2C-4066-A667-2F383A8EB430}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{50394B04-5E77-4E9E-BED8-3328984BD45B}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6A0723B-D21A-4847-8488-DB85A912B1CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0A2C3BC3-DAC2-4DE0-89EE-AF5B893A305A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FE938D7E-8CE6-4FCD-8997-64E63FDF6B71}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A73196DF-EB59-406A-A80D-1593DA261514}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A532923-15B1-4E5E-8383-6B1EA91463C3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1B85D31E-2C24-4E42-977F-55FE5910E5B8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A57693C9-4AE0-4B42-88D3-4828641F1A23}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{7C4AEBB2-8CB0-4258-89B1-A4C707AAE484}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{C6EC5B49-FFFA-48A3-A531-7C8831E01427}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{B17870B0-2349-43AA-8EA1-E8A491EC35CB}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{359EC9A5-9B1E-45EB-A412-32C6113D8747}C:\users\kuyumo\appdata\roaming\copy\copyagent.exe] => (Allow) C:\users\kuyumo\appdata\roaming\copy\copyagent.exe
FirewallRules: [UDP Query User{65CD120C-33FB-4F8B-8124-746C7DFC9013}C:\users\kuyumo\appdata\roaming\copy\copyagent.exe] => (Allow) C:\users\kuyumo\appdata\roaming\copy\copyagent.exe
FirewallRules: [{54B84641-7700-404E-A7C2-136D53F117B9}] => (Allow) C:\Users\Kuyumo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{55138CB8-4DA2-404D-AB6B-9CB1D9A4B4E4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: KSecDD
Description: KSecDD
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/25/2015 08:44:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_StiSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba34
Ausnahmecode: 0x40000015
Fehleroffset: 0x0003c329
ID des fehlerhaften Prozesses: 0x980
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_StiSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_StiSvc1
Pfad des fehlerhaften Moduls: svchost.exe_StiSvc2
Berichtskennung: svchost.exe_StiSvc3

Error: (09/24/2015 10:17:09 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvStreamUserAgent restarted too many times in a short period. Aborting. [0]).

Error: (09/24/2015 07:00:21 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvStreamUserAgent restarted too many times in a short period. Aborting. [0]).

Error: (09/24/2015 12:45:03 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvStreamUserAgent restarted too many times in a short period. Aborting. [0]).

Error: (09/19/2015 10:26:31 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvStreamUserAgent restarted too many times in a short period. Aborting. [0]).

Error: (09/17/2015 11:42:10 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvStreamUserAgent restarted too many times in a short period. Aborting. [0]).

Error: (09/16/2015 10:54:34 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvStreamUserAgent restarted too many times in a short period. Aborting. [0]).

Error: (09/12/2015 09:03:14 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3683629333-2777190142-3868084316-1000}/">.

Error: (09/12/2015 08:58:48 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Runtime.Serialization.Formatters.Soap, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x800706be

Error: (09/12/2015 08:58:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.18408, Zeitstempel: 0x52310992
Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.18444, Zeitstempel: 0x5348961e
Ausnahmecode: 0x80131506
Fehleroffset: 0x002db2d2
ID des fehlerhaften Prozesses: 0xaac
Startzeit der fehlerhaften Anwendung: 0xmscorsvw.exe0
Pfad der fehlerhaften Anwendung: mscorsvw.exe1
Pfad des fehlerhaften Moduls: mscorsvw.exe2
Berichtskennung: mscorsvw.exe3


Systemfehler:
=============
Error: (09/26/2015 03:00:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/26/2015 02:59:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/25/2015 12:57:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/25/2015 12:57:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/25/2015 11:46:21 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/25/2015 11:46:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/25/2015 11:46:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/25/2015 08:45:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/25/2015 08:44:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 08:44:22 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5900 @ 2.20GHz
Prozentuale Nutzung des RAM: 69%
Installierter physikalischer RAM: 3071.27 MB
Verfügbarer physikalischer RAM: 923.04 MB
Summe virtueller Speicher: 6140.85 MB
Verfügbarer virtueller Speicher: 3503.63 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:128.06 GB) (Free:7.98 GB) NTFS
Drive d: (DATA) (Fixed) (Total:104.73 GB) (Free:14.58 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 97646C29)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=128.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104.7 GB) - (Type=OF Extended)

==================== Ende vom Addition.txt ============================

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.09.2015 13:15:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kuyumo\Desktop\Download
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18015)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,71% Memory free
6,00 Gb Paging File | 4,40 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 128,06 Gb Total Space | 8,83 Gb Free Space | 6,90% Space Free | Partition Type: NTFS
Drive D: | 104,73 Gb Total Space | 14,58 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
Drive G: | 119,31 Gb Total Space | 1,14 Gb Free Space | 0,95% Space Free | Partition Type: exFAT
 
Computer Name: KUYUMO-PC | User Name: Kuyumo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099D512D-CF2C-4066-A667-2F383A8EB430}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{0A2C3BC3-DAC2-4DE0-89EE-AF5B893A305A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | 
"{1409487D-0F2D-467C-A331-92AD9199E468}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1AC7B0E1-B9D5-4786-9784-DD67C6872E19}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1EFFE44C-A2D1-4C9C-83FA-6B255876BB57}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2BC0F4AC-95BE-4B26-BCA6-989AE0BDE310}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3B69C59E-386D-43B8-B54A-42F5CF7D2FFB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{44A2C8C3-1803-4CD4-8789-A523F89C7C97}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{50394B04-5E77-4E9E-BED8-3328984BD45B}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{55138CB8-4DA2-404D-AB6B-9CB1D9A4B4E4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{5712CCD0-1DF1-4E0D-84CA-91940D8E8853}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B5896D0-E1E7-4114-B6B6-74DEF8A75AC2}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{6B9CE1D6-D0A8-4D53-A35C-C725F99BBA9B}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{75F69471-BFBC-41E1-BC75-B1DF41EC91E1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7AEDD441-DE03-4EE3-B91E-149B9D95B555}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{816B73F9-70CC-4E5C-8CD1-236D2D497484}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{8389D641-14C3-4430-A471-6D84D46B5D0C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8973A487-9E9C-430E-B081-C14077A0878C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A202488-E740-4E0B-9CB6-F50E64A00A64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A73196DF-EB59-406A-A80D-1593DA261514}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{AA65F017-D35A-4FB1-A1F6-07F36CF3A884}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAF1CDE1-4CD9-446E-B8A5-E028AF35BD88}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B053F71B-B9CF-4A4D-8EAB-2E59D3E922F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B5F015E9-8E8B-4C1E-9FF3-D2F91DB66974}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B7C7E3EC-3933-4EFE-9E58-94574EE218CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7D6EA98-870A-4ACA-8D1E-46EEC1ABF887}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C5FFF0E0-75E1-46FD-B06B-41609AAAEC5B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C6A0723B-D21A-4847-8488-DB85A912B1CB}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | 
"{C783DA3A-F69D-4D97-A26B-D015C365C643}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C8C90436-8DCB-49EE-9AB8-1B329FD28B68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D51927AC-BF8C-4E29-B392-64F31352A211}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E64F2A36-6D89-4C22-B889-8CFEB8FE6DF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E79BF44B-FED5-417C-B41D-EED4F0AB2F9F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB5300B3-20D8-4F25-BB11-911ADCEDF45A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EBC9A3D8-00F7-4332-8725-F503E077BE54}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FBA2FB0E-E8CC-48E2-8A26-7D60B0070C36}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FE938D7E-8CE6-4FCD-8997-64E63FDF6B71}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00938E5A-F5E0-4CAC-B536-9D354638A3F0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{02F0B334-791B-45EE-BC6B-415DF23202AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{03F4A3AC-ADD1-40D3-A4C8-589AE6B8FCC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0FAAC6FE-6409-47C0-82DC-2F682745D968}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{15B80C39-89A7-445D-AA9C-0A2C6FC95D12}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{18A2C598-AC38-4C33-B93D-F8898E592DFF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{1B85D31E-2C24-4E42-977F-55FE5910E5B8}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{1DB91E81-9748-4A42-931C-E14AB0BF4FF0}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{259B4B79-8E0B-45DD-8005-C31006D4031E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A532923-15B1-4E5E-8383-6B1EA91463C3}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{33076DFC-DF8F-49D3-ADEE-6AC57A22DDA8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{38E879C4-A79B-4E04-A8D4-1CC09508D2A1}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicatorcom.exe | 
"{3A579B08-5B8C-4139-A182-12FE41A0E600}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\faxapplications.exe | 
"{3B9498D5-B17D-412B-A444-70D2107A34E1}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{3FFF79CB-EFAD-446D-89AD-80A8ED4434F0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40514BD2-3409-4F95-B0E8-D58B1872D0AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B19DBBA-5CB2-472A-8FB6-02A8B49A3796}" = protocol=6 | dir=out | app=system | 
"{4C6AE9BC-3769-4659-B44B-0265DED542C8}" = protocol=17 | dir=in | app=c:\program files\lightworks\lightworks.exe | 
"{54B84641-7700-404E-A7C2-136D53F117B9}" = dir=in | app=c:\users\kuyumo\appdata\local\microsoft\onedrive\onedrive.exe | 
"{60EC0BD2-AB18-4A4F-9593-EF5E912093B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{656548CC-0E73-4814-9F21-2DED0F4FA4D9}" = protocol=17 | dir=in | app=c:\program files\lightworks\ntcardvt.exe | 
"{73C4D5FB-A313-431B-A667-4E9B25F2C8B9}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{7580CA89-8839-46BF-B947-DC527D032992}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{851EC39A-6420-4A81-B1BC-27B6771B8BFD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{871B1B04-2EE5-4A0D-B3D0-DFAD60669970}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{93F51D34-7C28-4E99-9B2B-63766D7C6C90}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{95DE7AAF-CFC3-4AA3-A629-8A194BFC9684}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9ED6F013-819B-425A-BE06-8736B40129D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AC0B5579-8618-4A33-8336-B871E7220B2F}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{B090CAF8-8FCA-4DEA-85EE-0F1AA969A09A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B35E7C2C-678F-4A94-B0D8-03EC2A19D19A}" = protocol=6 | dir=in | app=c:\program files\lightworks\ntcardvt.exe | 
"{B6B2CE5E-1AD3-4320-BE60-A8529E20BB09}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\digitalwizards.exe | 
"{B8D684E5-E5F1-4A5D-A87D-C30B4C17408E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF2E53ED-4652-473D-B146-BE1F313B70DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF7AF384-CA25-4B15-AECE-404F2CBA27C9}" = protocol=6 | dir=in | app=c:\program files\lightworks\lightworks.exe | 
"{CFA565C5-182B-4DC1-94B5-F26480ACCF66}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{D5F33409-C269-41E3-B21F-CA45A4B319E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0706025-3F71-4229-98A1-62C4F6040B44}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EAC6D196-C72B-442F-8F9A-ED8B0EA7031B}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\sendafax.exe | 
"{F2B68348-B805-4655-AE84-0959C547D3A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F392A274-9CA1-4286-A89D-5B87339C55C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{007E2909-95DA-43B8-8332-45CBB1D78FC4}C:\program files\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey (non-skinned).exe | 
"TCP Query User{189226CB-0673-487A-9F91-AFA841A1719C}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{1A5A4602-7660-4B9D-9405-7D43C26FBB43}C:\program files\mediamonkey remote server\mediamonkey remote server.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey remote server\mediamonkey remote server.exe | 
"TCP Query User{1C19014A-D5EE-4548-9711-1B7EF48948E5}C:\program files\mediamonkey remote server\mediamonkey remote server.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey remote server\mediamonkey remote server.exe | 
"TCP Query User{359EC9A5-9B1E-45EB-A412-32C6113D8747}C:\users\kuyumo\appdata\roaming\copy\copyagent.exe" = protocol=6 | dir=in | app=c:\users\kuyumo\appdata\roaming\copy\copyagent.exe | 
"TCP Query User{3EAA45E4-6155-4BDA-A48B-0518CA04F5B1}C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{424780C0-E364-4009-BD27-4F08AC830F0C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{45F562FA-086D-4FF6-B107-38C1763EE2CA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{66D00285-16A5-4CD0-9155-E09F0ABA2C39}C:\program files\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey (non-skinned).exe | 
"TCP Query User{68683327-CB50-4233-896F-814491CAFF81}C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{892098FE-2EE1-4F76-AEE7-FF20FAFC6937}C:\program files\pd\bin\pd.com" = protocol=6 | dir=in | app=c:\program files\pd\bin\pd.com | 
"TCP Query User{A57693C9-4AE0-4B42-88D3-4828641F1A23}C:\program files\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | 
"TCP Query User{ABAC6F4D-A7A0-47A9-A45D-78972B08AC53}C:\program files\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files\phonerlite\phonerlite.exe | 
"TCP Query User{C6EC5B49-FFFA-48A3-A531-7C8831E01427}C:\program files\java\jre1.8.0_40\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_40\bin\javaw.exe | 
"TCP Query User{D0E59A5C-02A1-48F6-8992-F152FC6CCD21}C:\program files\pd\bin\pd.exe" = protocol=6 | dir=in | app=c:\program files\pd\bin\pd.exe | 
"UDP Query User{0689C11A-D911-4FC1-A773-94D93DF49ABD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{2361F8C1-0E35-4053-9A95-C440A28ED518}C:\program files\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey (non-skinned).exe | 
"UDP Query User{23A1C165-F5B5-4589-ADDA-C89D5A9B7F23}C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{25274D2F-9364-4318-BC76-5289AB0289EF}C:\program files\mediamonkey remote server\mediamonkey remote server.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey remote server\mediamonkey remote server.exe | 
"UDP Query User{2635A629-84D3-4989-A4B8-1B869CDB1E5E}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{65CD120C-33FB-4F8B-8124-746C7DFC9013}C:\users\kuyumo\appdata\roaming\copy\copyagent.exe" = protocol=17 | dir=in | app=c:\users\kuyumo\appdata\roaming\copy\copyagent.exe | 
"UDP Query User{7C4AEBB2-8CB0-4258-89B1-A4C707AAE484}C:\program files\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | 
"UDP Query User{83B74767-32D9-43AD-8701-D0054D70C972}C:\program files\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files\phonerlite\phonerlite.exe | 
"UDP Query User{9EC6ADCF-A3BB-4529-AFA4-FF8F3D5C28D4}C:\program files\mediamonkey remote server\mediamonkey remote server.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey remote server\mediamonkey remote server.exe | 
"UDP Query User{A4696A0F-45A2-45D4-BB9C-FD6DB6F0B3A5}C:\program files\pd\bin\pd.exe" = protocol=17 | dir=in | app=c:\program files\pd\bin\pd.exe | 
"UDP Query User{B17870B0-2349-43AA-8EA1-E8A491EC35CB}C:\program files\java\jre1.8.0_40\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_40\bin\javaw.exe | 
"UDP Query User{C109FE68-B29D-4B52-A131-E209010A68A6}C:\program files\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey (non-skinned).exe | 
"UDP Query User{CE639E23-A772-4FBA-AA18-8828907FA28E}C:\program files\pd\bin\pd.com" = protocol=17 | dir=in | app=c:\program files\pd\bin\pd.com | 
"UDP Query User{F8C5FC46-AE1D-4426-8A5F-8988BEB6F9E9}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{FAFDA98A-577A-4DA2-8DFE-7CFA9136B8E0}C:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kuyumo\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{01418318-8619-4119-969F-A06C63DF05A8}" = Copy
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03EC56DE-6424-43D7-A020-1EEE3E8159DE}" = PDF Architect 2 Create Module
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 8.1.1
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BC399ED-8482-413D-B77F-DE105FF6FB8D}" = PDF Architect 2 Forms Module
"{128459AB-59A7-430A-8BD0-3D8803D50400}_is1" = RawTherapee Version 4.1
"{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}" = Google Drive
"{1669F2CD-E15C-4F53-A1F0-FBFC37B391D5}" = Yamaha USB-MIDI Driver
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1EE0474C-85C7-433F-BBCA-7C4570686F95}" = Panda Free Antivirus
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.2
"{26A24AE4-039D-4CA4-87B4-2F83218040F0}" = Java 8 Update 40
"{27642EF6-3F88-403B-81AE-8A721A821D8B}" = Microsoft Expression Encoder 4
"{38057B80-AA2C-3359-A048-FC6A5F972997}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{3C98F340-D42C-4D75-8C96-5CC1E24F5599}" = PDF Architect 2 OCR Module
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{4117DF3C-6677-4A22-90B7-FF06923417E9}" = LibreOffice 4.2.3.3
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{41BF4A3B-D60A-4E92-883F-C88C8C157261}" = Fotogalerie
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6141DFFC-17B5-4B20-B9F2-B7675F29E057}" = PDF Architect 2 Secure Module
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66233218-CA57-4AB2-BA43-A97AA4635960}" = Windows Live Essentials
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70C91B91-61E8-4D06-86D6-A9DCC291983A}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A43682-C44A-42F2-B161-2C7C359745A0}" = PDF Architect 2 Convert Module
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8528EEBC-9EBE-44A7-9DFB-EE401BA916C7}" = PDF Architect 2 Edit Module
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{877454F9-FD7F-49A4-A8BB-4519F6899ABA}" = PDF Architect 2 Insert Module
"{87DABDEA-47A4-4182-AA7C-2C90DAAE3117}" = Photo Common
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}" = Panda Devices Agent
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.4.5.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.4.5.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.4.5.57
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.28
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8F4A45C-581C-4707-8EF2-2B9E6722270C}" = SketchUp 8
"{BA69CEF3-309F-43ED-80C8-512A16620897}" = PDF Architect 2 Review Module
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C960FF38-431D-429D-AD1F-FBD12A45B7C5}" = PDF Architect 2 View Module
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D06CFA0D-6DF0-435F-8789-70F708C02942}" = PDF Architect 2 Asian Fonts Pack
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1" = Focusrite Scarlett Plug-in Suite 1.1
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.2.0.2
"{DFE645FA-57F3-4EE8-8DD4-7521660D9C30}_is1" = MediaMonkey Remote Server version 1.5.282B
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5360B00-4DEF-4F6E-8ED9-B2C31875D813}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{E5AB3F65-7FAC-41C6-B176-7599D2404BB2}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.174
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{FC071B45-4A5F-408F-92F8-4D9D693E866F}" = Windows Live UX Platform Language Pack
"0B8B34F4BB96072BB79F86A0EDC21145F80BC191" = Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (01/05/2012 2.3.128.0)
"5513-1208-7298-9440" = JDownloader 0.9
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 19 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 19 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIMP3" = AIMP3
"Alice MOBILE E1692" = Alice MOBILE E1692
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.6
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"Elantech" = ETDWare PS/2-x86 7.0.5.7_WHQL
"Encoder_4.0.4276.0" = Microsoft Expression Encoder 4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.6.0.2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FLV Player" = FLV Player 2.0 (build 25)
"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.3
"foobar2000" = foobar2000 v1.3.7
"Foxit Reader_is1" = Foxit Reader
"Free Video Dub_is1" = Free Video Dub version 2.0.21.822
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.920
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.54.128
"GIMP-2_is1" = GIMP 2.8.10
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HS2_is1" = Steinberg Hypersonic 2
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{1669F2CD-E15C-4F53-A1F0-FBFC37B391D5}" = Yamaha USB-MIDI Driver
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"IrfanView" = IrfanView (remove only)
"Lounge Lizard EP-3" = Applied Acoustics Systems - Lounge Lizard EP-3 v3.1.2
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.1.1.75 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.1.1.108 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Video deluxe 2007 2008 D" = MAGIX Video deluxe 2007 2008 7.0.0.26 (D)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.1.8.1057
"MediaMonkey_is1" = MediaMonkey 4.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 40.0.3 (x86 de)" = Mozilla Firefox 40.0.3 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.65a
"NVIDIA Drivers" = NVIDIA Drivers
"Panda Devices Agent" = Panda Devices Agent
"Panda Universal Agent Endpoint" = Panda Free Antivirus
"pd_is1" = Pd-0.43.4-extended
"PDF Architect 2" = PDF Architect 2
"PhonerLite_is1" = PhonerLite 1.95
"PhotoScape" = PhotoScape
"Pidgin" = Pidgin
"Pinguin Audio Meter v2.2" = Pinguin Audio Meter v2.2
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Scribus 1.4.4" = Scribus 1.4.4
"Stellarium_is1" = Stellarium 0.11.3
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player
"VLMC" = VideoLAN Movie Creator
"Waves Mercury Bundle" = Waves Mercury Bundle
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1" = Telegram Desktop version 0.8.55
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"OneDriveSetup.exe" = Microsoft OneDrive
"StationRipper" = StationRipper 2.98.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2015 02:58:42 | Computer Name = Kuyumo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.18408,
 Zeitstempel: 0x52310992  Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.18444,
 Zeitstempel: 0x5348961e  Ausnahmecode: 0x80131506  Fehleroffset: 0x002db2d2  ID des fehlerhaften
 Prozesses: 0xaac  Startzeit der fehlerhaften Anwendung: 0x01d0ed28720a9010  Pfad der
 fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll  Berichtskennung:
 b333be90-591b-11e5-b0db-0026188f9080
 
Error - 12.09.2015 02:58:48 | Computer Name = Kuyumo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 12.09.2015 03:03:14 | Computer Name = Kuyumo-PC | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 16.09.2015 16:54:34 | Computer Name = Kuyumo-PC | Source = NvStreamSvc | ID = 133073
Description = An error has occurred (NvStreamUserAgent restarted too many times 
in a short period. Aborting. [0]).
 
Error - 17.09.2015 17:42:10 | Computer Name = Kuyumo-PC | Source = NvStreamSvc | ID = 133073
Description = An error has occurred (NvStreamUserAgent restarted too many times 
in a short period. Aborting. [0]).
 
Error - 19.09.2015 16:26:31 | Computer Name = Kuyumo-PC | Source = NvStreamSvc | ID = 133073
Description = An error has occurred (NvStreamUserAgent restarted too many times 
in a short period. Aborting. [0]).
 
Error - 23.09.2015 18:45:03 | Computer Name = Kuyumo-PC | Source = NvStreamSvc | ID = 133073
Description = An error has occurred (NvStreamUserAgent restarted too many times 
in a short period. Aborting. [0]).
 
Error - 24.09.2015 13:00:21 | Computer Name = Kuyumo-PC | Source = NvStreamSvc | ID = 133073
Description = An error has occurred (NvStreamUserAgent restarted too many times 
in a short period. Aborting. [0]).
 
Error - 24.09.2015 16:17:09 | Computer Name = Kuyumo-PC | Source = NvStreamSvc | ID = 133073
Description = An error has occurred (NvStreamUserAgent restarted too many times 
in a short period. Aborting. [0]).
 
Error - 25.09.2015 02:44:30 | Computer Name = Kuyumo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_StiSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba34  Ausnahmecode: 0x40000015  Fehleroffset: 0x0003c329  ID des fehlerhaften
 Prozesses: 0x980  Startzeit der fehlerhaften Anwendung: 0x01d0f75d951f1dc0  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 c:\windows\system32\wiaservc.dll  Berichtskennung: def79080-6350-11e5-95cc-0026188f9080
 
[ OSession Events ]
Error - 30.09.2011 08:55:36 | Computer Name = Kuyumo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11990
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 06.05.2013 06:19:54 | Computer Name = Kuyumo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1014
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 06.05.2013 06:54:38 | Computer Name = Kuyumo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1963
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 26.07.2013 06:38:55 | Computer Name = Kuyumo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7551
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 01.09.2013 15:32:36 | Computer Name = Kuyumo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19392
 seconds with 8700 seconds of active time.  This session ended with a crash.
 
Error - 03.11.2013 09:54:10 | Computer Name = Kuyumo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8145
 seconds with 5040 seconds of active time.  This session ended with a crash.
 
Error - 03.11.2013 13:05:34 | Computer Name = Kuyumo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9788
 seconds with 6540 seconds of active time.  This session ended with a crash.
 
Error - 27.07.2014 08:15:11 | Computer Name = Kuyumo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10795
 seconds with 1860 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.09.2015 13:04:15 | Computer Name = Kuyumo-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 24.09.2015 16:17:36 | Computer Name = Kuyumo-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 25.09.2015 02:44:22 | Computer Name = Kuyumo-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 25.09.2015 02:44:37 | Computer Name = Kuyumo-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 25.09.2015 02:45:12 | Computer Name = Kuyumo-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.09.2015 05:46:20 | Computer Name = Kuyumo-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 25.09.2015 05:46:20 | Computer Name = Kuyumo-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 25.09.2015 05:46:21 | Computer Name = Kuyumo-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 25.09.2015 06:57:06 | Computer Name = Kuyumo-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 25.09.2015 06:57:56 | Computer Name = Kuyumo-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

--- --- ---

[/CODE]

Cudjo · 27.09.2015, 15:42

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.09.2015 13:15:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kuyumo\Desktop\Download
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18015)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,71% Memory free
6,00 Gb Paging File | 4,40 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 128,06 Gb Total Space | 8,83 Gb Free Space | 6,90% Space Free | Partition Type: NTFS
Drive D: | 104,73 Gb Total Space | 14,58 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
Drive G: | 119,31 Gb Total Space | 1,14 Gb Free Space | 0,95% Space Free | Partition Type: exFAT
 
Computer Name: KUYUMO-PC | User Name: Kuyumo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015.09.24 12:22:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kuyumo\Desktop\Download\OTL.exe
PRC - [2015.09.17 11:44:48 | 000,245,576 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.28.15\GoogleCrashHandler.exe
PRC - [2015.09.13 11:44:41 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2015.08.18 01:28:51 | 000,938,160 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2015.08.18 01:28:50 | 001,817,776 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2015.07.29 09:23:18 | 022,344,224 | ---- | M] (Google) -- C:\Programme\Google\Drive\googledrivesync.exe
PRC - [2015.07.16 16:28:02 | 000,244,392 | ---- | M] (Foxit Software Inc.) -- C:\Programme\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2015.06.24 13:37:29 | 002,754,704 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015.06.24 13:37:26 | 020,694,160 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2015.06.24 13:37:26 | 005,989,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
PRC - [2015.06.24 13:37:26 | 001,868,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015.06.24 13:37:26 | 000,919,184 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
PRC - [2015.05.09 05:12:59 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2015.05.07 23:21:06 | 000,406,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe
PRC - [2015.04.18 18:53:17 | 000,078,032 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2015.02.27 01:35:55 | 000,040,184 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Security Protection\PSUAMain.exe
PRC - [2015.02.27 01:35:55 | 000,038,136 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Security Protection\PSUAService.exe
PRC - [2015.02.27 01:04:25 | 000,142,584 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Security Protection\PSANHost.exe
PRC - [2014.10.09 15:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Devices Agent\AgentSvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.12 15:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.07.30 19:44:10 | 000,497,024 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Programme\Elantech\ETDCtrl.exe
PRC - [2009.06.19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008.12.22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\WDC.exe
PRC - [2007.08.08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Programme\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015.09.25 12:57:45 | 000,123,392 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\wx._wizard.pyd
MOD - [2015.09.25 12:57:44 | 001,176,576 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\wx._core_.pyd
MOD - [2015.09.25 12:57:44 | 001,067,008 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\wx._controls_.pyd
MOD - [2015.09.25 12:57:44 | 000,816,128 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\wx._windows_.pyd
MOD - [2015.09.25 12:57:44 | 000,806,400 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\wx._gdi_.pyd
MOD - [2015.09.25 12:57:44 | 000,733,184 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\wx._misc_.pyd
MOD - [2015.09.25 12:57:44 | 000,525,640 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\windows._lib_cacheinvalidation.pyd
MOD - [2015.09.25 12:57:44 | 000,320,512 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32com.shell.shell.pyd
MOD - [2015.09.25 12:57:44 | 000,167,936 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32gui.pyd
MOD - [2015.09.25 12:57:44 | 000,119,808 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32file.pyd
MOD - [2015.09.25 12:57:44 | 000,108,544 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32security.pyd
MOD - [2015.09.25 12:57:44 | 000,098,816 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32api.pyd
MOD - [2015.09.25 12:57:44 | 000,078,848 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\wx._animate.pyd
MOD - [2015.09.25 12:57:44 | 000,077,312 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\wx._html2.pyd
MOD - [2015.09.25 12:57:44 | 000,038,912 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32inet.pyd
MOD - [2015.09.25 12:57:44 | 000,035,840 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32process.pyd
MOD - [2015.09.25 12:57:44 | 000,025,600 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32pdh.pyd
MOD - [2015.09.25 12:57:44 | 000,024,064 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32pipe.pyd
MOD - [2015.09.25 12:57:44 | 000,022,528 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32ts.pyd
MOD - [2015.09.25 12:57:44 | 000,018,432 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32event.pyd
MOD - [2015.09.25 12:57:44 | 000,017,408 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32profile.pyd
MOD - [2015.09.25 12:57:44 | 000,011,264 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\win32crypt.pyd
MOD - [2015.09.25 12:57:43 | 000,686,080 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\unicodedata.pyd
MOD - [2015.09.25 12:57:43 | 000,682,496 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\pysqlite2._sqlite.pyd
MOD - [2015.09.25 12:57:43 | 000,364,544 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\pythoncom27.dll
MOD - [2015.09.25 12:57:43 | 000,127,488 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\pyexpat.pyd
MOD - [2015.09.25 12:57:43 | 000,068,096 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\usb_ext.pyd
MOD - [2015.09.25 12:57:43 | 000,010,240 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\select.pyd
MOD - [2015.09.25 12:57:42 | 001,161,216 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\_ssl.pyd
MOD - [2015.09.25 12:57:42 | 000,713,216 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\_hashlib.pyd
MOD - [2015.09.25 12:57:42 | 000,128,512 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\_elementtree.pyd
MOD - [2015.09.25 12:57:42 | 000,110,080 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\pywintypes27.dll
MOD - [2015.09.25 12:57:42 | 000,087,552 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\_ctypes.pyd
MOD - [2015.09.25 12:57:42 | 000,045,568 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\_socket.pyd
MOD - [2015.09.25 12:57:42 | 000,036,864 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\_psutil_windows.pyd
MOD - [2015.09.25 12:57:42 | 000,027,136 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\_multiprocessing.pyd
MOD - [2015.09.25 12:57:42 | 000,020,480 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\_yappi.pyd
MOD - [2015.09.25 12:57:42 | 000,013,824 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\common.time34.pyd
MOD - [2015.09.25 12:57:42 | 000,007,168 | ---- | M] () -- C:\Users\Kuyumo\AppData\Local\Temp\_MEI50042\hashobjs_ext.pyd
MOD - [2015.06.24 13:37:29 | 000,011,920 | ---- | M] () -- C:\Programme\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2015.09.22 21:14:29 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.09.13 11:44:37 | 000,149,160 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.08.15 07:29:42 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015.07.22 19:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015.07.16 16:28:02 | 000,244,392 | ---- | M] (Foxit Software Inc.) [Auto | Running] -- C:\Programme\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2015.06.24 13:37:26 | 020,694,160 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2015.06.24 13:37:26 | 001,868,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015.06.24 13:37:26 | 000,919,184 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2015.06.18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService)
SRV - [2015.06.11 04:02:42 | 000,150,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2015.04.18 18:53:17 | 000,078,032 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2015.02.27 01:35:55 | 000,038,136 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Security Protection\PSUAService.exe -- (PSUAService)
SRV - [2015.02.27 01:04:25 | 000,142,584 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Security Protection\PSANHost.exe -- (NanoServiceMain)
SRV - [2015.01.02 20:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.10.09 15:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Devices Agent\AgentSvc.exe -- (PandaAgent)
SRV - [2014.06.26 18:25:58 | 001,771,560 | ---- | M] (pdfforge GmbH) [Disabled | Stopped] -- C:\Programme\PDF Architect 2\ws.exe -- (PDF Architect 2)
SRV - [2014.06.26 18:25:58 | 000,861,736 | ---- | M] (pdfforge GmbH) [Disabled | Stopped] -- C:\Programme\PDF Architect 2\crash-handler-ws.exe -- (pdfforge CrashHandler)
SRV - [2014.06.26 18:25:58 | 000,738,856 | ---- | M] (pdfforge GmbH) [Disabled | Stopped] -- C:\Programme\PDF Architect 2\creator-ws.exe -- (PDF Architect 2 Creator)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.02.04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.07.17 15:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.11 15:30:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.08.08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\L6UX2.sys -- (L6UX2)
DRV - [2015.08.18 10:47:15 | 010,704,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2015.06.24 13:37:26 | 000,018,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2015.06.18 08:41:54 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015.06.18 08:41:36 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015.06.11 19:15:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2015.05.19 05:29:01 | 000,041,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2015.02.25 21:03:01 | 000,124,688 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2015.02.25 21:03:01 | 000,100,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINReg.sys -- (PSINReg)
DRV - [2015.02.25 21:03:00 | 000,168,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2015.02.25 21:03:00 | 000,113,936 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2015.02.25 21:02:59 | 000,140,048 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2015.02.25 21:02:59 | 000,105,232 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2015.02.09 23:02:21 | 000,094,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2015.02.09 23:02:20 | 000,239,888 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2015.02.09 23:02:20 | 000,108,432 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2015.02.09 23:02:19 | 000,281,232 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2015.02.09 23:02:19 | 000,205,456 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2015.02.09 23:02:18 | 000,120,592 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2015.02.09 23:02:18 | 000,061,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2015.02.09 23:02:17 | 000,099,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2015.02.09 23:02:16 | 000,202,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2015.02.09 23:02:16 | 000,126,480 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2015.02.09 23:02:16 | 000,109,584 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV - [2015.02.09 23:02:15 | 000,086,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2015.01.29 19:21:37 | 000,050,320 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2014.12.31 13:39:12 | 000,041,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV - [2014.05.31 10:56:58 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2013.10.02 02:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013.09.30 16:26:46 | 000,015,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2013.09.30 16:26:44 | 000,010,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2012.12.26 03:28:24 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.12.26 03:28:24 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.02.05 18:06:48 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012.01.05 12:41:18 | 000,048,472 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV - [2011.11.08 09:13:02 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011.05.10 16:27:52 | 000,034,280 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ymidusbw.sys -- (YMIDUSBW)
DRV - [2010.12.27 19:00:25 | 001,766,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2010.12.27 18:59:46 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2010.12.27 18:52:08 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010.12.27 18:52:08 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2010.12.27 18:49:30 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 11:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.07.29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010.02.19 16:20:50 | 000,115,336 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioAxiom.sys -- (AXIOM)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.02.17 20:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008.12.30 11:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008.12.13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.07.24 12:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 7B 32 DE B9 6B CC 01  [binary data]
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = 
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\..\SearchScopes\{58ADF134-0921-45D6-927B-2B7BE8E16062}: "URL" = hxxp://www.ecosia.org/search.php?q={searchTerms}&service=
IE - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.36
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.3
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\PDF Architect 2: C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kuyumo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.22 18:14:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015.09.13 11:44:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.05 17:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2014.01.18 22:44:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015.09.13 11:44:17 | 000,000,000 | ---D | M]
 
[2011.09.14 15:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\Extensions
[2015.09.25 12:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\Firefox\Profiles\jjs1avai.default\extensions
[2015.06.01 22:14:01 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="foxmarks@kei.com" em:name="Xmarks" em:type="2" em:unpack="true" em:version="4.3.7.1-signed" em:creator="Todd Agulnick" em:description="Bookmark Sync and Web Discovery" em:homepageURL="hxxp://www.xmarks.com/" em:optionsURL="chrome://foxmarks/content/foxmarks-dialog.xul" em:iconURL="chrome://foxmarks/skin/images/foxmarks.ico" em:developer="LastPass">) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\Firefox\Profiles\jjs1avai.default\extensions\foxmarks@kei.com
[2015.05.31 18:33:47 | 000,151,374 | ---- | M] () (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\adblockpopups@jessehakanen.net.xpi
[2015.09.25 12:09:13 | 000,190,315 | ---- | M] () (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\extension@hidemyass.com.xpi
[2015.07.09 21:41:55 | 000,393,537 | ---- | M] () (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\stealthyextension@gmail.com.xpi
[2015.09.13 10:41:32 | 000,561,807 | ---- | M] () (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2015.05.31 18:33:49 | 000,563,024 | ---- | M] () (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2015.08.19 23:28:14 | 000,627,032 | ---- | M] () (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2015.08.04 23:06:43 | 000,054,565 | ---- | M] () (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi
[2015.09.25 12:09:14 | 000,962,762 | ---- | M] () (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015.06.01 22:12:31 | 000,085,099 | ---- | M] () (No name found) -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
[2014.01.13 21:24:22 | 000,002,146 | ---- | M] () -- C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\searchplugins\ecosia.xml
[2015.09.13 11:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2015.09.13 11:44:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2015.09.13 11:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2015.09.13 11:44:44 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.32_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.3.2_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.5_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.39.1_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.15382.999_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci\0.0.60_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme\1.0_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof\1.17_0\
CHR - Extension: No name found = C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [Copy] C:\Users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe (Barracuda Networks, Inc.)
O4 - HKU\S-1-5-18..\Run: [Copy] C:\Users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe (Barracuda Networks, Inc.)
O4 - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000..\Run: [Dropbox Update] C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
O4 - HKU\S-1-5-21-3683629333-2777190142-3868084316-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_1dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_1dn_XP] reg.exe delete "HKCU\Software\panda4_1dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_1dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_1dn_XP] reg.exe delete "HKCU\Software\panda4_1dn" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 600
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\RSLSP.dll (Ratajik Software)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab (Java Plug-in 11.40.2)
O16 - DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab (Java Plug-in 1.7.0_71)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab (Java Plug-in 11.40.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{157083F9-E1BC-43FB-9031-4D9F7C095960}: DhcpNameServer = 10.204.57.104 10.205.41.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D06B54E8-0068-4988-97D0-1FFDB3AC2F07}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2FE0A98-C1E7-4857-99A5-1D9E871E5B89}: DhcpNameServer = 10.204.57.104 10.205.41.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97E0CC5-690B-4B30-961A-9D3D96B3FBAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.09.25 12:05:51 | 000,098,520 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.09.25 12:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2015.09.25 12:05:25 | 000,094,936 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.09.25 12:05:25 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.09.25 12:05:25 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015.09.25 12:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware 
[2015.09.25 12:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.09.22 20:14:28 | 018,819,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2015.09.21 20:30:03 | 000,050,320 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2015.09.13 13:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2015.09.13 13:12:44 | 024,200,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2015.09.13 13:12:44 | 011,272,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2015.09.13 13:12:43 | 010,704,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2015.09.13 13:12:43 | 000,907,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2015.09.13 13:12:42 | 000,912,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3234181.dll
[2015.09.13 13:12:42 | 000,869,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2015.09.13 13:12:41 | 011,209,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2015.09.13 13:12:41 | 003,987,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2015.09.13 13:12:41 | 001,059,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3234181.dll
[2015.09.13 13:12:37 | 015,294,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2015.09.13 11:49:34 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2015.09.13 11:49:33 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2015.09.13 11:49:33 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2015.09.13 11:49:31 | 000,685,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015.09.13 11:49:31 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015.09.13 11:49:29 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2015.09.13 11:49:27 | 000,344,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015.09.13 11:49:26 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015.09.13 11:49:26 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015.09.13 11:49:25 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2015.09.13 11:49:24 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2015.09.13 11:49:24 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015.09.13 11:49:22 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015.09.13 11:49:21 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015.09.13 11:49:18 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015.09.13 11:49:17 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015.09.13 11:49:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015.09.13 11:49:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2015.09.13 11:49:12 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015.09.13 11:49:10 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015.09.13 11:49:06 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015.09.13 11:49:04 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2015.09.13 11:49:02 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2015.09.13 11:48:53 | 004,520,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015.09.13 11:48:50 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2015.09.13 11:48:45 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2015.09.13 11:48:45 | 000,105,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2015.09.13 11:48:32 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2015.09.13 11:48:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UtcResources.dll
[2015.09.13 11:48:18 | 003,934,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015.09.13 11:48:18 | 000,937,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagtrack.dll
[2015.09.13 11:48:16 | 003,989,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015.09.13 11:48:15 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2015.09.13 11:48:14 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2015.09.13 11:48:13 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2015.09.13 11:48:13 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2015.09.13 11:48:12 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015.09.13 11:48:11 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015.09.13 11:48:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015.09.13 11:48:09 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015.09.13 11:48:09 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015.09.13 11:48:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015.09.13 11:48:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2015.09.13 11:47:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2015.09.13 11:47:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2015.09.13 11:47:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2015.09.13 11:47:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2015.09.13 11:47:26 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015.09.13 11:47:24 | 002,384,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015.09.13 11:47:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015.09.13 11:47:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2015.09.13 11:47:23 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2015.09.13 11:47:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2015.09.13 11:47:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2015.09.13 11:47:15 | 002,953,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2015.09.13 11:47:14 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2015.09.13 11:47:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2015.09.13 11:47:14 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2015.09.13 11:47:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2015.09.13 11:47:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2015.09.13 11:47:13 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2015.09.13 11:47:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2015.09.13 11:47:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2015.09.13 11:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015.09.13 11:43:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2015.09.13 11:27:31 | 002,508,432 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Kuyumo\Desktop\procexp.exe
[2015.09.11 22:22:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015.09.04 18:29:44 | 000,000,000 | ---D | C] -- C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015.09.25 13:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.09.25 13:05:22 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.09.25 13:05:22 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.09.25 12:58:12 | 000,001,228 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000UA.job
[2015.09.25 12:57:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.09.25 12:56:55 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2015.09.25 12:56:53 | 000,078,032 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2015.09.25 12:56:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.09.25 12:56:32 | 2415,341,568 | -HS- | M] () -- C:\hiberfil.sys
[2015.09.25 12:52:45 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.09.25 12:52:20 | 000,001,386 | ---- | M] () -- C:\Users\Kuyumo\Desktop\temp.rtf - Verknüpfung.lnk
[2015.09.25 12:52:20 | 000,001,059 | ---- | M] () -- C:\Users\Kuyumo\Desktop\Will And The People - Friends - Verknüpfung.lnk
[2015.09.25 12:52:18 | 000,001,232 | ---- | M] () -- C:\Users\Kuyumo\Desktop\Kaufen, Produkte - Verknüpfung.lnk
[2015.09.25 12:52:18 | 000,001,172 | ---- | M] () -- C:\Users\Kuyumo\Desktop\OneDrive.lnk
[2015.09.25 12:52:17 | 000,001,707 | ---- | M] () -- C:\Users\Kuyumo\Desktop\Google Drive.lnk
[2015.09.25 12:52:17 | 000,001,009 | ---- | M] () -- C:\Users\Kuyumo\Desktop\Dropbox.lnk
[2015.09.25 12:52:16 | 000,000,697 | ---- | M] () -- C:\Users\Kuyumo\Desktop\Barracuda Copy.lnk
[2015.09.25 12:52:15 | 000,001,759 | ---- | M] () -- C:\Users\Kuyumo\Desktop\2015_Frühling - Verknüpfung.lnk
[2015.09.25 12:50:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.09.25 12:06:38 | 000,098,520 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.09.25 11:26:25 | 000,699,666 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2015.09.25 11:26:25 | 000,654,464 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.09.25 11:26:25 | 000,149,774 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2015.09.25 11:26:25 | 000,122,336 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.09.24 21:58:00 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000Core.job
[2015.09.22 21:14:29 | 000,780,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015.09.22 21:14:29 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015.09.22 21:14:22 | 018,819,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2015.09.21 20:29:50 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2015.09.13 12:30:28 | 000,553,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015.09.02 04:48:31 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2015.09.02 04:48:28 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2015.09.02 04:48:25 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015.09.02 03:36:35 | 002,384,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015.09.02 03:33:48 | 000,299,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015.08.27 19:51:26 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2015.08.27 19:51:26 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2015.08.26 19:56:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2015.08.26 19:56:25 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2015.08.26 19:56:25 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2015.08.26 19:56:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2015.08.26 19:56:24 | 002,953,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2015.08.26 19:56:24 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2015.08.26 19:55:55 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2015.08.26 19:55:40 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2015.08.26 19:55:37 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015.09.25 12:05:34 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.09.13 13:12:43 | 000,021,015 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2015.03.29 02:05:47 | 000,036,301 | ---- | C] () -- C:\Users\Kuyumo\AppData\Local\recently-used.xbel
[2014.11.06 22:39:06 | 005,147,024 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2014.11.06 22:08:17 | 000,000,000 | ---- | C] () -- C:\Users\Kuyumo\AppData\Local\{A93FD393-7598-4AE6-B457-BB627964D6E9}
[2014.05.31 09:10:40 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2014.04.06 13:49:49 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014.04.03 17:36:20 | 002,881,848 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2014.04.03 17:36:20 | 000,015,688 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2014.04.03 17:36:18 | 000,010,320 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2014.04.03 13:11:04 | 000,038,960 | ---- | C] () -- C:\Windows\System32\RGBAcodec.dll
[2012.12.24 18:17:16 | 000,038,437 | ---- | C] () -- C:\Users\Kuyumo\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012.12.09 02:29:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012.10.22 18:21:37 | 000,000,028 | ---- | C] () -- C:\Users\Kuyumo\AppData\Roaming\PhonerLitesettings.ini
[2012.04.04 16:19:56 | 000,011,412 | ---- | C] () -- C:\Users\Kuyumo\gsview32.ini
[2012.01.22 15:28:42 | 000,005,632 | ---- | C] () -- C:\Users\Kuyumo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.14 18:57:04 | 000,007,602 | ---- | C] () -- C:\Users\Kuyumo\AppData\Local\resmon.resmoncfg
[2011.01.15 21:06:07 | 000,000,600 | ---- | C] () -- C:\Users\Kuyumo\AppData\Roaming\winscp.rnd
[2010.12.30 20:48:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.07.10 19:34:07 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 15:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014.12.20 05:39:38 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\.minecraft
[2012.02.04 02:01:41 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\.purple
[2014.12.30 01:31:47 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\.technic
[2012.03.08 14:46:56 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Ableton
[2015.09.20 00:56:10 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\AIMP3
[2011.12.21 18:13:24 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Applied Acoustics Systems
[2014.12.05 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Audacity
[2014.08.26 16:19:19 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\avidemux
[2012.11.25 21:11:04 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Azureus
[2011.10.17 12:59:17 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Canneverbe Limited
[2015.09.25 12:57:41 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Copy
[2011.11.08 09:14:02 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\DAEMON Tools Lite
[2013.06.29 13:50:16 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Dexpot
[2014.01.12 13:09:59 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\dlg
[2012.11.01 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Downloaded Installations
[2015.09.13 10:40:09 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Dropbox
[2015.03.01 00:25:38 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\DVDVideoSoft
[2014.03.07 17:09:47 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\DVDVideoSoftIEHelpers
[2015.04.03 02:03:06 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\FileZilla
[2015.02.07 22:55:09 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\foobar2000
[2014.03.11 12:32:32 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Foxit Software
[2014.06.15 14:38:00 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\gtk-2.0
[2015.04.03 02:03:09 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\inkscape
[2013.07.20 11:34:51 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\IrfanView
[2013.05.07 18:12:10 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\LibreOffice
[2014.12.10 00:49:59 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\MAGIX
[2015.09.11 19:31:16 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\MediaMonkey
[2013.12.30 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\MediaMonkey Remote
[2014.12.05 02:35:19 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Mp3tag
[2013.03.23 16:00:08 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Nokia
[2011.07.23 18:31:48 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Nokia Ovi Suite
[2013.03.23 16:00:08 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Nokia Suite
[2014.10.20 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Oracle
[2015.02.06 23:26:29 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Panda Security
[2011.05.29 12:54:01 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\PC Suite
[2014.09.05 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\PDF Architect 2
[2015.01.31 17:37:56 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\pdfforge
[2011.02.01 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\PhonerLite
[2015.09.12 09:06:09 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\PhotoScape
[2013.11.08 14:06:37 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\SanDisk SecureAccess
[2014.06.08 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Scribus
[2012.09.28 15:54:33 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\SharePod
[2011.11.08 09:27:54 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Steinberg
[2012.08.08 22:47:55 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Stellarium
[2015.04.03 02:03:10 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\TeamViewer
[2015.09.05 16:14:00 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Telegram Desktop
[2012.04.05 17:34:56 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Thunderbird
[2012.02.05 18:10:27 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\TrueCrypt
[2012.06.10 17:46:17 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\VST3 Presets
[2011.12.21 18:14:49 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\Waves Audio
[2014.12.02 19:07:11 | 000,000,000 | ---D | M] -- C:\Users\Kuyumo\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 83 bytes -> C:\Users\Kuyumo\Desktop\NC_2015_WEB_Visionssuche.pdf:com.dropbox.attributes

< End of report >

--- --- ---

[/CODE]

So, das sind jetzt alle logs die ich bisher habe. Wenn Du weitere brauchst sag mir einfach was und wie.
Danke.

schrauber · 28.09.2015, 13:37

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Cudjo · 29.09.2015, 14:40

Hi Schrauber

Sowohl Malwarebytes Anti-Rootkit als auch TDSSKiller haben keine Infektionen gefunden.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.09.29.03
  rootkit: v2015.09.22.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18015
Kuyumo :: KUYUMO-PC [administrator]

29.09.2015 13:13:35
mbar-log-2015-09-29 (13-13-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 386432
Time elapsed: 1 hour(s), 14 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

15:34:16.0808 0x15c4  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
15:34:54.0930 0x15c4  ============================================================
15:34:54.0930 0x15c4  Current date / time: 2015/09/29 15:34:54.0930
15:34:54.0930 0x15c4  SystemInfo:
15:34:54.0931 0x15c4  
15:34:54.0931 0x15c4  OS Version: 6.1.7601 ServicePack: 1.0
15:34:54.0931 0x15c4  Product type: Workstation
15:34:54.0931 0x15c4  ComputerName: KUYUMO-PC
15:34:54.0931 0x15c4  UserName: Kuyumo
15:34:54.0931 0x15c4  Windows directory: C:\Windows
15:34:54.0931 0x15c4  System windows directory: C:\Windows
15:34:54.0932 0x15c4  Processor architecture: Intel x86
15:34:54.0932 0x15c4  Number of processors: 2
15:34:54.0932 0x15c4  Page size: 0x1000
15:34:54.0932 0x15c4  Boot type: Normal boot
15:34:54.0932 0x15c4  ============================================================
15:34:58.0876 0x15c4  KLMD registered as C:\Windows\system32\drivers\65217185.sys
15:34:59.0434 0x15c4  System UUID: {A34A14D6-9659-218F-7884-B668DA19FBFD}
15:35:00.0756 0x15c4  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:35:00.0805 0x15c4  Drive \Device\Harddisk1\DR1 - Size: 0x1DD5F00000 ( 119.34 Gb ), SectorSize: 0x200, Cylinders: 0x3CDB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:35:00.0806 0x15c4  ============================================================
15:35:00.0806 0x15c4  \Device\Harddisk0\DR0:
15:35:00.0807 0x15c4  MBR partitions:
15:35:00.0807 0x15c4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:35:00.0807 0x15c4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1001E800
15:35:00.0816 0x15c4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10051119, BlocksNum 0xD173468
15:35:00.0816 0x15c4  \Device\Harddisk1\DR1:
15:35:00.0817 0x15c4  MBR partitions:
15:35:00.0817 0x15c4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x8000, BlocksNum 0xEEA7800
15:35:00.0817 0x15c4  ============================================================
15:35:00.0861 0x15c4  C: <-> \Device\Harddisk0\DR0\Partition2
15:35:00.0907 0x15c4  D: <-> \Device\Harddisk0\DR0\Partition3
15:35:01.0277 0x15c4  ============================================================
15:35:01.0278 0x15c4  Initialize success
15:35:01.0278 0x15c4  ============================================================
15:35:46.0366 0x1548  ============================================================
15:35:46.0366 0x1548  Scan started
15:35:46.0366 0x1548  Mode: Manual; SigCheck; TDLFS; 
15:35:46.0366 0x1548  ============================================================
15:35:46.0366 0x1548  KSN ping started
15:35:49.0149 0x1548  KSN ping finished: true
15:35:50.0547 0x1548  ================ Scan system memory ========================
15:35:50.0547 0x1548  System memory - ok
15:35:50.0548 0x1548  ================ Scan services =============================
15:35:50.0794 0x1548  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:35:51.0108 0x1548  1394ohci - ok
15:35:51.0239 0x1548  [ EC818AED40E3359FE49DDB1700151E56, 9BA0DC63EF1FF54DAA986CA8759F9EB8C0DFB080635B12B5B658717D66A3EA4C ] ACEDRV09        C:\Windows\system32\drivers\ACEDRV09.sys
15:35:51.0317 0x1548  ACEDRV09 - ok
15:35:51.0390 0x1548  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:35:51.0457 0x1548  ACPI - ok
15:35:51.0516 0x1548  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:35:51.0617 0x1548  AcpiPmi - ok
15:35:51.0736 0x1548  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:35:51.0771 0x1548  AdobeARMservice - ok
15:35:51.0902 0x1548  [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:35:51.0970 0x1548  AdobeFlashPlayerUpdateSvc - ok
15:35:52.0042 0x1548  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:35:52.0146 0x1548  adp94xx - ok
15:35:52.0185 0x1548  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:35:52.0253 0x1548  adpahci - ok
15:35:52.0277 0x1548  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:35:52.0322 0x1548  adpu320 - ok
15:35:52.0383 0x1548  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:35:52.0474 0x1548  AeLookupSvc - ok
15:35:52.0587 0x1548  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
15:35:52.0687 0x1548  AFD - ok
15:35:52.0742 0x1548  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:35:52.0781 0x1548  agp440 - ok
15:35:52.0833 0x1548  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:35:52.0873 0x1548  aic78xx - ok
15:35:52.0903 0x1548  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
15:35:52.0986 0x1548  ALG - ok
15:35:53.0046 0x1548  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:35:53.0082 0x1548  aliide - ok
15:35:53.0108 0x1548  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:35:53.0147 0x1548  amdagp - ok
15:35:53.0190 0x1548  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:35:53.0226 0x1548  amdide - ok
15:35:53.0263 0x1548  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:35:53.0326 0x1548  AmdK8 - ok
15:35:53.0343 0x1548  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:35:53.0397 0x1548  AmdPPM - ok
15:35:53.0436 0x1548  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:35:53.0478 0x1548  amdsata - ok
15:35:53.0500 0x1548  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:35:53.0547 0x1548  amdsbs - ok
15:35:53.0571 0x1548  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:35:53.0608 0x1548  amdxata - ok
15:35:53.0676 0x1548  [ D2BF422C2611632AFB9CE8F7B2A8C306, F4A5C27B796CE33CE43C96AD211BECEFD74C6FEE4B82256B76586D2C26B34085 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
15:35:53.0753 0x1548  AmUStor - ok
15:35:53.0797 0x1548  [ C532028F7EFF8831BE6B5E3C417E07FA, 9D3C91F4DE0456F2BD4BAB044A3281F895A8EBF259F15E3BA6299965F5B8ABED ] AppID           C:\Windows\system32\drivers\appid.sys
15:35:53.0872 0x1548  AppID - ok
15:35:53.0922 0x1548  [ 7A152F43A6B25D63D1279511258FE381, 416B592DAB9ECA4AEBD336F35AC622FA240E229F31BFB52E6084BAA48CC6F397 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:35:53.0978 0x1548  AppIDSvc - ok
15:35:54.0022 0x1548  [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo         C:\Windows\System32\appinfo.dll
15:35:54.0108 0x1548  Appinfo - ok
15:35:54.0155 0x1548  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:35:54.0235 0x1548  AppMgmt - ok
15:35:54.0279 0x1548  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:35:54.0319 0x1548  arc - ok
15:35:54.0338 0x1548  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:35:54.0380 0x1548  arcsas - ok
15:35:54.0449 0x1548  [ 18E5C2F937F9DEB8C282DF66A3761925, 30294C381F8C7DCB45EF9BCF572F410FF47630E12D5AA02259C6C80F07BEF495 ] ASLDRService    C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
15:35:54.0482 0x1548  ASLDRService - ok
15:35:54.0573 0x1548  [ 7B4D08D2017AC06689D422E06C43F0AA, 42BACCEA0FCEB60B79F78098163147A8DD1DED24CB2F0DBB93EDC07DAB66135C ] ASMMAP          C:\Program Files\ATKGFNEX\ASMMAP.sys
15:35:54.0603 0x1548  ASMMAP - ok
15:35:54.0768 0x1548  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:35:54.0813 0x1548  aspnet_state - ok
15:35:54.0887 0x1548  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:35:55.0048 0x1548  AsyncMac - ok
15:35:55.0130 0x1548  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:35:55.0166 0x1548  atapi - ok
15:35:55.0458 0x1548  [ 31CB2740BFDBAC1E48E2B7EAD38F0D27, D409B06CA4B130BC34C5F8E99A7225E3C1A2A06960897DD1F9DD1A219C11636C ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:35:55.0763 0x1548  athr - ok
15:35:55.0834 0x1548  [ 7C157574A181B19B9DCF5F339E25337E, 7CA78363CD420BFE4BFE9A38683CA9E31023AC573D9092666CDAEE6AF4998B60 ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
15:35:55.0868 0x1548  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic ( 1 )
15:35:58.0309 0x1548  Detect skipped due to KSN trusted
15:35:58.0309 0x1548  ATKGFNEXSrv - ok
15:35:58.0378 0x1548  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:35:58.0490 0x1548  AudioEndpointBuilder - ok
15:35:58.0545 0x1548  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:35:58.0615 0x1548  Audiosrv - ok
15:35:58.0676 0x1548  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:35:58.0803 0x1548  AxInstSV - ok
15:35:58.0876 0x1548  [ 1BDEB628C0BD39428F66053ED3A93D59, 7A2B5F4F1D3727A88563C5364552581B405E57CCCD4AB85BACE2627B7DC356C9 ] AXIOM           C:\Windows\system32\DRIVERS\MAudioAxiom.sys
15:35:58.0913 0x1548  AXIOM - ok
15:35:58.0982 0x1548  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:35:59.0085 0x1548  b06bdrv - ok
15:35:59.0126 0x1548  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:35:59.0207 0x1548  b57nd60x - ok
15:35:59.0253 0x1548  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
15:35:59.0337 0x1548  BDESVC - ok
15:35:59.0424 0x1548  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:35:59.0550 0x1548  Beep - ok
15:35:59.0648 0x1548  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
15:35:59.0793 0x1548  BFE - ok
15:35:59.0913 0x1548  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
15:36:00.0151 0x1548  BITS - ok
15:36:00.0218 0x1548  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:36:00.0280 0x1548  blbdrive - ok
15:36:00.0367 0x1548  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:36:00.0441 0x1548  bowser - ok
15:36:00.0470 0x1548  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:36:00.0535 0x1548  BrFiltLo - ok
15:36:00.0584 0x1548  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:36:00.0641 0x1548  BrFiltUp - ok
15:36:00.0692 0x1548  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
15:36:00.0764 0x1548  Browser - ok
15:36:00.0836 0x1548  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:36:00.0993 0x1548  Brserid - ok
15:36:01.0022 0x1548  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:36:01.0088 0x1548  BrSerWdm - ok
15:36:01.0144 0x1548  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:36:01.0210 0x1548  BrUsbMdm - ok
15:36:01.0239 0x1548  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:36:01.0299 0x1548  BrUsbSer - ok
15:36:01.0334 0x1548  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:36:01.0402 0x1548  BTHMODEM - ok
15:36:01.0475 0x1548  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
15:36:01.0569 0x1548  bthserv - ok
15:36:01.0647 0x1548  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:36:01.0774 0x1548  cdfs - ok
15:36:01.0858 0x1548  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:36:01.0942 0x1548  cdrom - ok
15:36:01.0998 0x1548  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:36:02.0049 0x1548  CertPropSvc - ok
15:36:02.0085 0x1548  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:36:02.0127 0x1548  circlass - ok
15:36:02.0208 0x1548  [ B53F9635457B56DCFFEF750E18AEC6CB, BAF6B8C8FAD040ED8E61209E9795C613C979B84C6B771FDED05B64BBEEB6A569 ] CLEDX           C:\Windows\system32\DRIVERS\cledx.sys
15:36:02.0245 0x1548  CLEDX - detected UnsignedFile.Multi.Generic ( 1 )
15:36:04.0690 0x1548  Detect skipped due to KSN trusted
15:36:04.0690 0x1548  CLEDX - ok
15:36:04.0790 0x1548  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
15:36:04.0855 0x1548  CLFS - ok
15:36:04.0981 0x1548  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:36:05.0021 0x1548  clr_optimization_v2.0.50727_32 - ok
15:36:05.0074 0x1548  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:36:05.0141 0x1548  clr_optimization_v4.0.30319_32 - ok
15:36:05.0217 0x1548  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:36:05.0270 0x1548  CmBatt - ok
15:36:05.0310 0x1548  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:36:05.0345 0x1548  cmdide - ok
15:36:05.0465 0x1548  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
15:36:05.0540 0x1548  CNG - ok
15:36:05.0608 0x1548  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:36:05.0644 0x1548  Compbatt - ok
15:36:05.0689 0x1548  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:36:05.0747 0x1548  CompositeBus - ok
15:36:05.0762 0x1548  COMSysApp - ok
15:36:05.0794 0x1548  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:36:05.0830 0x1548  crcdisk - ok
15:36:05.0897 0x1548  [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:36:05.0979 0x1548  CryptSvc - ok
15:36:06.0077 0x1548  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
15:36:06.0159 0x1548  CSC - ok
15:36:06.0240 0x1548  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
15:36:06.0338 0x1548  CscService - ok
15:36:06.0412 0x1548  [ B5ECADF7708960F1818C7FA015F4C239, A58BA71B08A9D46EB79EB3DF0858F553A11DE3461E13B6D926E25D21D4CBB2D8 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
15:36:06.0495 0x1548  CVirtA - ok
15:36:06.0719 0x1548  [ 30443EEF52F5FB043654859EAA8E5247, 887ED8C4FE2259542E05A17973FE1549B636DA2C6888CC3A66F97D7D2600DC49 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
15:36:06.0857 0x1548  CVPND - ok
15:36:06.0946 0x1548  [ CB90B2762B1A1D0B40496400C55B6ADE, 7A8D86B223FD8A2C4A75AD0849041D56255277D491387C613E62BC76E6730F06 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
15:36:06.0983 0x1548  CVPNDRVA - detected UnsignedFile.Multi.Generic ( 1 )
15:36:09.0427 0x1548  Detect skipped due to KSN trusted
15:36:09.0427 0x1548  CVPNDRVA - ok
15:36:09.0512 0x1548  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:36:09.0634 0x1548  DcomLaunch - ok
15:36:09.0693 0x1548  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
15:36:09.0785 0x1548  defragsvc - ok
15:36:09.0944 0x1548  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:36:10.0023 0x1548  DfsC - ok
15:36:10.0082 0x1548  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:36:10.0172 0x1548  Dhcp - ok
15:36:10.0320 0x1548  [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack       C:\Windows\system32\diagtrack.dll
15:36:10.0449 0x1548  DiagTrack - ok
15:36:10.0514 0x1548  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
15:36:10.0608 0x1548  discache - ok
15:36:10.0656 0x1548  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:36:10.0695 0x1548  Disk - ok
15:36:10.0752 0x1548  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144, 14C147B79786C5DCEC54AF191E8815D871906E30DE90B00C7929F0E6CC025E6A ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
15:36:10.0789 0x1548  DNE - ok
15:36:10.0864 0x1548  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:36:10.0929 0x1548  Dnscache - ok
15:36:10.0983 0x1548  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:36:11.0088 0x1548  dot3svc - ok
15:36:11.0162 0x1548  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
15:36:11.0268 0x1548  DPS - ok
15:36:11.0333 0x1548  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:36:11.0407 0x1548  drmkaud - ok
15:36:11.0482 0x1548  [ C0C7CECCB6C85994C2BC92D58E52D3F2, 993483E6667D8D3AD2E64FD5A689DCB28B3910824B1E036DB626F334996DEAC9 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:36:11.0527 0x1548  dtsoftbus01 - ok
15:36:11.0650 0x1548  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:36:11.0773 0x1548  DXGKrnl - ok
15:36:11.0927 0x1548  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
15:36:12.0053 0x1548  EapHost - ok
15:36:12.0320 0x1548  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:36:12.0702 0x1548  ebdrv - ok
15:36:12.0790 0x1548  [ 537463850663F2EDC50AF884D92C0096, C66AC5389D3622DA6B38CDBAE76D34D0634A5B3F22779C07C9737A24DE63B11E ] EFS             C:\Windows\System32\lsass.exe
15:36:12.0878 0x1548  EFS - ok
15:36:12.0958 0x1548  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:36:13.0041 0x1548  elxstor - ok
15:36:13.0090 0x1548  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:36:13.0143 0x1548  ErrDev - ok
15:36:13.0225 0x1548  [ 249D08177B2080163E600C3424F1A6AF, 8F264FA7A4AF71AEC877DAAC9A8FF18554409E5A46C9220565323D88BA757D54 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
15:36:13.0302 0x1548  ETD - ok
15:36:13.0421 0x1548  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
15:36:13.0535 0x1548  EventSystem - ok
15:36:13.0607 0x1548  [ 0F40E249E4DD0CE47C7CA19C5C8FB48A, EBF4A9DCEF2913095BDDACC64D02925B30CC1D779D21D31A1C3B59532D1C97E3 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
15:36:13.0706 0x1548  ewusbnet - ok
15:36:13.0780 0x1548  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:36:13.0892 0x1548  exfat - ok
15:36:13.0955 0x1548  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:36:14.0118 0x1548  fastfat - ok
15:36:14.0200 0x1548  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
15:36:14.0309 0x1548  Fax - ok
15:36:14.0336 0x1548  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:36:14.0394 0x1548  fdc - ok
15:36:14.0449 0x1548  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
15:36:14.0543 0x1548  fdPHost - ok
15:36:14.0570 0x1548  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:36:14.0650 0x1548  FDResPub - ok
15:36:14.0726 0x1548  [ 92130687FF836B41A4D19EF69A9C0501, 8E68DCDCCA9B94CEA9AE1F0BB9A508E9D092367B5746BEEC948984F882D24A5D ] ffusb2audio     C:\Windows\system32\DRIVERS\ffusb2audio.sys
15:36:14.0763 0x1548  ffusb2audio - ok
15:36:14.0831 0x1548  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:36:14.0870 0x1548  FileInfo - ok
15:36:14.0899 0x1548  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:36:14.0999 0x1548  Filetrace - ok
15:36:15.0224 0x1548  [ 167D24A045499EBEF438F231976158DF, 237F1495BA79D9082D6B383FE9AC5C6154A6F76F181000401F5790236EB57301 ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
15:36:15.0365 0x1548  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
15:36:17.0989 0x1548  Detect skipped due to KSN trusted
15:36:17.0990 0x1548  FirebirdServerMAGIXInstance - ok
15:36:18.0047 0x1548  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:36:18.0087 0x1548  flpydisk - ok
15:36:18.0152 0x1548  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:36:18.0199 0x1548  FltMgr - ok
15:36:18.0324 0x1548  [ 37DE123FE4276D8EC7F3C5B10C236238, 93CA47B9A96D904DD177FC0E04DECDF13756C8FA3C7613913DB4BF29A70ECE96 ] FontCache       C:\Windows\system32\FntCache.dll
15:36:18.0461 0x1548  FontCache - ok
15:36:18.0543 0x1548  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:36:18.0578 0x1548  FontCache3.0.0.0 - ok
15:36:18.0715 0x1548  [ 2944A8AF3D8492CC8D5C1D2017153ABD, E1AB2E7C73295C18C31EE2FB6E2E561090BE23B46DC1438F5AEA2F0E923AE442 ] FoxitCloudUpdateService C:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
15:36:18.0766 0x1548  FoxitCloudUpdateService - ok
15:36:18.0789 0x1548  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:36:18.0828 0x1548  FsDepends - ok
15:36:18.0897 0x1548  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:36:18.0935 0x1548  Fs_Rec - ok
15:36:19.0005 0x1548  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:36:19.0063 0x1548  fvevol - ok
15:36:19.0098 0x1548  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:36:19.0137 0x1548  gagp30kx - ok
15:36:19.0182 0x1548  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:36:19.0212 0x1548  GEARAspiWDM - ok
15:36:19.0428 0x1548  [ A617CCC0ACCF84446B69F6EC317B5600, B84993855426D091C78D09F0E5EDD642B24CF395BEDC2431A045CC538EEEE409 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
15:36:19.0520 0x1548  GfExperienceService - ok
15:36:19.0586 0x1548  [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C, ACD6BBB639CAF092809927F84F5693B7BA11080684A4993029D713ACF67D4C79 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
15:36:19.0616 0x1548  ggflt - ok
15:36:19.0658 0x1548  [ 17E678AAB82CCDFB80E7614504933895, 43935C8C5C30DA415957B789DC9FA10721C240C603DC8733D9B791A2F58BE1BD ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
15:36:19.0689 0x1548  ggsemc - ok
15:36:19.0766 0x1548  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:36:19.0890 0x1548  gpsvc - ok
15:36:20.0024 0x1548  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:36:20.0085 0x1548  gupdate - ok
15:36:20.0153 0x1548  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:36:20.0201 0x1548  gupdatem - ok
15:36:20.0252 0x1548  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:36:20.0350 0x1548  hcw85cir - ok
15:36:20.0440 0x1548  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:36:20.0541 0x1548  HdAudAddService - ok
15:36:20.0621 0x1548  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:36:20.0672 0x1548  HDAudBus - ok
15:36:20.0706 0x1548  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:36:20.0733 0x1548  HidBatt - ok
15:36:20.0756 0x1548  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:36:20.0821 0x1548  HidBth - ok
15:36:20.0838 0x1548  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:36:20.0897 0x1548  HidIr - ok
15:36:20.0948 0x1548  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
15:36:21.0052 0x1548  hidserv - ok
15:36:21.0110 0x1548  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:36:21.0180 0x1548  HidUsb - ok
15:36:21.0237 0x1548  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:36:21.0317 0x1548  hkmsvc - ok
15:36:21.0409 0x1548  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:36:21.0491 0x1548  HomeGroupListener - ok
15:36:21.0551 0x1548  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:36:21.0633 0x1548  HomeGroupProvider - ok
15:36:21.0679 0x1548  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:36:21.0719 0x1548  HpSAMD - ok
15:36:21.0810 0x1548  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:36:21.0895 0x1548  HTTP - ok
15:36:21.0992 0x1548  [ 92CA47DA32009CCC00A5ADED04ABBD78, 2159A632B9C519D94180A2EED24AB8A91BE8717F0C13BEC916CF4F70E4DB5D47 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:36:22.0070 0x1548  hwdatacard - ok
15:36:22.0137 0x1548  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:36:22.0183 0x1548  hwpolicy - ok
15:36:22.0299 0x1548  [ 1D4D6D24256F61E6B08A3CF8184A78B8, 037218C662C43E588921A8BA72F4AE1BA22983167F1216E06CE5C5820DA8CC7B ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
15:36:22.0401 0x1548  hwusbfake - ok
15:36:22.0478 0x1548  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:36:22.0554 0x1548  i8042prt - ok
15:36:22.0636 0x1548  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:36:22.0695 0x1548  iaStorV - ok
15:36:22.0824 0x1548  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:36:22.0925 0x1548  idsvc - ok
15:36:23.0003 0x1548  IEEtwCollectorService - ok
15:36:23.0055 0x1548  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:36:23.0093 0x1548  iirsp - ok
15:36:23.0201 0x1548  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:36:23.0310 0x1548  IKEEXT - ok
15:36:23.0366 0x1548  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:36:23.0402 0x1548  intelide - ok
15:36:23.0435 0x1548  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:36:23.0477 0x1548  intelppm - ok
15:36:23.0551 0x1548  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:36:23.0657 0x1548  IPBusEnum - ok
15:36:23.0690 0x1548  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:36:23.0791 0x1548  IpFilterDriver - ok
15:36:23.0879 0x1548  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:36:23.0989 0x1548  iphlpsvc - ok
15:36:24.0039 0x1548  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:36:24.0104 0x1548  IPMIDRV - ok
15:36:24.0162 0x1548  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:36:24.0261 0x1548  IPNAT - ok
15:36:24.0289 0x1548  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:36:24.0355 0x1548  IRENUM - ok
15:36:24.0406 0x1548  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:36:24.0444 0x1548  isapnp - ok
15:36:24.0510 0x1548  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:36:24.0561 0x1548  iScsiPrt - ok
15:36:24.0642 0x1548  [ 994EBB45C4B438E1F6EA0B958AE9B9A3, 2207FB7A87DCB9F5DA54165AFBB494AB548DFC0F58EE8E5623EE1D1EC9B242BE ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
15:36:24.0673 0x1548  ivusb - ok
15:36:24.0720 0x1548  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:36:24.0759 0x1548  kbdclass - ok
15:36:24.0809 0x1548  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:36:24.0869 0x1548  kbdhid - ok
15:36:24.0901 0x1548  [ 537463850663F2EDC50AF884D92C0096, C66AC5389D3622DA6B38CDBAE76D34D0634A5B3F22779C07C9737A24DE63B11E ] KeyIso          C:\Windows\system32\lsass.exe
15:36:24.0949 0x1548  KeyIso - ok
15:36:25.0032 0x1548  [ 2FA1766AAC086EDD7F9C70C333FF5B31, E4678EA15094529A1527441E416E0C871B0BA72E39C818A15AAD7A0A59FFC447 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:36:25.0075 0x1548  KSecDD - ok
15:36:25.0143 0x1548  [ C9BB081F0419B17BF33B9D49547AD869, 98E9B4D16EDC306316C873AD5DFF7C34D2698975F92B423024B3A251D02EDA29 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:36:25.0190 0x1548  KSecPkg - ok
15:36:25.0255 0x1548  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:36:25.0356 0x1548  KtmRm - ok
15:36:25.0401 0x1548  L6UX2 - ok
15:36:25.0455 0x1548  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:36:25.0564 0x1548  LanmanServer - ok
15:36:25.0609 0x1548  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:36:25.0708 0x1548  LanmanWorkstation - ok
15:36:25.0789 0x1548  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:36:25.0869 0x1548  lltdio - ok
15:36:25.0908 0x1548  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:36:26.0021 0x1548  lltdsvc - ok
15:36:26.0046 0x1548  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:36:26.0144 0x1548  lmhosts - ok
15:36:26.0183 0x1548  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:36:26.0224 0x1548  LSI_FC - ok
15:36:26.0263 0x1548  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:36:26.0304 0x1548  LSI_SAS - ok
15:36:26.0320 0x1548  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:36:26.0360 0x1548  LSI_SAS2 - ok
15:36:26.0380 0x1548  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:36:26.0421 0x1548  LSI_SCSI - ok
15:36:26.0490 0x1548  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:36:26.0587 0x1548  luafv - ok
15:36:26.0659 0x1548  [ B4CD87E78A01562E3DA67FE1C2779204, 536AC01C53A18E7B43F02F345FC3088C189A2D01F5E060714C0534FE7ECA2356 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:36:26.0691 0x1548  MBAMProtector - ok
15:36:26.0795 0x1548  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
15:36:26.0897 0x1548  MBAMService - ok
15:36:27.0000 0x1548  [ 490F0F3ED8A970E2BAA38F719242B8F7, 03F902365372639424AB654AEBF6EB2B6B73363275435ADC2D086EAA7112AC3D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
15:36:27.0033 0x1548  MBAMWebAccessControl - ok
15:36:27.0073 0x1548  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:36:27.0112 0x1548  megasas - ok
15:36:27.0139 0x1548  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:36:27.0191 0x1548  MegaSR - ok
15:36:27.0276 0x1548  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:36:27.0310 0x1548  Microsoft Office Groove Audit Service - ok
15:36:27.0350 0x1548  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
15:36:27.0450 0x1548  MMCSS - ok
15:36:27.0511 0x1548  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
15:36:27.0590 0x1548  Modem - ok
15:36:27.0638 0x1548  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:36:27.0683 0x1548  monitor - ok
15:36:27.0759 0x1548  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:36:27.0797 0x1548  mouclass - ok
15:36:27.0823 0x1548  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:36:27.0881 0x1548  mouhid - ok
15:36:27.0934 0x1548  [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:36:27.0974 0x1548  mountmgr - ok
15:36:28.0073 0x1548  [ CC11EEB7AF4617D65DF0E9A21FC1ABD0, A683A5FB26E1B9FB4EEB40A9C7186F8433E3FB0A45848DF6102EF07B4DC75AC8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:36:28.0118 0x1548  MozillaMaintenance - ok
15:36:28.0154 0x1548  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:36:28.0198 0x1548  mpio - ok
15:36:28.0237 0x1548  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:36:28.0332 0x1548  mpsdrv - ok
15:36:28.0409 0x1548  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:36:28.0541 0x1548  MpsSvc - ok
15:36:28.0596 0x1548  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:36:28.0672 0x1548  MRxDAV - ok
15:36:28.0752 0x1548  [ A6D93B0EAED452179B7A032CE9EEC4A1, 9CFE29648B6153A9413BA027988532F45F4B7970E64A147AF5C0401804A936E1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:36:28.0812 0x1548  mrxsmb - ok
15:36:28.0917 0x1548  [ B7A61200A1833380B3F0893E2C2369AA, 7489204A5F4CCE099CA14864686025026FACEE0279F91A7850EA571003A3DCD2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:36:28.0969 0x1548  mrxsmb10 - ok
15:36:29.0029 0x1548  [ 77ABC3A8389EB0579566427CF2184EC6, 5CBC4E81B74EBDAB7D06F3FE5E24696A5286FFA3D1A6BC2E8C71653D1B8A23FB ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:36:29.0092 0x1548  mrxsmb20 - ok
15:36:29.0148 0x1548  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:36:29.0185 0x1548  msahci - ok
15:36:29.0239 0x1548  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:36:29.0283 0x1548  msdsm - ok
15:36:29.0324 0x1548  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
15:36:29.0384 0x1548  MSDTC - ok
15:36:29.0454 0x1548  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:36:29.0549 0x1548  Msfs - ok
15:36:29.0578 0x1548  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:36:29.0669 0x1548  mshidkmdf - ok
15:36:29.0718 0x1548  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:36:29.0757 0x1548  msisadrv - ok
15:36:29.0798 0x1548  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:36:29.0881 0x1548  MSiSCSI - ok
15:36:29.0893 0x1548  msiserver - ok
15:36:29.0928 0x1548  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:36:30.0005 0x1548  MSKSSRV - ok
15:36:30.0063 0x1548  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:36:30.0159 0x1548  MSPCLOCK - ok
15:36:30.0195 0x1548  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:36:30.0272 0x1548  MSPQM - ok
15:36:30.0304 0x1548  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:36:30.0352 0x1548  MsRPC - ok
15:36:30.0426 0x1548  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:36:30.0463 0x1548  mssmbios - ok
15:36:30.0494 0x1548  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:36:30.0588 0x1548  MSTEE - ok
15:36:30.0620 0x1548  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:36:30.0672 0x1548  MTConfig - ok
15:36:30.0726 0x1548  [ 2E71504A74BE4E3D4EA94568EFF7556E, 1D8BACC85B7390FB4C826ADBEEC269594ECD3CA43A46D1DE1F2035CFC258BC33 ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
15:36:30.0754 0x1548  MTsensor - ok
15:36:30.0783 0x1548  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:36:30.0822 0x1548  Mup - ok
15:36:30.0957 0x1548  [ 684D9033C3DF1727DD36C6464533176D, BD0EE7F922A493528FC705CE30BF59B1E0743A913A05D811FFA6590DD356718E ] NanoServiceMain C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
15:36:30.0998 0x1548  NanoServiceMain - ok
15:36:31.0063 0x1548  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
15:36:31.0187 0x1548  napagent - ok
15:36:31.0256 0x1548  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:36:31.0333 0x1548  NativeWifiP - ok
15:36:31.0423 0x1548  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:36:31.0505 0x1548  NDIS - ok
15:36:31.0543 0x1548  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:36:31.0635 0x1548  NdisCap - ok
15:36:31.0668 0x1548  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:36:31.0742 0x1548  NdisTapi - ok
15:36:31.0794 0x1548  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:36:31.0869 0x1548  Ndisuio - ok
15:36:31.0940 0x1548  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:36:32.0033 0x1548  NdisWan - ok
15:36:32.0080 0x1548  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:36:32.0175 0x1548  NDProxy - ok
15:36:32.0241 0x1548  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:36:32.0320 0x1548  NetBIOS - ok
15:36:32.0402 0x1548  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:36:32.0503 0x1548  NetBT - ok
15:36:32.0534 0x1548  [ 537463850663F2EDC50AF884D92C0096, C66AC5389D3622DA6B38CDBAE76D34D0634A5B3F22779C07C9737A24DE63B11E ] Netlogon        C:\Windows\system32\lsass.exe
15:36:32.0576 0x1548  Netlogon - ok
15:36:32.0624 0x1548  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
15:36:32.0742 0x1548  Netman - ok
15:36:32.0831 0x1548  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:36:32.0882 0x1548  NetMsmqActivator - ok
15:36:32.0900 0x1548  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:36:32.0950 0x1548  NetPipeActivator - ok
15:36:33.0006 0x1548  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
15:36:33.0114 0x1548  netprofm - ok
15:36:33.0133 0x1548  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:36:33.0183 0x1548  NetTcpActivator - ok
15:36:33.0201 0x1548  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:36:33.0253 0x1548  NetTcpPortSharing - ok
15:36:33.0289 0x1548  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:36:33.0327 0x1548  nfrd960 - ok
15:36:33.0393 0x1548  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:36:33.0476 0x1548  NlaSvc - ok
15:36:33.0540 0x1548  [ 918B6988C223AA54FA58A549B9D4F901, 241C752F5EE384A674E8EB8C79E12FE67CB332FCD52A5C7F27703D122A5F6D08 ] NNSALPC         C:\Windows\system32\DRIVERS\NNSAlpc.sys
15:36:33.0584 0x1548  NNSALPC - ok
15:36:33.0656 0x1548  [ 3061E5F4A6888AB7D8EB37BCFB166385, 6D69513592E175A5F928AF9E688109E4C1F5B25F8EBF16C171189F078FC57546 ] NNSHTTP         C:\Windows\system32\DRIVERS\NNSHttp.sys
15:36:33.0705 0x1548  NNSHTTP - ok
15:36:33.0736 0x1548  [ E1BBB7E7F0C32CE13D6FC08E543CBF07, 332DDA4C59CA1023E610CBB28B120E0F776B20D4DFBF03E4A384371A0CD82F87 ] NNSHTTPS        C:\Windows\system32\DRIVERS\NNSHttps.sys
15:36:33.0780 0x1548  NNSHTTPS - ok
15:36:33.0806 0x1548  [ F359D0E5F2058E7634B4B84927C2FABB, 24D8E02234A822D793E997EB123B0EEBF48BC49CDB9153BF955FD91190ADAF84 ] NNSIDS          C:\Windows\system32\DRIVERS\NNSIds.sys
15:36:33.0851 0x1548  NNSIDS - ok
15:36:33.0895 0x1548  [ 417D3EE2BEFA1EFBE61C7C87203B59D0, CA21D94BD9062BDC522422C34E94AA19CC44B51E9EF68C8F8A179FCCEFFA3E8F ] NNSNAHSL        C:\Windows\system32\DRIVERS\NNSNAHSL.sys
15:36:33.0933 0x1548  NNSNAHSL - ok
15:36:33.0976 0x1548  [ FAF03BEFA4EC13D504FC0659FE60E5F2, B35DCC7DE53DCBE7F0834C0B60A4957F55377E88F0D7AA3FAABC13E3848FAA96 ] NNSPICC         C:\Windows\system32\DRIVERS\NNSPicc.sys
15:36:34.0017 0x1548  NNSPICC - ok
15:36:34.0071 0x1548  [ 1C902A92E5F549A423028D0E814544D6, E05D68EBCAA50DC8E2882062905AE18D92C6CF572E56A9B53B1381166A9F76D5 ] NNSPIHSW        C:\Windows\system32\DRIVERS\NNSPihsw.sys
15:36:34.0111 0x1548  NNSPIHSW - ok
15:36:34.0157 0x1548  [ 703E790A864B491897CE2A83EFF0B10F, CADF593B33CFAAAC8072F7261717B6A4CB0E8EBD4FF6889643AE8DB5F610B403 ] NNSPOP3         C:\Windows\system32\DRIVERS\NNSPop3.sys
15:36:34.0201 0x1548  NNSPOP3 - ok
15:36:34.0244 0x1548  [ C0E52DF6E233B785031BC78966EE0DE8, 10B8BBEF7C8E636B4056A99A0D8C767DCF87DFB53D681ED643B55298AB1650B4 ] NNSPROT         C:\Windows\system32\DRIVERS\NNSProt.sys
15:36:34.0299 0x1548  NNSPROT - ok
15:36:34.0329 0x1548  [ 0112C27B9E84E89F7854A2A0C95EE99A, B41EE9FB3740E7F7A107FA60F376E8F18BBA329148536084BB798E0988B608E5 ] NNSPRV          C:\Windows\system32\DRIVERS\NNSPrv.sys
15:36:34.0380 0x1548  NNSPRV - ok
15:36:34.0403 0x1548  [ D760E133DCFE4EB1D2119DE77BF3E316, 47C4766A9DB6B98A4DBFF59EB636AE2AEE8DDA1559B66DE92BC462E9B99BD720 ] NNSSMTP         C:\Windows\system32\DRIVERS\NNSSmtp.sys
15:36:34.0446 0x1548  NNSSMTP - ok
15:36:34.0479 0x1548  [ 68BDF9EB1657043FE7F20003433AB9D7, 85D2769FF21684E9534469D8CBEBA331202844BF97898735FA803F8DA9CEEDDB ] NNSSTRM         C:\Windows\system32\DRIVERS\NNSStrm.sys
15:36:34.0531 0x1548  NNSSTRM - ok
15:36:34.0585 0x1548  [ 66021D7FF700961C15B370239A63A010, 00A9E969B6FA5428D460F0B804D8F7E8869E8609ABCD59BE7AD1B913E068C56C ] NNSTLSC         C:\Windows\system32\DRIVERS\NNSTlsc.sys
15:36:34.0626 0x1548  NNSTLSC - ok
15:36:34.0681 0x1548  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:36:34.0772 0x1548  Npfs - ok
15:36:34.0807 0x1548  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
15:36:34.0889 0x1548  nsi - ok
15:36:34.0903 0x1548  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:36:34.0982 0x1548  nsiproxy - ok
15:36:35.0118 0x1548  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:36:35.0243 0x1548  Ntfs - ok
15:36:35.0368 0x1548  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
15:36:35.0464 0x1548  Null - ok
15:36:36.0222 0x1548  [ 854144A2DE8DED0569483F2BAC9C5DEB, B9B24D4522A60DC2BA47BF8316CD134C61858BE6A436C5E5C764BD2DA749063E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:36:37.0209 0x1548  nvlddmkm - ok
15:36:37.0533 0x1548  [ 4B1E6975B565883985FB43C3FD6C88C6, D4CCA860A9AFDF5D729885896B3034A55C4778FE0A333C06B8B71C20BF73A48A ] NvNetworkService C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
15:36:37.0718 0x1548  NvNetworkService - ok
15:36:37.0802 0x1548  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:36:37.0850 0x1548  nvraid - ok
15:36:38.0091 0x1548  [ F13618F0CB1E95232F4C2401592A59E9, 119C8075536D4C3602754E680574B0E18C813E9FE5555B2B854F3A6E768C22D0 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
15:36:38.0158 0x1548  nvsmu - ok
15:36:38.0211 0x1548  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:36:38.0256 0x1548  nvstor - ok
15:36:38.0301 0x1548  [ 9748F2BEE2100066571AE0651DB03513, 0612DC42D9E24F33527FED27B083E7A597A1625935D000A2875017DB3E6E8504 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
15:36:38.0344 0x1548  nvstor32 - ok
15:36:38.0450 0x1548  [ 891E6BB4C3663539A64F7470814644C7, 6B78951527FAB3077A2D530D70A7ECCAEEEA402DDCE648225BCB7DACC51C723F ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
15:36:38.0480 0x1548  NvStreamKms - ok
15:36:39.0805 0x1548  [ 47BC22C10CB44A3BFB8D6531070265E6, BAEE14047424EED79548A5536DDD210A736A4948778857BAE3E5D3E99E1A9287 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
15:36:40.0826 0x1548  NvStreamSvc - ok
15:36:41.0121 0x1548  [ FB931D6633376412D6DEAD287D597F17, 1F94850B1793E77E0F1231E2B3D2DB8F88868CC540684B613B4B32AC7EE220D6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:36:41.0202 0x1548  nvsvc - ok
15:36:41.0263 0x1548  [ F0F317FA72C283C54C0537C70E8013A4, CB051B859664868142E08771C54F2BCAD809264DEB25F14177358839C649E626 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
15:36:41.0300 0x1548  nvvad_WaveExtensible - ok
15:36:41.0354 0x1548  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:36:41.0397 0x1548  nv_agp - ok
15:36:41.0524 0x1548  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:36:41.0605 0x1548  odserv - ok
15:36:41.0660 0x1548  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:36:41.0737 0x1548  ohci1394 - ok
15:36:41.0813 0x1548  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:36:41.0845 0x1548  ose - ok
15:36:41.0902 0x1548  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:36:41.0979 0x1548  p2pimsvc - ok
15:36:42.0041 0x1548  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:36:42.0108 0x1548  p2psvc - ok
15:36:42.0179 0x1548  [ 742FC7886B2F155317723F1D6B045F94, BCB0DC50A64423973694DD35A270C6C9F4BB5A0A0819ECA0287B8BB9458DB137 ] PandaAgent      C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
15:36:42.0212 0x1548  PandaAgent - ok
15:36:42.0264 0x1548  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:36:42.0328 0x1548  Parport - ok
15:36:42.0374 0x1548  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:36:42.0413 0x1548  partmgr - ok
15:36:42.0438 0x1548  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:36:42.0479 0x1548  Parvdm - ok
15:36:42.0532 0x1548  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:36:42.0601 0x1548  PcaSvc - ok
15:36:42.0632 0x1548  pccsmcfd - ok
15:36:42.0691 0x1548  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
15:36:42.0740 0x1548  pci - ok
15:36:42.0801 0x1548  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:36:42.0838 0x1548  pciide - ok
15:36:42.0899 0x1548  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:36:42.0947 0x1548  pcmcia - ok
15:36:42.0980 0x1548  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:36:43.0018 0x1548  pcw - ok
15:36:43.0277 0x1548  [ F97DC1A5244469D367B1334D47118E34, A36B6C402F92BEBE14082296CBF5F69656ED87AB700789028799768FA1FE2A72 ] PDF Architect 2 C:\Program Files\PDF Architect 2\ws.exe
15:36:43.0442 0x1548  PDF Architect 2 - ok
15:36:43.0629 0x1548  [ B932EEFE2A1C456856E44B8A9A79D36C, 26DCB96E1FC177DF3192CEAB6BE2524E9D23F858E09A47530275174F6FD767BA ] PDF Architect 2 Creator C:\Program Files\PDF Architect 2\creator-ws.exe
15:36:43.0709 0x1548  PDF Architect 2 Creator - ok
15:36:43.0835 0x1548  [ E81F7D5371C95904D4105B06405D5EDA, A6A41793AC241801D37A95C25B2DA0C3CDDC804B4F2BD087ECBD30C562F3517B ] pdfforge CrashHandler C:\Program Files\PDF Architect 2\crash-handler-ws.exe
15:36:43.0925 0x1548  pdfforge CrashHandler - ok
15:36:44.0006 0x1548  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:36:44.0100 0x1548  PEAUTH - ok
15:36:44.0209 0x1548  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:36:44.0342 0x1548  PeerDistSvc - ok
15:36:44.0536 0x1548  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
15:36:44.0744 0x1548  pla - ok
15:36:44.0825 0x1548  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:36:44.0922 0x1548  PlugPlay - ok
15:36:44.0959 0x1548  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:36:45.0020 0x1548  PNRPAutoReg - ok
15:36:45.0074 0x1548  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:36:45.0135 0x1548  PNRPsvc - ok
15:36:45.0209 0x1548  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:36:45.0320 0x1548  PolicyAgent - ok
15:36:45.0383 0x1548  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
15:36:45.0482 0x1548  Power - ok
15:36:45.0518 0x1548  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:36:45.0615 0x1548  PptpMiniport - ok
15:36:45.0648 0x1548  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:36:45.0693 0x1548  Processor - ok
15:36:45.0744 0x1548  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:36:45.0827 0x1548  ProfSvc - ok
15:36:45.0856 0x1548  [ 537463850663F2EDC50AF884D92C0096, C66AC5389D3622DA6B38CDBAE76D34D0634A5B3F22779C07C9737A24DE63B11E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:36:45.0899 0x1548  ProtectedStorage - ok
15:36:45.0932 0x1548  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:36:46.0016 0x1548  Psched - ok
15:36:46.0079 0x1548  [ 6D92FC11A7B03556DAB21AE650A166DA, 385F2A54CDFB5509D8943F4F1DC36A763CD1EBD3EDA31F6790DB1EB765DE53C6 ] PSINAflt        C:\Windows\system32\DRIVERS\PSINAflt.sys
15:36:46.0159 0x1548  PSINAflt - ok
15:36:46.0226 0x1548  [ 6371C2DBE1E7207526EBD8A6FA14D3B4, 0AC2D5BF3BAC78069BDD1D0BB27FCF186E603BEEEBFF83210F6BEFC31D88FE92 ] PSINFile        C:\Windows\system32\DRIVERS\PSINFile.sys
15:36:46.0285 0x1548  PSINFile - ok
15:36:46.0334 0x1548  [ DCF0AD5791D818478FE6406F6C926DE3, 2E34DFC565A4744507A8F4F2D90A5ECE4333FFD98351F70ABAAE4716A54B8992 ] PSINKNC         C:\Windows\system32\DRIVERS\psinknc.sys
15:36:46.0375 0x1548  PSINKNC - ok
15:36:46.0402 0x1548  [ 37F9CDE9A03E067F26A671A380E276AD, 57F12CD72F4419E73026D750F1E2A189E1A51AE3B05854141FF09003E3B8022F ] PSINProc        C:\Windows\system32\DRIVERS\PSINProc.sys
15:36:46.0431 0x1548  PSINProc - ok
15:36:46.0454 0x1548  [ EE8DDC2B818E0F447C5589D9D01C454B, A03CDFEE6D648D0F252CF0D2672C2D878C60291F93EF8AD17533C91DAAE8647A ] PSINProt        C:\Windows\system32\DRIVERS\PSINProt.sys
15:36:46.0484 0x1548  PSINProt - ok
15:36:46.0538 0x1548  [ 6417F4C74C848DE4ECD24C81AD0BA79C, FA3A11BE9AC3357366F49AECFEA079D80FD22746ABF35B28B372F61600DCDCD0 ] PSINReg         C:\Windows\system32\DRIVERS\PSINReg.sys
15:36:46.0573 0x1548  PSINReg - ok
15:36:46.0661 0x1548  [ D271C14EE0EEEA27359CD9E14E49F0DE, C69234841EE8E9A584CABF12CE2FA965F038BD30E78C57702B28EF4B3667BD7C ] PSKMAD          C:\Windows\system32\DRIVERS\PSKMAD.sys
15:36:46.0700 0x1548  PSKMAD - ok
15:36:46.0741 0x1548  [ EC01F4C59EEA2DDB6090F200FA493985, C93B8D80A2B401DAA75C13645F657451CE1D5899011A9CD1BD92E00570D1D035 ] PSUAService     C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
15:36:46.0774 0x1548  PSUAService - ok
15:36:46.0835 0x1548  [ 3A6489DCB6F28970B6BBD9687777FA00, 23F8C7B8A4B95925AA53D7F0AA4C349EA38CBEDF31AC9EAC17189CBBEAEF7B5C ] pwdrvio         C:\Windows\system32\pwdrvio.sys
15:36:46.0870 0x1548  pwdrvio - ok
15:36:46.0911 0x1548  [ 9D00D015159B6ADF0980BAEEB5DCC5E4, C944564FD992084E86DD581B73E8DFDA54DBDA8A4396F6675BDA771ED50AF6C5 ] pwdspio         C:\Windows\system32\pwdspio.sys
15:36:46.0946 0x1548  pwdspio - ok
15:36:47.0083 0x1548  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:36:47.0222 0x1548  ql2300 - ok
15:36:47.0248 0x1548  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:36:47.0292 0x1548  ql40xx - ok
15:36:47.0347 0x1548  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
15:36:47.0430 0x1548  QWAVE - ok
15:36:47.0469 0x1548  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:36:47.0518 0x1548  QWAVEdrv - ok
15:36:47.0551 0x1548  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:36:47.0640 0x1548  RasAcd - ok
15:36:47.0695 0x1548  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:36:47.0792 0x1548  RasAgileVpn - ok
15:36:47.0834 0x1548  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
15:36:47.0921 0x1548  RasAuto - ok
15:36:47.0978 0x1548  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:36:48.0059 0x1548  Rasl2tp - ok
15:36:48.0137 0x1548  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
15:36:48.0235 0x1548  RasMan - ok
15:36:48.0259 0x1548  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:36:48.0342 0x1548  RasPppoe - ok
15:36:48.0379 0x1548  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:36:48.0504 0x1548  RasSstp - ok
15:36:48.0577 0x1548  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:36:48.0654 0x1548  rdbss - ok
15:36:48.0687 0x1548  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:36:48.0736 0x1548  rdpbus - ok
15:36:48.0776 0x1548  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:36:48.0861 0x1548  RDPCDD - ok
15:36:48.0927 0x1548  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:36:48.0972 0x1548  RDPDR - ok
15:36:48.0987 0x1548  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:36:49.0044 0x1548  RDPENCDD - ok
15:36:49.0063 0x1548  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:36:49.0117 0x1548  RDPREFMP - ok
15:36:49.0158 0x1548  [ EAC76854C359D2534B25296AE425410D, B813FFD395AC0B969C56FD8B8D04DF6E72C39C8C2E714B03747A20D5723D58DD ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:36:49.0220 0x1548  RdpVideoMiniport - ok
15:36:49.0265 0x1548  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:36:49.0342 0x1548  RDPWD - ok
15:36:49.0412 0x1548  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:36:49.0448 0x1548  rdyboost - ok
15:36:49.0508 0x1548  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:36:49.0561 0x1548  RemoteAccess - ok
15:36:49.0619 0x1548  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:36:49.0679 0x1548  RemoteRegistry - ok
15:36:49.0699 0x1548  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:36:49.0799 0x1548  RpcEptMapper - ok
15:36:49.0881 0x1548  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
15:36:49.0972 0x1548  RpcLocator - ok
15:36:50.0043 0x1548  [ DC908AB53016010462F371BBFD3173F5, EBA817F382F49FC698AB98415E7552C2ED031FAEEAB55D34EC77E5EF59860649 ] rpcnet          C:\Windows\system32\rpcnet.exe
15:36:50.0083 0x1548  rpcnet - ok
15:36:50.0158 0x1548  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
15:36:50.0268 0x1548  RpcSs - ok
15:36:50.0332 0x1548  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:36:50.0415 0x1548  rspndr - ok
15:36:50.0511 0x1548  [ 6465166DD9B2F841DABAD16ABDADBE98, C5E93E9739A14375A8242D11F3661A2D069DC0F88DD13C869F525E19808A362E ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
15:36:50.0620 0x1548  RTL8167 - ok
15:36:50.0689 0x1548  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:36:50.0776 0x1548  s3cap - ok
15:36:50.0801 0x1548  [ 537463850663F2EDC50AF884D92C0096, C66AC5389D3622DA6B38CDBAE76D34D0634A5B3F22779C07C9737A24DE63B11E ] SamSs           C:\Windows\system32\lsass.exe
15:36:50.0842 0x1548  SamSs - ok
15:36:50.0870 0x1548  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:36:50.0911 0x1548  sbp2port - ok
15:36:51.0081 0x1548  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
15:36:51.0210 0x1548  SBSDWSCService - ok
15:36:51.0335 0x1548  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:36:51.0427 0x1548  SCardSvr - ok
15:36:51.0475 0x1548  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:36:51.0562 0x1548  scfilter - ok
15:36:51.0660 0x1548  [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule        C:\Windows\system32\schedsvc.dll
15:36:51.0775 0x1548  Schedule - ok
15:36:51.0832 0x1548  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:36:51.0908 0x1548  SCPolicySvc - ok
15:36:51.0934 0x1548  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:36:51.0999 0x1548  SDRSVC - ok
15:36:52.0032 0x1548  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:36:52.0102 0x1548  secdrv - ok
15:36:52.0151 0x1548  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
15:36:52.0252 0x1548  seclogon - ok
15:36:52.0279 0x1548  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
15:36:52.0366 0x1548  SENS - ok
15:36:52.0397 0x1548  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:36:52.0473 0x1548  SensrSvc - ok
15:36:52.0507 0x1548  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:36:52.0548 0x1548  Serenum - ok
15:36:52.0573 0x1548  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:36:52.0620 0x1548  Serial - ok
15:36:52.0643 0x1548  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:36:52.0686 0x1548  sermouse - ok
15:36:52.0772 0x1548  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:36:52.0860 0x1548  SessionEnv - ok
15:36:52.0907 0x1548  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:36:52.0973 0x1548  sffdisk - ok
15:36:53.0009 0x1548  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:36:53.0084 0x1548  sffp_mmc - ok
15:36:53.0145 0x1548  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:36:53.0193 0x1548  sffp_sd - ok
15:36:53.0237 0x1548  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:36:53.0272 0x1548  sfloppy - ok
15:36:53.0352 0x1548  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:36:53.0441 0x1548  SharedAccess - ok
15:36:53.0518 0x1548  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:36:53.0586 0x1548  ShellHWDetection - ok
15:36:53.0609 0x1548  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:36:53.0635 0x1548  sisagp - ok
15:36:53.0659 0x1548  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:36:53.0694 0x1548  SiSRaid2 - ok
15:36:53.0722 0x1548  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:36:53.0750 0x1548  SiSRaid4 - ok
15:36:53.0869 0x1548  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:36:53.0912 0x1548  SkypeUpdate - ok
15:36:53.0925 0x1548  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:36:54.0024 0x1548  Smb - ok
15:36:54.0101 0x1548  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:36:54.0164 0x1548  SNMPTRAP - ok
15:36:54.0628 0x1548  [ 03210C439D0C1224EB36865C8010DAB6, 30E7315B74D72ED53584D91BDDC60966E2610464C5A2A0E3379908DFEE03F261 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
15:36:54.0809 0x1548  SNP2UVC - ok
15:36:54.0968 0x1548  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
15:36:55.0003 0x1548  Sony PC Companion - ok
15:36:55.0067 0x1548  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:36:55.0104 0x1548  spldr - ok
15:36:55.0178 0x1548  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
15:36:55.0268 0x1548  Spooler - ok
15:36:55.0550 0x1548  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
15:36:55.0942 0x1548  sppsvc - ok
15:36:56.0048 0x1548  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:36:56.0128 0x1548  sppuinotify - ok
15:36:56.0225 0x1548  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:36:56.0298 0x1548  srv - ok
15:36:56.0380 0x1548  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:36:56.0442 0x1548  srv2 - ok
15:36:56.0520 0x1548  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:36:56.0582 0x1548  srvnet - ok
15:36:56.0649 0x1548  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:36:56.0744 0x1548  SSDPSRV - ok
15:36:56.0778 0x1548  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:36:56.0883 0x1548  SstpSvc - ok
15:36:56.0917 0x1548  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:36:56.0955 0x1548  stexstor - ok
15:36:57.0004 0x1548  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:36:57.0073 0x1548  StillCam - ok
15:36:57.0174 0x1548  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:36:57.0266 0x1548  StiSvc - ok
15:36:57.0309 0x1548  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:36:57.0347 0x1548  storflt - ok
15:36:57.0370 0x1548  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:36:57.0408 0x1548  storvsc - ok
15:36:57.0459 0x1548  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:36:57.0496 0x1548  swenum - ok
15:36:57.0555 0x1548  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
15:36:57.0676 0x1548  swprv - ok
15:36:57.0705 0x1548  Synth3dVsc - ok
15:36:57.0842 0x1548  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\Windows\system32\sysmain.dll
15:36:58.0038 0x1548  SysMain - ok
15:36:58.0104 0x1548  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
15:36:58.0182 0x1548  TabletInputService - ok
15:36:58.0250 0x1548  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:36:58.0358 0x1548  TapiSrv - ok
15:36:58.0385 0x1548  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
15:36:58.0499 0x1548  TBS - ok
15:36:58.0642 0x1548  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:36:58.0788 0x1548  Tcpip - ok
15:36:58.0896 0x1548  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:36:59.0029 0x1548  TCPIP6 - ok
15:36:59.0153 0x1548  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:36:59.0194 0x1548  tcpipreg - ok
15:36:59.0257 0x1548  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:36:59.0335 0x1548  TDPIPE - ok
15:36:59.0397 0x1548  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:36:59.0436 0x1548  TDTCP - ok
15:36:59.0488 0x1548  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:36:59.0569 0x1548  tdx - ok
15:36:59.0637 0x1548  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:36:59.0676 0x1548  TermDD - ok
15:36:59.0778 0x1548  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
15:36:59.0875 0x1548  TermService - ok
15:36:59.0942 0x1548  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
15:37:00.0015 0x1548  Themes - ok
15:37:00.0047 0x1548  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:37:00.0181 0x1548  THREADORDER - ok
15:37:00.0228 0x1548  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
15:37:00.0320 0x1548  TrkWks - ok
15:37:00.0405 0x1548  [ 746B8CF9CEDEDDD865472544EDF626DA, 17B41796D8E3252695E6BA7AC32E51E09F79FEC6426A4A8462290144E3DDF858 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
15:37:00.0456 0x1548  truecrypt - ok
15:37:00.0579 0x1548  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:37:00.0684 0x1548  TrustedInstaller - ok
15:37:00.0746 0x1548  [ B89F89A2308E9569A1022A50F78C5506, 375C4A11F78A1335269657012DC57093C6E1A7B1460094B0C265179409F01554 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:00.0787 0x1548  tssecsrv - ok
15:37:00.0836 0x1548  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:37:00.0910 0x1548  TsUsbFlt - ok
15:37:00.0921 0x1548  tsusbhub - ok
15:37:01.0002 0x1548  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:37:01.0102 0x1548  tunnel - ok
15:37:01.0143 0x1548  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:37:01.0185 0x1548  uagp35 - ok
15:37:01.0256 0x1548  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:37:01.0373 0x1548  udfs - ok
15:37:01.0417 0x1548  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:37:01.0472 0x1548  UI0Detect - ok
15:37:01.0521 0x1548  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:37:01.0553 0x1548  uliagpkx - ok
15:37:01.0592 0x1548  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:37:01.0621 0x1548  umbus - ok
15:37:01.0649 0x1548  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:37:01.0676 0x1548  UmPass - ok
15:37:01.0725 0x1548  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:37:01.0771 0x1548  UmRdpService - ok
15:37:01.0833 0x1548  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
15:37:01.0961 0x1548  upnphost - ok
15:37:02.0134 0x1548  [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9, B54B558136FF621A4C63945CF982780CD9C61F3CB15143D73B550E6D0C14A246 ] UPnPService     C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
15:37:02.0190 0x1548  UPnPService - detected UnsignedFile.Multi.Generic ( 1 )
15:37:04.0670 0x1548  Detect skipped due to KSN trusted
15:37:04.0671 0x1548  UPnPService - ok
15:37:04.0747 0x1548  [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
15:37:04.0795 0x1548  USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
15:37:07.0240 0x1548  Detect skipped due to KSN trusted
15:37:07.0240 0x1548  USBAAPL - ok
15:37:07.0383 0x1548  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:37:07.0501 0x1548  usbaudio - ok
15:37:08.0019 0x1548  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:08.0089 0x1548  usbccgp - ok
15:37:08.0164 0x1548  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:37:08.0218 0x1548  usbcir - ok
15:37:08.0301 0x1548  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:37:08.0375 0x1548  usbehci - ok
15:37:08.0444 0x1548  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:37:08.0544 0x1548  usbhub - ok
15:37:08.0677 0x1548  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:37:08.0781 0x1548  usbohci - ok
15:37:08.0905 0x1548  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:37:08.0999 0x1548  usbprint - ok
15:37:09.0119 0x1548  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:37:09.0164 0x1548  usbscan - ok
15:37:09.0226 0x1548  [ 31181DE6190B39FC8007DFFD1A48FFD6, 1C143E0EA88F1DF10E5B5CBA92139831FF7E6DB56CEBF3725036FE114D81AE25 ] usbser          C:\Windows\system32\drivers\usbser.sys
15:37:09.0291 0x1548  usbser - ok
15:37:09.0352 0x1548  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:09.0419 0x1548  USBSTOR - ok
15:37:09.0482 0x1548  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:37:09.0546 0x1548  usbuhci - ok
15:37:09.0574 0x1548  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:37:09.0611 0x1548  usbvideo - ok
15:37:09.0641 0x1548  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
15:37:09.0712 0x1548  UxSms - ok
15:37:09.0777 0x1548  [ 537463850663F2EDC50AF884D92C0096, C66AC5389D3622DA6B38CDBAE76D34D0634A5B3F22779C07C9737A24DE63B11E ] VaultSvc        C:\Windows\system32\lsass.exe
15:37:09.0810 0x1548  VaultSvc - ok
15:37:09.0915 0x1548  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:37:09.0944 0x1548  vdrvroot - ok
15:37:10.0099 0x1548  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
15:37:10.0248 0x1548  vds - ok
15:37:10.0305 0x1548  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:10.0369 0x1548  vga - ok
15:37:10.0396 0x1548  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:37:10.0537 0x1548  VgaSave - ok
15:37:10.0554 0x1548  VGPU - ok
15:37:10.0606 0x1548  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:37:10.0639 0x1548  vhdmp - ok
15:37:10.0660 0x1548  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:37:10.0689 0x1548  viaagp - ok
15:37:10.0720 0x1548  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:37:10.0768 0x1548  ViaC7 - ok
15:37:10.0846 0x1548  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:37:10.0870 0x1548  viaide - ok
15:37:10.0929 0x1548  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:37:10.0962 0x1548  vmbus - ok
15:37:10.0985 0x1548  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:37:11.0021 0x1548  VMBusHID - ok
15:37:11.0052 0x1548  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:37:11.0080 0x1548  volmgr - ok
15:37:11.0122 0x1548  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:37:11.0159 0x1548  volmgrx - ok
15:37:11.0208 0x1548  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:37:11.0234 0x1548  volsnap - ok
15:37:11.0281 0x1548  [ B26536ADD1D748CDA104D856C979AE79, C88FBCD63DB3607232616FAB989F0FD7FB00ED542E6AC1BC76076A7C13A6FB22 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
15:37:11.0307 0x1548  vpcbus - ok
15:37:11.0420 0x1548  [ 5F4B55E91CE7E2523C9E1E0ECE858869, 3C395198C1845A15C4E39888383587A5E481E2761B885DBB5FC2C17C7075E6B4 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
15:37:11.0486 0x1548  vpcusb - ok
15:37:11.0555 0x1548  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:37:11.0605 0x1548  vsmraid - ok
15:37:11.0776 0x1548  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
15:37:12.0332 0x1548  VSS - ok
15:37:12.0403 0x1548  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:37:12.0441 0x1548  vwifibus - ok
15:37:12.0491 0x1548  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:37:12.0528 0x1548  vwififlt - ok
15:37:12.0587 0x1548  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:37:12.0622 0x1548  vwifimp - ok
15:37:12.0673 0x1548  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
15:37:12.0759 0x1548  W32Time - ok
15:37:12.0864 0x1548  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:37:12.0889 0x1548  WacomPen - ok
15:37:12.0930 0x1548  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:37:13.0030 0x1548  WANARP - ok
15:37:13.0143 0x1548  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:37:13.0220 0x1548  Wanarpv6 - ok
15:37:13.0405 0x1548  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:37:13.0547 0x1548  WatAdminSvc - ok
15:37:13.0704 0x1548  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
15:37:13.0825 0x1548  wbengine - ok
15:37:13.0893 0x1548  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:37:13.0937 0x1548  WbioSrvc - ok
15:37:13.0992 0x1548  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:37:14.0054 0x1548  wcncsvc - ok
15:37:14.0083 0x1548  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:37:14.0130 0x1548  WcsPlugInService - ok
15:37:14.0165 0x1548  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:37:14.0202 0x1548  Wd - ok
15:37:14.0293 0x1548  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:37:14.0376 0x1548  Wdf01000 - ok
15:37:14.0433 0x1548  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:37:14.0499 0x1548  WdiServiceHost - ok
15:37:14.0511 0x1548  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:37:14.0562 0x1548  WdiSystemHost - ok
15:37:14.0617 0x1548  [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient       C:\Windows\System32\webclnt.dll
15:37:14.0687 0x1548  WebClient - ok
15:37:14.0737 0x1548  [ F56A25B240391620B6E31ACF656F2018, 38FEF5616E68FCAFF7B573611EEFEC1B330424BD39D88364E44C4C125FF7E235 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:37:14.0803 0x1548  Wecsvc - ok
15:37:14.0833 0x1548  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:37:14.0932 0x1548  wercplsupport - ok
15:37:14.0973 0x1548  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
15:37:15.0081 0x1548  WerSvc - ok
15:37:15.0126 0x1548  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:37:15.0205 0x1548  WfpLwf - ok
15:37:15.0246 0x1548  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:37:15.0284 0x1548  WIMMount - ok
15:37:15.0417 0x1548  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:37:15.0509 0x1548  WinDefend - ok
15:37:15.0558 0x1548  WinHttpAutoProxySvc - ok
15:37:15.0655 0x1548  [ 320B13F43726EB73B2D7AE8869AFAACE, 56E882AA2749F401C28EE3DE2D23088C479CDE54E4CD4FBCC18374F348332607 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:37:15.0719 0x1548  Winmgmt - ok
15:37:15.0970 0x1548  [ 895AD0D039FAAE12D4C25E028051344C, 49FCB06EF59846CAC665BCFA1D0B0CCB7A52B414FA80FE97438B5CE2AD60C31D ] WinRM           C:\Windows\system32\WsmSvc.dll
15:37:16.0149 0x1548  WinRM - ok
15:37:16.0202 0x1548  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:37:16.0254 0x1548  WinUsb - ok
15:37:16.0343 0x1548  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:37:16.0423 0x1548  Wlansvc - ok
15:37:16.0590 0x1548  [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:37:16.0761 0x1548  wlidsvc - ok
15:37:16.0844 0x1548  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:37:16.0909 0x1548  WmiAcpi - ok
15:37:16.0969 0x1548  [ A1BCA34F741D285E8A7CD3F3E734BBBD, 0BD51632576ECDBF99560AD3F57B1A819C7216840818328C44C471471009AA8B ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:37:17.0033 0x1548  wmiApSrv - ok
15:37:17.0184 0x1548  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:37:17.0337 0x1548  WMPNetworkSvc - ok
15:37:17.0396 0x1548  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:37:17.0457 0x1548  WPCSvc - ok
15:37:17.0513 0x1548  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:37:17.0577 0x1548  WPDBusEnum - ok
15:37:17.0658 0x1548  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:37:17.0752 0x1548  ws2ifsl - ok
15:37:17.0797 0x1548  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:37:17.0875 0x1548  wscsvc - ok
15:37:17.0923 0x1548  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:37:17.0991 0x1548  WSDPrintDevice - ok
15:37:18.0020 0x1548  WSearch - ok
15:37:18.0237 0x1548  [ 3EFC48CE17BE25D2F8C04C5A0FAE1F53, 6439396AE1C59966E3C0DF519956F9D25568155174004F9562F764CEF8A49802 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:37:18.0490 0x1548  wuauserv - ok
15:37:18.0596 0x1548  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:37:18.0676 0x1548  WudfPf - ok
15:37:18.0740 0x1548  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:18.0792 0x1548  WUDFRd - ok
15:37:18.0874 0x1548  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:37:18.0926 0x1548  wudfsvc - ok
15:37:18.0997 0x1548  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:37:19.0079 0x1548  WwanSvc - ok
15:37:19.0221 0x1548  [ 00F95FC28F3909EA0DD3E554ED052051, 62F875D1BB18AD02705CD21BF459F7A1B854760CC2E45BA2693139B490427340 ] YMIDUSBW        C:\Windows\system32\drivers\ymidusbw.sys
15:37:19.0260 0x1548  YMIDUSBW - ok
15:37:19.0334 0x1548  ================ Scan global ===============================
15:37:19.0412 0x1548  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
15:37:19.0471 0x1548  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
15:37:19.0508 0x1548  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
15:37:19.0548 0x1548  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
15:37:19.0624 0x1548  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
15:37:19.0646 0x1548  [ Global ] - ok
15:37:19.0647 0x1548  ================ Scan MBR ==================================
15:37:19.0672 0x1548  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:37:20.0869 0x1548  \Device\Harddisk0\DR0 - ok
15:37:20.0880 0x1548  [ 7CC29C183A5FAA6F5D38D113834B4AF0 ] \Device\Harddisk1\DR1
15:37:21.0031 0x1548  \Device\Harddisk1\DR1 - ok
15:37:21.0032 0x1548  ================ Scan VBR ==================================
15:37:21.0040 0x1548  [ 07E83F181168BEAB3D3A0C3990D84A1E ] \Device\Harddisk0\DR0\Partition1
15:37:21.0044 0x1548  \Device\Harddisk0\DR0\Partition1 - ok
15:37:21.0054 0x1548  [ E23FD81752FCFC21F7B76ED2AEFEB7D1 ] \Device\Harddisk0\DR0\Partition2
15:37:21.0058 0x1548  \Device\Harddisk0\DR0\Partition2 - ok
15:37:21.0067 0x1548  [ 9AC35CB5C37F196D4E1B8CCEAFA383BD ] \Device\Harddisk0\DR0\Partition3
15:37:21.0074 0x1548  \Device\Harddisk0\DR0\Partition3 - ok
15:37:21.0084 0x1548  [ FEE2D708FA1ADA404D02695D29279AE3 ] \Device\Harddisk1\DR1\Partition1
15:37:21.0088 0x1548  \Device\Harddisk1\DR1\Partition1 - ok
15:37:21.0092 0x1548  ================ Scan generic autorun ======================
15:37:21.0169 0x1548  [ C73246FA31664106496BBBCCC0D278D2, 68D576F10D89E75C1EE583168F8E21F58E8EDCA27C329BF35508FEA5979B93E9 ] C:\Program Files\Elantech\ETDCtrl.exe
15:37:21.0227 0x1548  ETDWare - ok
15:37:21.0283 0x1548  [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
15:37:21.0317 0x1548  HControlUser - ok
15:37:21.0557 0x1548  [ 2DC2C370F785AD5B2717A205238B03E2, 50D002FF269741855986179D4B9D5A820C04E881B624AFEF0B76E80A68930F3D ] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
15:37:21.0785 0x1548  NvBackend - ok
15:37:21.0837 0x1548  [ 99A8E89C5D93E067DDFEBE6F0CB837CE, AE15EF3BF6307870040CA48D6F96E3179BA222C6255C002FA853441484C8FE28 ] C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
15:37:21.0859 0x1548  PSUAMain - ok
15:37:21.0894 0x1548  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
15:37:21.0947 0x1548  ShadowPlay - ok
15:37:21.0988 0x1548  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
15:37:22.0027 0x1548  mctadmin - ok
15:37:22.0037 0x1548  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
15:37:22.0074 0x1548  mctadmin - ok
15:37:22.0164 0x1548  GoogleDriveSync - ok
15:37:22.0312 0x1548  [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
15:37:22.0345 0x1548  Dropbox Update - ok
15:37:22.0377 0x1548  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
15:37:22.0414 0x1548  mctadmin - ok
15:37:22.0423 0x1548  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
15:37:22.0460 0x1548  mctadmin - ok
15:37:22.0471 0x1548  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
15:37:22.0509 0x1548  mctadmin - ok
15:37:22.0518 0x1548  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
15:37:22.0555 0x1548  mctadmin - ok
15:37:22.0557 0x1548  Waiting for KSN requests completion. In queue: 84
15:37:23.0557 0x1548  Waiting for KSN requests completion. In queue: 84
15:37:24.0557 0x1548  Waiting for KSN requests completion. In queue: 84
15:37:25.0588 0x1548  AV detected via SS2: Panda Free Antivirus, C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe ( 1.0.0.0 ), 0x71000 ( enabled : updated )
15:37:25.0592 0x1548  FW detected via SS2: Panda Firewall, C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe ( 1.0.0.0 ), 0x72010 ( disabled )
15:37:25.0602 0x1548  Win FW state via NFP2: enabled ( trusted )
15:37:28.0048 0x1548  ============================================================
15:37:28.0048 0x1548  Scan finished
15:37:28.0048 0x1548  ============================================================
15:37:28.0076 0x0af8  Detected object count: 0
15:37:28.0076 0x0af8  Actual detected object count: 0

schrauber · 30.09.2015, 14:20

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Cudjo · 01.10.2015, 11:43

Auch Combofix ist durchgelaufen ohne Fehler, Warnungen oder sonstige Hinweise.

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 15-09-25.01 - Kuyumo 30.09.2015  16:07:20.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.1927 [GMT 2:00]
ausgeführt von:: c:\users\Kuyumo\Desktop\ComboFix.exe
AV: Panda Free Antivirus *Disabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
SP: Panda Free Antivirus *Disabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kuyumo\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-08-28 bis 2015-09-30  ))))))))))))))))))))))))))))))
.
.
2015-09-30 14:24 . 2015-09-30 14:24	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-09-30 14:24 . 2015-09-30 14:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-09-29 11:12 . 2015-09-29 13:33	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-09-29 11:09 . 2015-08-31 23:05	8884144	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E2A2408-8D6B-41A5-953E-E61489611DFD}\mpengine.dll
2015-09-28 07:25 . 2015-01-29 17:21	50320	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2015-09-26 21:53 . 2015-07-18 13:08	19808	----a-w-	c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-26 21:53 . 2015-07-18 13:08	17760	----a-w-	c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-26 21:53 . 2015-07-18 13:08	14176	----a-w-	c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-26 21:53 . 2015-07-18 13:08	12640	----a-w-	c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-26 21:53 . 2015-07-18 13:08	12128	----a-w-	c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-26 21:53 . 2015-07-18 13:08	12128	----a-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-26 21:53 . 2015-07-18 13:08	11616	----a-w-	c:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-26 21:53 . 2015-07-18 13:08	11616	----a-w-	c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-26 21:53 . 2015-07-18 13:08	11616	----a-w-	c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-26 21:41 . 2015-09-26 21:45	--------	d-----w-	C:\FRST
2015-09-25 10:05 . 2015-09-29 11:12	170200	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-25 10:05 . 2015-09-29 11:11	94936	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-09-25 10:05 . 2015-06-18 06:41	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-09-25 10:05 . 2015-06-18 06:41	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-09-25 10:05 . 2015-09-25 10:05	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-09-25 10:05 . 2015-09-25 10:05	--------	d-----w-	c:\programdata\Malwarebytes
2015-09-22 18:14 . 2015-09-22 19:14	18819272	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2015-09-13 11:17 . 2015-09-13 11:17	--------	d-----w-	c:\program files\AGEIA Technologies
2015-09-13 11:12 . 2015-08-18 08:47	24200312	----a-w-	c:\windows\system32\nvoglv32.dll
2015-09-13 11:12 . 2015-08-18 08:47	11272048	----a-w-	c:\windows\system32\nvopencl.dll
2015-09-13 11:12 . 2015-08-18 08:47	907440	----a-w-	c:\windows\system32\NvIFR.dll
2015-09-13 11:12 . 2015-08-18 08:47	10704560	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2015-09-13 11:12 . 2015-08-18 08:47	912688	----a-w-	c:\windows\system32\nvdispgenco3234181.dll
2015-09-13 11:12 . 2015-08-18 08:47	869040	----a-w-	c:\windows\system32\NvFBC.dll
2015-09-13 11:12 . 2015-08-18 08:47	3987576	----a-w-	c:\windows\system32\nvcuvid.dll
2015-09-13 11:12 . 2015-08-18 08:47	11209376	----a-w-	c:\windows\system32\nvcuda.dll
2015-09-13 11:12 . 2015-08-18 08:47	1059504	----a-w-	c:\windows\system32\nvdispco3234181.dll
2015-09-13 11:12 . 2015-08-18 08:47	15294072	----a-w-	c:\windows\system32\nvcompiler.dll
2015-09-13 09:47 . 2015-08-04 17:46	96768	----a-w-	c:\windows\system32\appidpolicyconverter.exe
2015-09-13 09:43 . 2015-07-15 02:54	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-30 13:57 . 2010-12-27 16:09	17408	----a-w-	c:\windows\system32\rpcnetp.exe
2015-09-30 10:38 . 2010-12-27 16:36	78032	----a-w-	c:\windows\system32\rpcnet.dll
2015-09-22 19:14 . 2012-04-03 10:28	780488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-09-22 19:14 . 2011-09-17 16:08	142536	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-21 18:29 . 2010-12-27 16:10	17408	----a-w-	c:\windows\system32\rpcnetp.dll
2015-08-18 08:47 . 2014-11-06 20:37	16128768	----a-w-	c:\windows\system32\nvwgf2um.dll
2015-08-18 08:47 . 2014-11-06 20:37	14497568	----a-w-	c:\windows\system32\nvd3dum.dll
2015-08-18 08:47 . 2013-09-05 01:37	2824176	----a-w-	c:\windows\system32\nvapi.dll
2015-08-18 08:47 . 2012-09-25 16:01	60720	----a-w-	c:\windows\system32\OpenCL.dll
2015-08-17 23:28 . 2012-09-25 16:02	3062064	----a-w-	c:\windows\system32\nvsvc.dll
2015-08-17 23:28 . 2012-09-25 16:02	4388016	----a-w-	c:\windows\system32\nvcpl.dll
2015-08-17 23:28 . 2012-09-25 16:02	670512	----a-w-	c:\windows\system32\nvvsvc.exe
2015-08-17 23:28 . 2012-09-25 16:02	61744	----a-w-	c:\windows\system32\nvshext.dll
2015-08-17 23:28 . 2012-09-25 16:02	2554488	----a-w-	c:\windows\system32\nvsvcr.dll
2015-08-17 23:28 . 2012-09-25 16:02	375088	----a-w-	c:\windows\system32\nvmctray.dll
2015-07-30 17:57 . 2015-08-11 18:14	909824	----a-w-	c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-11 18:14	1251328	----a-w-	c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-11 18:14	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-11 21:16	103120	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:04 . 2015-08-11 18:16	15808	----a-w-	c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:00 . 2015-08-11 18:16	635904	----a-w-	c:\windows\system32\invagent.dll
2015-07-28 20:00 . 2015-08-11 18:16	598528	----a-w-	c:\windows\system32\generaltel.dll
2015-07-28 20:00 . 2015-08-11 18:16	346112	----a-w-	c:\windows\system32\devinv.dll
2015-07-28 20:00 . 2015-08-11 18:16	952832	----a-w-	c:\windows\system32\appraiser.dll
2015-07-28 20:00 . 2015-08-11 18:16	60416	----a-w-	c:\windows\system32\acmigration.dll
2015-07-28 20:00 . 2015-08-11 18:16	202752	----a-w-	c:\windows\system32\aepdu.dll
2015-07-28 19:54 . 2015-08-11 18:16	934400	----a-w-	c:\windows\system32\aeinv.dll
2015-07-16 19:12 . 2015-08-11 18:15	856064	----a-w-	c:\windows\system32\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-11 18:15	53248	----a-w-	c:\windows\system32\tsgqec.dll
2015-07-16 19:12 . 2015-08-11 18:15	6131200	----a-w-	c:\windows\system32\mstscax.dll
2015-07-16 15:14 . 2015-08-11 18:15	355840	----a-w-	c:\windows\system32\wksprt.exe
2015-07-15 18:37 . 2015-08-11 18:16	2560	----a-w-	c:\windows\system32\drivers\de-DE\mountmgr.sys.mui
2015-07-15 17:59 . 2015-08-11 18:16	78784	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:55 . 2015-08-11 18:16	1159168	----a-w-	c:\windows\system32\sysmain.dll
2015-07-15 17:54 . 2015-08-11 18:16	10752	----a-w-	c:\windows\system32\msmmsp.dll
2015-07-15 02:55 . 2015-08-11 18:12	44032	----a-w-	c:\windows\system32\basesrv.dll
2015-07-09 18:43 . 2014-05-06 21:21	48496	----a-w-	c:\windows\system32\identprv.dll
2015-07-09 17:42 . 2015-08-11 18:16	179712	----a-w-	c:\windows\system32\notepad.exe
2015-07-09 17:42 . 2015-08-11 18:16	179712	----a-w-	c:\windows\notepad.exe
2015-07-04 17:48 . 2015-07-15 17:22	1414656	----a-w-	c:\windows\system32\ole32.dll
2012-10-31 05:50 . 2012-11-01 17:50	44	---h--w-	c:\program files\04aeb981.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 07:23	576840	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 07:23	576840	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 07:23	576840	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-08-19 18:15	1585760	----a-w-	c:\users\Kuyumo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-08-19 18:15	1585760	----a-w-	c:\users\Kuyumo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-08-19 18:15	1585760	----a-w-	c:\users\Kuyumo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-08-19 18:15	1585760	----a-w-	c:\users\Kuyumo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-08-19 18:15	1585760	----a-w-	c:\users\Kuyumo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2015-04-02 23:06	5598208	----a-w-	c:\users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2015-04-02 23:06	5598208	----a-w-	c:\users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2015-04-02 23:06	5598208	----a-w-	c:\users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2015-04-02 23:06	5598208	----a-w-	c:\users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2015-04-02 23:06	5598208	----a-w-	c:\users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2015-04-02 23:06	5598208	----a-w-	c:\users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2015-04-02 23:06	5598208	----a-w-	c:\users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2015-04-02 23:06	5598208	----a-w-	c:\users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2015-07-29 22344224]
"Dropbox Update"="c:\users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-17 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-24 2754704]
"PSUAMain"="c:\program files\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2015-06-24 1320120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="c:\users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe" [2015-04-11 13400208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X]
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X]
"panda4_1dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_1dn" [X]
"panda4_1dn_XP"="reg.exe delete HKCU\Software\panda4_1dn" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Kuyumo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk]
path=c:\users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
backup=c:\windows\pss\An OneNote senden.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Kuyumo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 10:55	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun]
2010-12-27 16:59	233472	----a-w-	c:\program files\AmIcoSingLun\AmIcoSinglun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-03-13 11:10	5529880	----a-w-	c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copy]
2015-04-11 03:39	13400208	----a-w-	c:\users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33	4910912	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2012-11-13 18:13	450560	----a-w-	c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2012-11-30 02:06	1263512	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2015-06-24 11:36	1320120	----a-w-	c:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2007-03-29 10:05	90112	----a-w-	c:\program files\MAGIX\Video_deluxe_2007_2008\Trayserver.exe
.
R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-06-18 1133880]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488]
R3 AXIOM;Service for M-Audio Axiom;c:\windows\system32\DRIVERS\MAudioAxiom.sys [2010-02-19 115336]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-02-17 112128]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys [2012-01-05 48472]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-26 12400]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-08-15 102912]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX2.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-11 1343400]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2011-05-10 34280]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R4 PDF Architect 2 Creator;PDF Architect 2 Creator;c:\program files\PDF Architect 2\creator-ws.exe [2014-06-26 738856]
R4 PDF Architect 2;PDF Architect 2;c:\program files\PDF Architect 2\ws.exe [2014-06-26 1771560]
R4 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files\PDF Architect 2\crash-handler-ws.exe [2014-06-26 861736]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R4 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-08 232512]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2015-02-09 86800]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2015-02-09 202128]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [2015-02-09 109584]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2015-02-09 126480]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2014-12-31 41744]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2015-02-09 99856]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2015-02-09 61712]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2015-02-09 120592]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2015-02-09 281232]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2015-02-09 205456]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2015-02-09 108432]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2015-02-09 239888]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2015-02-09 94864]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2015-02-25 168208]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2014-05-31 110304]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-07-16 244392]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-06-24 919184]
S2 NanoServiceMain;Panda Protection Service;c:\program files\Panda Security\Panda Security Protection\PSANHost.exe [2015-02-26 142584]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-06-24 1868432]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-06-24 20694160]
S2 PandaAgent;Panda Devices Agent;c:\program files\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-09 66808]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2015-02-25 140048]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2015-02-25 105232]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2015-02-25 113936]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2015-02-25 124688]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys [2015-02-25 100624]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Security Protection\PSUAService.exe [2015-02-26 38136]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-12-27 27136]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-06-24 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-05-19 41648]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2015-01-29 50320]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-27 187392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
utcsvc	REG_MULTI_SZ   	DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-28 12:50	997704	----a-w-	c:\program files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:14]
.
2015-09-29 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000Core.job
- c:\users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 19:47]
.
2015-09-30 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000UA.job
- c:\users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 19:47]
.
2015-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 16:19]
.
2015-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 16:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
mStart Page = www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: c:\windows\system32\RSLSP.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: !HIDDEN! 2014-02-26 15:54; quick_start@gmail.com; c:\users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\extensions\quick_start@gmail.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime Alternative\QTTask.exe
MSConfigStartUp-StereoLinksInstall - c:\program files\NVIDIA Corporation\3D Vision\nvstlink.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-09-30  16:29:15
ComboFix-quarantined-files.txt  2015-09-30 14:29
.
Vor Suchlauf: 9.051.283.456 Bytes frei
Nach Suchlauf: 8.872.796.160 Bytes frei
.
- - End Of File - - 090FF9B35BCB1C1C21446C1F49234C87
         
 --- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 02.10.2015, 07:13

Sieht gut aus. Wir entfernen noch bissl Adware.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Cudjo · 02.10.2015, 10:54

Na das freut mich doch zu hören!

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v5.009 - Bericht erstellt am 02/10/2015 um 11:24:22
# Aktualisiert am 27/09/2015 von Xplode
# Datenbank : 2015-09-30.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)
# Benutzername : Kuyumo - KUYUMO-PC
# Gestartet von : C:\Users\Kuyumo\Desktop\Trojaner suche\Software\AdwCleaner_5.009.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files\FLV Player
[-] Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
[-] Ordner Gelöscht : C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci
[-] Ordner Gelöscht : C:\Users\Kuyumo\AppData\LocalLow\Conduit
[-] Ordner Gelöscht : C:\Users\Kuyumo\AppData\Roaming\dvdvideosoftiehelpers
[-] Ordner Gelöscht : C:\Users\Kuyumo\AppData\Roaming\pdfforge

***** [ Dateien ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****

[-] Task Gelöscht : Adobe Flash Player Updater

***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
[-] Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FLVPlayer.exe
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\Software\AppDataLow\Software\Toolbar

***** [ Internetbrowser ] *****

[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550..clientLogIsEnabled", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.AppTrackingLastCheckTime", "Thu Nov 03 2011 08:40:28 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.CTID", "CT2613550");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.CurrentServerDate", "9-11-2011");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.DSChangedManually", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.DSInstall", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.DialogsGetterLastCheckTime", "Sun Nov 06 2011 13:55:28 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.DownloadReferralCookieData", "");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Thu Nov 03 2011 08:40:04 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.FirstServerDate", "3-11-2011");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.FirstTime", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.FirstTimeFF3", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.HPInstall", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.HomePageProtectorEnabled", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.Initialize", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.InstallationType", "UnknownIntegration");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.InstalledDate", "Thu Nov 03 2011 08:40:24 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.IsAlertDBUpdated", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.IsGrouping", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.IsInitSetupIni", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.IsMulticommunity", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.IsOpenThankYouPage", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.IsOpenUninstallPage", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.IsProtectorsInit", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Wed Nov 09 2011 09:01:58 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.LastLogin_3.7.0.6", "Mon Nov 07 2011 22:33:46 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.LastLogin_3.8.0.8", "Wed Nov 09 2011 09:01:55 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.LatestVersion", "3.8.0.8");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.Locale", "de-de");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.MCDetectTooltipShow", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.MyStuffEnabledAtInstallation", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.OriginalFirstVersion", "3.7.0.6");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SHRINK_TOOLBAR", 1);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchCaption", "ZoneAlarm-Sicherheit Customized Web Search");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Wed Nov 09 2011 09:01:54 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchInNewTabUserEnabled", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchProtectorEnabled", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SearchProtectorToolbarDisabled", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SendProtectorDataViaLogin", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Wed Nov 09 2011 09:01:54 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Wed Nov 09 2011 09:01:54 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1319568605");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Thu Nov 03 2011 08:39:58 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255344657");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.UserID", "UN72205693768899360");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.ValidationData_Search", 0);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.ValidationData_Toolbar", 0);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.WeatherNetwork", "");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.WeatherPollDate", "Wed Nov 09 2011 10:01:58 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.WeatherUnit", "C");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.alertChannelId", "1006347");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.approveUntrustedApps", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.components.1000034", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.components.1000080", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.components.1000234", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.components.1001", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.components.1003", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.components.1007", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.components.129171076489169448", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.globalFirstTimeInfoLastCheckTime", "Wed Nov 09 2011 09:01:58 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.initDone", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.isAppTrackingManagerOn", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.myStuffEnabled", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129539182460150402,129539182525463225,129171076489169448,1000034,1000080,1000082,1000234,1000,1001,1002[...]
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.revertSettingsEnabled", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.searchProtectorEnableByLogin", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.testingCtid", "");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.toolbarAppMetaDataLastCheckTime", "Wed Nov 09 2011 09:01:58 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.toolbarContextMenuLastCheckTime", "Thu Nov 03 2011 08:40:26 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.usageEnabled", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CT2613550.usagesFlag", 1);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "ZoneAlarm-Sicherheit Customized Web Search");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de-de", "oIwsta2spzadhjRgiY1Nhw==");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de-de", "WiZSpHJzJ/uTUKvfHHyj/w==");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de-de", "9H/gICSaMqbmx+Gd+8W4Sg==");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de-de", "eJfMrdrGnhGHiiPiYjgAww==");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kuyumo\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\jjs1avai.default\\conduitCommon\\modules\\3.8.0.8");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2613550");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Nov 03 2011 08:40:26 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.globalUserId", "9e28deb1-86df-4c23-86c0-ddeffd4748d9");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 03 2011 08:40:06 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Nov 07 2011 22:33:54 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Nov 07 2011 22:33:46 GMT+0100");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.notifications.userId", "6b78d980-8826-4820-a79e-a0b2aa6a3242");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Ecosia");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search");
[-] [C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}");
[-] [C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : recover-my-ipod.softonic.de
[-] [C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Gelöscht : hxxp://aartemis.com/?type=hp&ts=1388738059&from=cor&uid=3219913727_1789_6009F25C
[-] [C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Gelöscht : hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567
[-] [C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : ifohbjbgfchkkfhphahclmkpgejiplfo
[-] [C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : libedajeiljdoodmokbppgapcfbignci
[-] [C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : nikpibnbobmbdbheedjfogjlikpgpnhp
[-] [C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : ogfjmhfnldnajmfaofeiaepghjenbgjo

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [29531 Bytes] ##########

--- --- ---

[/CODE]

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Ultimate x86
Ran by Kuyumo on 02.10.2015 at 11:40:24,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}



~~~ Files

Successfully deleted: [File] C:\Users\Kuyumo\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0.localstorage



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Kuyumo\Appdata\Local\{336882B5-134C-4945-9149-4FEE64F56CDD}
Successfully deleted: [Empty Folder] C:\Users\Kuyumo\Appdata\Local\{5327513D-6DFA-4CCA-866B-22010E2998BE}
Successfully deleted: [Empty Folder] C:\Users\Kuyumo\Appdata\Local\{564A2A1F-3E71-448B-AD08-46F78DA97603}
Successfully deleted: [Empty Folder] C:\Users\Kuyumo\Appdata\Local\{5E56370A-AA92-4AC9-873B-1ECF8A5370E1}
Successfully deleted: [Empty Folder] C:\Users\Kuyumo\Appdata\Local\{94A8690A-DA37-4977-8777-F6DA1BF33314}
Successfully deleted: [Empty Folder] C:\Users\Kuyumo\Appdata\Local\{A41E2D31-DAE7-4B9A-8907-C56E7382A995}
Successfully deleted: [Empty Folder] C:\Users\Kuyumo\Appdata\Local\{D22E09E5-8186-43F8-B885-B36FCB4264B2}
Successfully deleted: [Folder] C:\Windows\System32\ai_recyclebin



~~~ FireFox

Successfully deleted: [File] C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Emptied folder: C:\Users\Kuyumo\AppData\Roaming\mozilla\firefox\profiles\jjs1avai.default\minidumps [81 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Kuyumo\Appdata\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla

[C:\Users\Kuyumo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Kuyumo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ajpgkpeckebdhofmmjfgcjjiiejpodla

[C:\Users\Kuyumo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Kuyumo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ajpgkpeckebdhofmmjfgcjjiiejpodla
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.10.2015 at 11:45:41,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
durchgeführt von Kuyumo (Administrator) auf KUYUMO-PC (02-10-2015 11:47:17)
Gestartet von C:\Users\Kuyumo\Desktop\Trojaner suche\Software
Geladene Profile: Kuyumo (Verfügbare Profile: Kuyumo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [497024 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\Run: [Dropbox Update] => C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe [13400208 2015-04-11] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{157083F9-E1BC-43FB-9031-4D9F7C095960}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Tcpip\..\Interfaces\{D06B54E8-0068-4988-97D0-1FFDB3AC2F07}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F2FE0A98-C1E7-4857-99A5-1D9E871E5B89}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Tcpip\..\Interfaces\{F97E0CC5-690B-4B30-961A-9D3D96B3FBAC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = 
SearchScopes: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000 -> {58ADF134-0921-45D6-927B-2B7BE8E16062} URL = hxxp://www.ecosia.org/search.php?q={searchTerms}&service=
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-02-02] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll [2014-06-26] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3683629333-2777190142-3868084316-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kuyumo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll Keine Datei
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\searchplugins\ecosia.xml [2014-01-13]
FF Extension: Xmarks - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\foxmarks@kei.com [2015-06-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-11-01]
FF Extension: Hide My Ass! Web Proxy - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\extension@hidemyass.com.xpi [2014-08-12]
FF Extension: stealthy - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\stealthyextension@gmail.com.xpi [2012-02-11]
FF Extension: NoScript - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-11-23]
FF Extension: Mozilla Archive Format - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2014-08-07]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-11-19]
FF Extension: Adblock Plus - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-19]
FF Extension: QuickWiki - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi [2011-09-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-13]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR DefaultSearchKeyword: Default -> hma
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Google Talk Plugin) - C:\Users\Kuyumo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll => Keine Datei
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Kuyumo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => Keine Datei
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Kuyumo\AppData\Roaming\Mozilla\plugins\npo1d.dll => Keine Datei
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll => Keine Datei
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => Keine Datei
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll => Keine Datei
CHR Profile: C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-21]
CHR Extension: (Google Drive) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-21]
CHR Extension: (YouTube) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-21]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2013-04-21]
CHR Extension: (Google-Suche) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-21]
CHR Extension: (Google Kalender) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-08-16]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-21]
CHR Extension: (Google Notizen – Notizen & Listen) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-08-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-15]
CHR Extension: (Google Zeichnungen) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-08-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-21]
CHR Extension: (TabCloud) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2013-04-21]
CHR Extension: (Google Mail) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-21]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Datei ist nicht signiert]
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S4 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [Datei ist nicht signiert]
S2 FoxitCloudUpdateService; C:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [919184 2015-06-24] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20694160 2015-06-24] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S4 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S4 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
S2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-18] (Absolute Software Corp.)
S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S4 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2014-05-31] (Protect Software GmbH)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2010-12-27] (Alcor Micro, Corp.)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S3 AXIOM; C:\Windows\System32\DRIVERS\MAudioAxiom.sys [115336 2010-02-19] (M-Audio)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [Datei ist nicht signiert]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-11-08] (DT Soft Ltd)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [87040 2009-07-29] (ELAN Microelectronic Corp.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [48472 2012-01-05] (Focusrite Audio Engineering Limited.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2010-12-27] (ASUS)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [86800 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202128 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109584 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [126480 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [41744 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99856 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61712 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120592 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281232 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [205456 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108432 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [239888 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94864 2015-02-09] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [41648 2015-05-19] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [140048 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100624 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1766592 2010-12-27] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [Datei ist nicht signiert]
S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [34280 2011-05-10] (Yamaha Corporation)
S3 catchme; \??\C:\Users\Kuyumo\AppData\Local\Temp\catchme.sys [X]
S3 L6UX2; System32\Drivers\L6UX2.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-02 11:19 - 2015-10-02 11:34 - 00000000 ____D C:\AdwCleaner
2015-10-01 13:00 - 2015-10-01 13:00 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-01 12:16 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-09-30 23:25 - 2015-09-30 23:25 - 00000552 _____ C:\Windows\PFRO.log
2015-09-30 16:29 - 2015-09-30 16:29 - 00030568 _____ C:\ComboFix.txt
2015-09-30 16:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-30 16:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-30 16:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-30 16:02 - 2015-09-30 16:29 - 00000000 ____D C:\Qoobox
2015-09-30 16:02 - 2015-09-30 16:26 - 00000000 ____D C:\Windows\erdnt
2015-09-29 13:12 - 2015-09-29 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-27 10:54 - 2015-09-27 19:41 - 00003009 _____ C:\Users\Kuyumo\Desktop\Was will ich.txt
2015-09-26 23:53 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-26 23:52 - 2015-08-05 19:47 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-26 23:52 - 2015-08-05 19:47 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-26 23:52 - 2015-08-05 19:41 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-26 23:52 - 2015-08-05 19:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-09-26 23:52 - 2015-08-05 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-26 23:52 - 2015-08-05 19:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-26 23:52 - 2015-08-05 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-26 23:52 - 2015-08-05 19:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-26 23:52 - 2015-08-05 18:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-09-26 23:52 - 2015-08-05 18:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-26 23:52 - 2015-08-05 18:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-26 23:52 - 2015-08-05 18:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-26 23:52 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-09-26 23:41 - 2015-10-02 11:47 - 00000000 ____D C:\FRST
2015-09-26 23:38 - 2015-09-26 23:38 - 00000000 _____ C:\Users\Kuyumo\defogger_reenable
2015-09-26 20:08 - 2015-09-29 15:47 - 00000000 ____D C:\Users\Kuyumo\Desktop\Trojaner suche
2015-09-25 12:05 - 2015-09-29 13:12 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 12:05 - 2015-09-29 13:11 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-25 12:05 - 2015-09-25 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-25 12:05 - 2015-09-25 12:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-25 12:05 - 2015-09-25 12:05 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-09-25 12:05 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-25 12:05 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-22 20:14 - 2015-09-22 21:14 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-13 13:17 - 2015-09-13 13:17 - 00000000 ____D C:\Program Files\AGEIA Technologies
2015-09-13 13:12 - 2015-08-18 10:47 - 24200312 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 15294072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 11272048 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 11209376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 10704560 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-13 13:12 - 2015-08-18 10:47 - 03987576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 01059504 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234181.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00912688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234181.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00907440 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00869040 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00021015 _____ C:\Windows\system32\nvinfo.pb
2015-09-13 11:49 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-13 11:49 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-13 11:49 - 2015-08-15 07:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-13 11:49 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-13 11:49 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-13 11:49 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-13 11:49 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-13 11:49 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-13 11:49 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-13 11:49 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-13 11:49 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-13 11:49 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-13 11:49 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-13 11:49 - 2015-08-15 07:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-13 11:49 - 2015-08-15 07:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-13 11:49 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-13 11:49 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-13 11:49 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-13 11:49 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-13 11:49 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-13 11:49 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-13 11:49 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-13 11:49 - 2015-08-15 07:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-13 11:49 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-13 11:49 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-13 11:49 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-13 11:49 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-13 11:49 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-13 11:48 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-13 11:48 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-13 11:48 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-13 11:48 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-13 11:48 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-13 11:48 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-13 11:48 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-13 11:48 - 2015-07-22 19:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-13 11:48 - 2015-07-22 19:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-13 11:48 - 2015-07-22 19:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-13 11:48 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-13 11:48 - 2015-07-22 18:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-13 11:48 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-13 11:48 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-13 11:48 - 2015-06-25 11:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-13 11:48 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-13 11:48 - 2015-06-25 11:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-13 11:47 - 2015-09-02 03:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-13 11:47 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-13 11:47 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-13 11:47 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-13 11:47 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-13 11:47 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-13 11:47 - 2015-08-26 19:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-13 11:47 - 2015-08-26 19:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-13 11:47 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-13 11:47 - 2015-08-26 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-13 11:47 - 2015-08-05 19:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-13 11:47 - 2015-08-04 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-13 11:47 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-13 11:47 - 2015-08-04 19:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-13 11:47 - 2015-08-04 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-13 11:47 - 2015-08-04 19:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-13 11:47 - 2015-08-04 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-13 11:44 - 2015-09-15 19:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-13 11:43 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-13 11:27 - 2015-05-11 13:56 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\Kuyumo\Desktop\procexp.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-02 11:41 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 11:41 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 11:39 - 2010-12-27 18:12 - 01990861 _____ C:\Windows\WindowsUpdate.log
2015-10-02 11:36 - 2015-04-03 01:06 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Copy
2015-10-02 11:36 - 2014-10-13 16:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 11:36 - 2010-12-27 18:09 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-10-02 11:35 - 2014-01-03 22:50 - 00091072 _____ C:\Windows\setupact.log
2015-10-02 11:35 - 2010-12-27 18:36 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-10-02 11:35 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 11:24 - 2010-12-27 21:41 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-10-02 01:48 - 2015-04-04 12:38 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-02 00:58 - 2015-06-17 21:47 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000UA.job
2015-10-02 00:50 - 2014-10-13 16:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-01 21:58 - 2015-06-17 21:47 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000Core.job
2015-10-01 14:22 - 2010-12-27 20:09 - 00000000 ___RD C:\Users\Kuyumo\Desktop\Download
2015-10-01 13:37 - 2015-04-18 10:19 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\vlc
2015-10-01 13:01 - 2012-06-17 22:19 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Dropbox
2015-09-30 23:26 - 2010-12-27 18:10 - 00017408 _____ C:\Windows\system32\rpcnetp.dll
2015-09-30 16:29 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-09-30 16:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-09-30 16:25 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-09-27 14:42 - 2015-04-22 20:27 - 00000000 ____D C:\Windows\rescache
2015-09-27 12:35 - 2015-03-14 19:40 - 00000000 ___RD C:\Users\Kuyumo\Google Drive
2015-09-27 00:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-09-26 23:58 - 2010-12-27 18:21 - 01594892 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-26 23:38 - 2010-12-27 18:32 - 00000000 ____D C:\Users\Kuyumo
2015-09-26 22:48 - 2010-12-27 20:02 - 00000000 ____D C:\Users\Kuyumo\AppData\Local\Google
2015-09-26 00:38 - 2012-10-06 19:28 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\AIMP3
2015-09-25 12:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-25 12:53 - 2015-07-12 19:39 - 00001092 _____ C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-09-25 12:53 - 2015-06-28 00:38 - 00002184 _____ C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-25 12:53 - 2015-02-07 21:17 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-09-25 12:53 - 2014-11-19 01:29 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-09-25 12:53 - 2014-05-24 09:13 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-09-25 12:53 - 2014-04-26 18:59 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-09-25 12:53 - 2014-04-26 18:59 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-09-25 12:53 - 2014-01-03 10:35 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2015-09-25 12:53 - 2014-01-03 10:35 - 00001895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2015-09-25 12:53 - 2014-01-03 10:35 - 00001874 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2015-09-25 12:53 - 2012-11-24 17:56 - 00001798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-09-25 12:53 - 2012-04-06 16:09 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2015-09-25 12:53 - 2012-04-05 17:34 - 00001967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-09-25 12:53 - 2011-10-17 12:59 - 00001849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-09-25 12:53 - 2011-06-15 12:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-09-25 12:53 - 2010-12-30 20:31 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2015-09-25 12:53 - 2010-12-27 18:13 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-25 12:53 - 2009-07-14 06:46 - 00001491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-25 12:53 - 2009-07-14 06:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-09-25 12:53 - 2009-07-14 06:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-09-25 12:53 - 2009-07-14 06:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-09-25 12:53 - 2009-07-14 06:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-09-25 12:52 - 2015-07-18 15:37 - 00001059 _____ C:\Users\Kuyumo\Desktop\Will And The People - Friends - Verknüpfung.lnk
2015-09-25 12:52 - 2015-07-13 09:07 - 00001172 _____ C:\Users\Kuyumo\Desktop\OneDrive.lnk
2015-09-25 12:52 - 2015-06-21 23:25 - 00001232 _____ C:\Users\Kuyumo\Desktop\Kaufen, Produkte - Verknüpfung.lnk
2015-09-25 12:52 - 2015-04-22 21:51 - 00001759 _____ C:\Users\Kuyumo\Desktop\2015_Frühling - Verknüpfung.lnk
2015-09-25 12:52 - 2015-04-07 19:12 - 00000697 _____ C:\Users\Kuyumo\Desktop\Barracuda Copy.lnk
2015-09-25 12:52 - 2015-04-03 13:47 - 00001386 _____ C:\Users\Kuyumo\Desktop\temp.rtf - Verknüpfung.lnk
2015-09-25 12:52 - 2015-04-03 04:59 - 00001462 _____ C:\Users\Kuyumo\Desktop\Serienstatus.txt - Verknüpfung.lnk
2015-09-25 12:52 - 2015-03-14 19:40 - 00001707 _____ C:\Users\Kuyumo\Desktop\Google Drive.lnk
2015-09-25 12:52 - 2014-03-22 13:21 - 00001009 _____ C:\Users\Kuyumo\Desktop\Dropbox.lnk
2015-09-22 21:14 - 2012-04-03 12:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 21:14 - 2011-09-17 18:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-15 19:48 - 2012-05-04 07:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-13 13:17 - 2011-11-04 01:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-09-13 13:16 - 2012-09-25 18:02 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-13 12:30 - 2009-07-14 06:33 - 00553768 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 13:40 - 2011-01-13 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-12 09:09 - 2011-05-13 20:08 - 00000000 ____D C:\Windows\pss
2015-09-12 09:06 - 2011-11-25 13:20 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\PhotoScape
2015-09-12 09:06 - 2011-10-27 17:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-11 19:44 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-11 19:31 - 2014-11-11 12:01 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-11 19:31 - 2014-11-07 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
2015-09-11 19:31 - 2012-12-22 16:05 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\MediaMonkey
2015-09-11 19:31 - 2010-12-30 20:47 - 00000000 ___RD C:\Program Files\Skype
2015-09-11 19:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-11 19:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-09-11 19:30 - 2010-12-30 20:47 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Skype
2015-09-11 19:30 - 2010-12-30 20:47 - 00000000 ____D C:\ProgramData\Skype
2015-09-11 19:03 - 2013-07-29 12:57 - 00000000 ____D C:\Windows\system32\MRT
2015-09-06 15:58 - 2012-06-17 22:24 - 00000000 ___RD C:\Users\Kuyumo\Dropbox
2015-09-06 15:55 - 2015-06-28 00:37 - 00000000 ____D C:\Users\Kuyumo\OneDrive
2015-09-06 01:15 - 2015-07-12 19:39 - 00000000 ____D C:\Users\Kuyumo\AppData\Local\Wunderlist

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-11-01 19:50 - 2012-10-31 07:50 - 0000044 ____H () C:\Program Files\04aeb981.tmp
2012-12-24 18:17 - 2012-12-24 18:17 - 0038437 _____ () C:\Users\Kuyumo\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2012-10-22 18:21 - 2012-12-05 12:38 - 0000028 _____ () C:\Users\Kuyumo\AppData\Roaming\PhonerLitesettings.ini
2011-01-15 21:06 - 2012-06-21 12:41 - 0000600 _____ () C:\Users\Kuyumo\AppData\Roaming\winscp.rnd
2012-01-22 15:28 - 2015-04-27 21:55 - 0005632 _____ () C:\Users\Kuyumo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-29 02:05 - 2015-03-29 02:05 - 0036301 _____ () C:\Users\Kuyumo\AppData\Local\recently-used.xbel
2011-06-14 18:57 - 2014-02-09 02:06 - 0007602 _____ () C:\Users\Kuyumo\AppData\Local\resmon.resmoncfg
2014-11-06 22:08 - 2014-11-06 22:08 - 0000000 _____ () C:\Users\Kuyumo\AppData\Local\{A93FD393-7598-4AE6-B457-BB627964D6E9}
2012-12-09 02:29 - 2012-12-09 02:29 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2014-04-06 13:49 - 2014-04-06 13:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-30 20:48 - 2010-12-30 20:48 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Einige Dateien in TEMP:
====================
C:\Users\Kuyumo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-01 14:59

==================== Ende vom FRST.txt ============================

--- --- ---

Brauchst Du die Addition.txt auch?

schrauber · 02.10.2015, 20:08

Nö, passt

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Cudjo · 03.10.2015, 18:17

Hi Schrauber,

erstmal vielen Dank nochmal.
Wirklich Probleme hatte ich ja eigentlich keine. Nur ziemliche Sorge ob ich meinen Rechner normal weiterverwenden kann nachdem eben ziemlich direkt nach dem bescheuerten Klick auf den Link ein verdächtiges Verhalten aufgetreten ist. Hat er aber auch so schon öfter gemacht, also ohne das ich was dummes angeklickt hab, war nur eben ein so seltsames Timing das ich einfach sehr verunsichert war. Aber nachdem jetzt so viele Tools durchgelaufen sind ohne ernsthafte Bedrohungen zu finden bin ich beruhigt.
Was meinst Du, ist es jetzt "sicher" ? (Ich weis wirklich sicher wird kein PC jemals sein)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=28e6d0baa6f25b4c87ce20779b94eb9f
# end=init
# utc_time=2015-10-03 12:38:27
# local_time=2015-10-03 02:38:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26063
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=28e6d0baa6f25b4c87ce20779b94eb9f
# end=updated
# utc_time=2015-10-03 12:42:04
# local_time=2015-10-03 02:42:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=28e6d0baa6f25b4c87ce20779b94eb9f
# engine=26063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-03 03:56:44
# local_time=2015-10-03 05:56:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Free Antivirus'
# compatibility_mode=1557 16777213 87 100 1895130 230083778 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 110184 195518995 0 0
# scanned=274919
# found=9
# cleaned=0
# scan_time=11680
sh=90A440A11B158CACC211196FF49670F6F38EB760 ft=1 fh=8b2ddc3358c7903c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=235880A523D844EFEA68BFBA9F37B7022BDF46E7 ft=1 fh=44fe62b3c34628f3 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll"
sh=ABC38074E5A4A26A56D1C17BCB6A07B42AC5D025 ft=1 fh=7e2559447f2d3343 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityTb.dll"
sh=81570433D9157DB76763E75926A0F2DCC299C203 ft=1 fh=443780c642960863 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\ProgramData\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe"
sh=81570433D9157DB76763E75926A0F2DCC299C203 ft=1 fh=443780c642960863 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\All Users\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe"
sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Kuyumo\Desktop\Download\Neue installs\PDFCreator-2_0_2-setup (2).exe"
sh=9CFA0E13F6FAEF482A376067F011D8B8FBFC7488 ft=1 fh=11b4a1707d0efcb7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Kuyumo\Desktop\Download\Neue installs\VSDC Free Video Editor - CHIP-Installer.exe"
sh=8E48D69E5DDA96E43386868BA45031FBDD1224F3 ft=1 fh=bad39acf82947ee1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Kuyumo\Desktop\Trojaner suche\Software\System Explorer - CHIP-Installer.exe"
sh=716C6B1DC8A627682CA654121C9A393A2CA131C9 ft=1 fh=9e008d2389685b2d vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Kuyumo\Desktop\Trojaner suche\Software\TCPView - CHIP-Installer.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 1.008  
 Windows 7 Service Pack 1 x86   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Panda Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 CCleaner     
 Java 8 Update 40  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	19.0.0.185  
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Mozilla Firefox (40.0.3) 
 Mozilla Thunderbird 11.0. Thunderbird out of Date!  
 Google Chrome (45.0.2454.101) 
 Google Chrome (45.0.2454.99) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:30-10-2015
durchgeführt von Kuyumo (Administrator) auf KUYUMO-PC (03-10-2015 19:06:51)
Gestartet von C:\Users\Kuyumo\Desktop\Trojaner suche\Software
Geladene Profile: Kuyumo (Verfügbare Profile: Kuyumo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Foxit Software Inc.) C:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [497024 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\...\Run: [Dropbox Update] => C:\Users\Kuyumo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe [13400208 2015-04-11] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Kuyumo\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-04-03] (Barracuda Networks, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{157083F9-E1BC-43FB-9031-4D9F7C095960}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Tcpip\..\Interfaces\{D06B54E8-0068-4988-97D0-1FFDB3AC2F07}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F2FE0A98-C1E7-4857-99A5-1D9E871E5B89}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Tcpip\..\Interfaces\{F97E0CC5-690B-4B30-961A-9D3D96B3FBAC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = 
SearchScopes: HKU\S-1-5-21-3683629333-2777190142-3868084316-1000 -> {58ADF134-0921-45D6-927B-2B7BE8E16062} URL = hxxp://www.ecosia.org/search.php?q={searchTerms}&service=
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Session Restore: -> ist aktiviert.
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-02-02] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll [2014-06-26] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3683629333-2777190142-3868084316-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kuyumo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll Keine Datei
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\searchplugins\ecosia.xml [2014-01-13]
FF Extension: Xmarks - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\foxmarks@kei.com [2015-06-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-11-01]
FF Extension: Hide My Ass! Web Proxy - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\extension@hidemyass.com.xpi [2014-08-12]
FF Extension: stealthy - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\stealthyextension@gmail.com.xpi [2012-02-11]
FF Extension: NoScript - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-11-23]
FF Extension: Mozilla Archive Format - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2014-08-07]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-11-19]
FF Extension: Adblock Plus - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-19]
FF Extension: QuickWiki - C:\Users\Kuyumo\AppData\Roaming\Mozilla\Firefox\Profiles\jjs1avai.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi [2011-09-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-13]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://aartemis.com/?type=hp&ts=1388738059&from=cor&uid=3219913727_1789_6009F25C","hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=3219913727_1789_6009F25C&ts=1393423567"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Google Talk Plugin) - C:\Users\Kuyumo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll => Keine Datei
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Kuyumo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => Keine Datei
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Kuyumo\AppData\Roaming\Mozilla\plugins\npo1d.dll => Keine Datei
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll => Keine Datei
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => Keine Datei
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll => Keine Datei
CHR Profile: C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-10-02]
CHR Extension: (Google Docs) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-21]
CHR Extension: (Google Drive) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-21]
CHR Extension: (YouTube) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-21]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2013-04-21]
CHR Extension: (Google-Suche) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-21]
CHR Extension: (Google Kalender) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-08-16]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-21]
CHR Extension: (Google Notizen – Notizen & Listen) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-08-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-10-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-15]
CHR Extension: (Google Zeichnungen) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-08-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-21]
CHR Extension: (TabCloud) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2013-04-21]
CHR Extension: (Google Mail) - C:\Users\Kuyumo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-21]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKU\S-1-5-21-3683629333-2777190142-3868084316-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Datei ist nicht signiert]
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S4 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [Datei ist nicht signiert]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [919184 2015-06-24] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20694160 2015-06-24] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S4 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S4 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-18] (Absolute Software Corp.)
S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S4 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2014-05-31] (Protect Software GmbH)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2010-12-27] (Alcor Micro, Corp.)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S3 AXIOM; C:\Windows\System32\DRIVERS\MAudioAxiom.sys [115336 2010-02-19] (M-Audio)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [Datei ist nicht signiert]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-11-08] (DT Soft Ltd)
R3 eapihdrv; C:\Users\Kuyumo\AppData\Local\Temp\ehdrv.sys [135760 2015-10-03] (ESET)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [87040 2009-07-29] (ELAN Microelectronic Corp.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [48472 2012-01-05] (Focusrite Audio Engineering Limited.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2010-12-27] (ASUS)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [86800 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202128 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109584 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [126480 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [41744 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99856 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61712 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120592 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281232 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [205456 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108432 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [239888 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94864 2015-02-09] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [41648 2015-05-19] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [140048 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100624 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1766592 2010-12-27] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [Datei ist nicht signiert]
S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [34280 2011-05-10] (Yamaha Corporation)
S3 catchme; \??\C:\Users\Kuyumo\AppData\Local\Temp\catchme.sys [X]
S3 L6UX2; System32\Drivers\L6UX2.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-03 14:01 - 2015-10-03 14:01 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-02 22:28 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-10-02 11:19 - 2015-10-02 11:34 - 00000000 ____D C:\AdwCleaner
2015-09-30 23:25 - 2015-09-30 23:25 - 00000552 _____ C:\Windows\PFRO.log
2015-09-30 16:29 - 2015-09-30 16:29 - 00030568 _____ C:\ComboFix.txt
2015-09-30 16:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-30 16:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-30 16:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-30 16:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-30 16:02 - 2015-09-30 16:29 - 00000000 ____D C:\Qoobox
2015-09-30 16:02 - 2015-09-30 16:26 - 00000000 ____D C:\Windows\erdnt
2015-09-29 13:12 - 2015-09-29 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-27 10:54 - 2015-09-27 19:41 - 00003009 _____ C:\Users\Kuyumo\Desktop\Was will ich.txt
2015-09-26 23:53 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-26 23:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-26 23:52 - 2015-08-05 19:47 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-26 23:52 - 2015-08-05 19:47 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-26 23:52 - 2015-08-05 19:41 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-26 23:52 - 2015-08-05 19:41 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-26 23:52 - 2015-08-05 19:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-26 23:52 - 2015-08-05 19:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-09-26 23:52 - 2015-08-05 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-26 23:52 - 2015-08-05 19:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-26 23:52 - 2015-08-05 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-26 23:52 - 2015-08-05 19:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-26 23:52 - 2015-08-05 18:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-09-26 23:52 - 2015-08-05 18:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-26 23:52 - 2015-08-05 18:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-26 23:52 - 2015-08-05 18:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-26 23:52 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-26 23:52 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-09-26 23:41 - 2015-10-03 19:07 - 00000000 ____D C:\FRST
2015-09-26 23:38 - 2015-09-26 23:38 - 00000000 _____ C:\Users\Kuyumo\defogger_reenable
2015-09-26 20:08 - 2015-09-29 15:47 - 00000000 ____D C:\Users\Kuyumo\Desktop\Trojaner suche
2015-09-25 12:05 - 2015-09-29 13:12 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 12:05 - 2015-09-29 13:11 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-25 12:05 - 2015-09-25 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-25 12:05 - 2015-09-25 12:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-25 12:05 - 2015-09-25 12:05 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-09-25 12:05 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-25 12:05 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-22 20:14 - 2015-09-22 21:14 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-09-13 13:17 - 2015-09-13 13:17 - 00000000 ____D C:\Program Files\AGEIA Technologies
2015-09-13 13:12 - 2015-08-18 10:47 - 24200312 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 15294072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 11272048 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 11209376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 10704560 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-13 13:12 - 2015-08-18 10:47 - 03987576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 01059504 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234181.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00912688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234181.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00907440 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00869040 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-09-13 13:12 - 2015-08-18 10:47 - 00021015 _____ C:\Windows\system32\nvinfo.pb
2015-09-13 11:49 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-13 11:49 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-13 11:49 - 2015-08-15 07:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-13 11:49 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-13 11:49 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-13 11:49 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-13 11:49 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-13 11:49 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-13 11:49 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-13 11:49 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-13 11:49 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-13 11:49 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-13 11:49 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-13 11:49 - 2015-08-15 07:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-13 11:49 - 2015-08-15 07:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-13 11:49 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-13 11:49 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-13 11:49 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-13 11:49 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-13 11:49 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-13 11:49 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-13 11:49 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-13 11:49 - 2015-08-15 07:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-13 11:49 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-13 11:49 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-13 11:49 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-13 11:49 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-13 11:49 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-13 11:48 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-13 11:48 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-13 11:48 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-13 11:48 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-13 11:48 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-13 11:48 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-13 11:48 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-13 11:48 - 2015-07-22 19:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-13 11:48 - 2015-07-22 19:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-13 11:48 - 2015-07-22 19:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-13 11:48 - 2015-07-22 19:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-13 11:48 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-13 11:48 - 2015-07-22 18:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-13 11:48 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-13 11:48 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-13 11:48 - 2015-06-25 11:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-13 11:48 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-13 11:48 - 2015-06-25 11:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-13 11:47 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-13 11:47 - 2015-09-02 03:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-13 11:47 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-13 11:47 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-13 11:47 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-13 11:47 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-13 11:47 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-13 11:47 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-13 11:47 - 2015-08-26 19:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-13 11:47 - 2015-08-26 19:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-13 11:47 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-13 11:47 - 2015-08-26 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-13 11:47 - 2015-08-05 19:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-13 11:47 - 2015-08-04 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-13 11:47 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-13 11:47 - 2015-08-04 19:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-13 11:47 - 2015-08-04 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-13 11:47 - 2015-08-04 19:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-13 11:47 - 2015-08-04 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-13 11:44 - 2015-10-03 14:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-13 11:43 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-13 11:27 - 2015-05-11 13:56 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\Kuyumo\Desktop\procexp.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-03 18:58 - 2015-06-17 21:47 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000UA.job
2015-10-03 18:51 - 2014-10-13 16:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 14:01 - 2012-06-17 22:19 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Dropbox
2015-10-03 13:32 - 2010-12-27 18:12 - 02028943 _____ C:\Windows\WindowsUpdate.log
2015-10-03 13:16 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-03 13:16 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-03 13:02 - 2015-04-03 01:06 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Copy
2015-10-03 13:01 - 2014-10-13 16:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 13:01 - 2014-01-03 22:50 - 00091408 _____ C:\Windows\setupact.log
2015-10-03 13:01 - 2010-12-27 18:36 - 00078032 ____N (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-10-03 13:01 - 2010-12-27 18:09 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-10-03 13:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 11:52 - 2015-02-25 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-02 11:24 - 2010-12-27 21:41 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-10-02 01:48 - 2015-04-04 12:38 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-01 21:58 - 2015-06-17 21:47 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3683629333-2777190142-3868084316-1000Core.job
2015-10-01 14:22 - 2010-12-27 20:09 - 00000000 ___RD C:\Users\Kuyumo\Desktop\Download
2015-10-01 13:37 - 2015-04-18 10:19 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\vlc
2015-09-30 23:26 - 2010-12-27 18:10 - 00017408 _____ C:\Windows\system32\rpcnetp.dll
2015-09-30 16:29 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-09-30 16:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-09-30 16:25 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-09-27 14:42 - 2015-04-22 20:27 - 00000000 ____D C:\Windows\rescache
2015-09-27 12:35 - 2015-03-14 19:40 - 00000000 ___RD C:\Users\Kuyumo\Google Drive
2015-09-27 00:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-09-26 23:58 - 2010-12-27 18:21 - 01594892 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-26 23:38 - 2010-12-27 18:32 - 00000000 ____D C:\Users\Kuyumo
2015-09-26 22:48 - 2010-12-27 20:02 - 00000000 ____D C:\Users\Kuyumo\AppData\Local\Google
2015-09-26 00:38 - 2012-10-06 19:28 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\AIMP3
2015-09-25 12:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-25 12:53 - 2015-07-12 19:39 - 00001092 _____ C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-09-25 12:53 - 2015-06-28 00:38 - 00002184 _____ C:\Users\Kuyumo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-25 12:53 - 2015-02-07 21:17 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-09-25 12:53 - 2014-11-19 01:29 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-09-25 12:53 - 2014-05-24 09:13 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-09-25 12:53 - 2014-04-26 18:59 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-09-25 12:53 - 2014-04-26 18:59 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-09-25 12:53 - 2014-01-03 10:35 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2015-09-25 12:53 - 2014-01-03 10:35 - 00001895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2015-09-25 12:53 - 2014-01-03 10:35 - 00001874 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2015-09-25 12:53 - 2012-11-24 17:56 - 00001798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-09-25 12:53 - 2012-04-06 16:09 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2015-09-25 12:53 - 2012-04-05 17:34 - 00001967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-09-25 12:53 - 2011-10-17 12:59 - 00001849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-09-25 12:53 - 2011-06-15 12:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-09-25 12:53 - 2010-12-30 20:31 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2015-09-25 12:53 - 2010-12-27 18:13 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-25 12:53 - 2009-07-14 06:46 - 00001491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-25 12:53 - 2009-07-14 06:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-09-25 12:53 - 2009-07-14 06:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-09-25 12:53 - 2009-07-14 06:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-09-25 12:53 - 2009-07-14 06:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-09-25 12:52 - 2015-07-18 15:37 - 00001059 _____ C:\Users\Kuyumo\Desktop\Will And The People - Friends - Verknüpfung.lnk
2015-09-25 12:52 - 2015-07-13 09:07 - 00001172 _____ C:\Users\Kuyumo\Desktop\OneDrive.lnk
2015-09-25 12:52 - 2015-06-21 23:25 - 00001232 _____ C:\Users\Kuyumo\Desktop\Kaufen, Produkte - Verknüpfung.lnk
2015-09-25 12:52 - 2015-04-22 21:51 - 00001759 _____ C:\Users\Kuyumo\Desktop\2015_Frühling - Verknüpfung.lnk
2015-09-25 12:52 - 2015-04-07 19:12 - 00000697 _____ C:\Users\Kuyumo\Desktop\Barracuda Copy.lnk
2015-09-25 12:52 - 2015-04-03 13:47 - 00001386 _____ C:\Users\Kuyumo\Desktop\temp.rtf - Verknüpfung.lnk
2015-09-25 12:52 - 2015-04-03 04:59 - 00001462 _____ C:\Users\Kuyumo\Desktop\Serienstatus.txt - Verknüpfung.lnk
2015-09-25 12:52 - 2015-03-14 19:40 - 00001707 _____ C:\Users\Kuyumo\Desktop\Google Drive.lnk
2015-09-25 12:52 - 2014-03-22 13:21 - 00001009 _____ C:\Users\Kuyumo\Desktop\Dropbox.lnk
2015-09-22 21:14 - 2012-04-03 12:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 21:14 - 2011-09-17 18:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-15 19:48 - 2012-05-04 07:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-13 13:17 - 2011-11-04 01:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-09-13 13:16 - 2012-09-25 18:02 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-13 12:30 - 2009-07-14 06:33 - 00553768 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 13:40 - 2011-01-13 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-12 09:09 - 2011-05-13 20:08 - 00000000 ____D C:\Windows\pss
2015-09-12 09:06 - 2011-11-25 13:20 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\PhotoScape
2015-09-12 09:06 - 2011-10-27 17:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-11 19:44 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-11 19:31 - 2014-11-11 12:01 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-11 19:31 - 2014-11-07 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
2015-09-11 19:31 - 2012-12-22 16:05 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\MediaMonkey
2015-09-11 19:31 - 2010-12-30 20:47 - 00000000 ___RD C:\Program Files\Skype
2015-09-11 19:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-11 19:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-09-11 19:30 - 2010-12-30 20:47 - 00000000 ____D C:\Users\Kuyumo\AppData\Roaming\Skype
2015-09-11 19:30 - 2010-12-30 20:47 - 00000000 ____D C:\ProgramData\Skype
2015-09-11 19:03 - 2013-07-29 12:57 - 00000000 ____D C:\Windows\system32\MRT
2015-09-06 15:58 - 2012-06-17 22:24 - 00000000 ___RD C:\Users\Kuyumo\Dropbox
2015-09-06 15:55 - 2015-06-28 00:37 - 00000000 ____D C:\Users\Kuyumo\OneDrive
2015-09-06 01:15 - 2015-07-12 19:39 - 00000000 ____D C:\Users\Kuyumo\AppData\Local\Wunderlist

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-11-01 19:50 - 2012-10-31 07:50 - 0000044 ____H () C:\Program Files\04aeb981.tmp
2012-12-24 18:17 - 2012-12-24 18:17 - 0038437 _____ () C:\Users\Kuyumo\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2012-10-22 18:21 - 2012-12-05 12:38 - 0000028 _____ () C:\Users\Kuyumo\AppData\Roaming\PhonerLitesettings.ini
2011-01-15 21:06 - 2012-06-21 12:41 - 0000600 _____ () C:\Users\Kuyumo\AppData\Roaming\winscp.rnd
2012-01-22 15:28 - 2015-04-27 21:55 - 0005632 _____ () C:\Users\Kuyumo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-29 02:05 - 2015-03-29 02:05 - 0036301 _____ () C:\Users\Kuyumo\AppData\Local\recently-used.xbel
2011-06-14 18:57 - 2014-02-09 02:06 - 0007602 _____ () C:\Users\Kuyumo\AppData\Local\resmon.resmoncfg
2014-11-06 22:08 - 2014-11-06 22:08 - 0000000 _____ () C:\Users\Kuyumo\AppData\Local\{A93FD393-7598-4AE6-B457-BB627964D6E9}
2012-12-09 02:29 - 2012-12-09 02:29 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2014-04-06 13:49 - 2014-04-06 13:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-30 20:48 - 2010-12-30 20:48 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Einige Dateien in TEMP:
====================
C:\Users\Kuyumo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-01 14:59

==================== Ende vom FRST.txt ============================

--- --- ---

schrauber · 04.10.2015, 07:19

Java, Adobe und Thunderbird updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe

C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityTb.dll

C:\ProgramData\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe

C:\Users\All Users\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe

C:\Users\Kuyumo\Desktop\Download\Neue installs\PDFCreator-2_0_2-setup (2).exe

C:\Users\Kuyumo\Desktop\Download\Neue installs\VSDC Free Video Editor - CHIP-Installer.exe

C:\Users\Kuyumo\Desktop\Trojaner suche\Software\System Explorer - CHIP-Installer.exe

C:\Users\Kuyumo\Desktop\Trojaner suche\Software\TCPView - CHIP-Installer.exe
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe [13400208 2015-04-11] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
Tcpip\..\Interfaces\{157083F9-E1BC-43FB-9031-4D9F7C095960}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Tcpip\..\Interfaces\{F2FE0A98-C1E7-4857-99A5-1D9E871E5B89}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

schrauber · 04.10.2015, 07:19

Java, Adobe und Thunderbird updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe

C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityTb.dll

C:\ProgramData\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe

C:\Users\All Users\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe

C:\Users\Kuyumo\Desktop\Download\Neue installs\PDFCreator-2_0_2-setup (2).exe

C:\Users\Kuyumo\Desktop\Download\Neue installs\VSDC Free Video Editor - CHIP-Installer.exe

C:\Users\Kuyumo\Desktop\Trojaner suche\Software\System Explorer - CHIP-Installer.exe

C:\Users\Kuyumo\Desktop\Trojaner suche\Software\TCPView - CHIP-Installer.exe
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe [13400208 2015-04-11] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
Tcpip\..\Interfaces\{157083F9-E1BC-43FB-9031-4D9F7C095960}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Tcpip\..\Interfaces\{F2FE0A98-C1E7-4857-99A5-1D9E871E5B89}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Cudjo · 04.10.2015, 12:18

Ok Das ist jetzt einiges auf einmal.
Erstmal das FRST Fixlog:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:30-10-2015
durchgeführt von Kuyumo (2015-10-04 12:44:13) Run:1
Gestartet von C:\Users\Kuyumo\Desktop\Trojaner suche\Software
Geladene Profile: Kuyumo (Verfügbare Profile: Kuyumo)
Start-Modus: Normal

==============================================

fixlist Inhalt:
*****************
C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe

C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityTb.dll

C:\ProgramData\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe

C:\Users\All Users\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe

C:\Users\Kuyumo\Desktop\Download\Neue installs\PDFCreator-2_0_2-setup (2).exe

C:\Users\Kuyumo\Desktop\Download\Neue installs\VSDC Free Video Editor - CHIP-Installer.exe

C:\Users\Kuyumo\Desktop\Trojaner suche\Software\System Explorer - CHIP-Installer.exe

C:\Users\Kuyumo\Desktop\Trojaner suche\Software\TCPView - CHIP-Installer.exe
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Kuyumo\AppData\Roaming\Copy\CopyAgent.exe [13400208 2015-04-11] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
Tcpip\..\Interfaces\{157083F9-E1BC-43FB-9031-4D9F7C095960}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Tcpip\..\Interfaces\{F2FE0A98-C1E7-4857-99A5-1D9E871E5B89}: [DhcpNameServer] 10.204.57.104 10.205.41.16
Emptytemp:
         
*****************

Konnte nicht verschoben werden "C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe" => ist geplant bei Neustart verschoben zu werden.
C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll => erfolgreich verschoben
C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityTb.dll => erfolgreich verschoben
Konnte nicht verschoben werden "C:\ProgramData\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe" => ist geplant bei Neustart verschoben zu werden.
Konnte nicht verschoben werden "C:\Users\All Users\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe" => ist geplant bei Neustart verschoben zu werden.
"C:\Users\Kuyumo\Desktop\Download\Neue installs\PDFCreator-2_0_2-setup (2).exe" => Datei/Ordner nicht gefunden.
"C:\Users\Kuyumo\Desktop\Download\Neue installs\VSDC Free Video Editor - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
C:\Users\Kuyumo\Desktop\Trojaner suche\Software\System Explorer - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Kuyumo\Desktop\Trojaner suche\Software\TCPView - CHIP-Installer.exe => erfolgreich verschoben
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Copy => Wert erfolgreich entfernt
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn => Wert erfolgreich entfernt
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn_XP => Wert erfolgreich entfernt
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_1dn => Wert erfolgreich entfernt
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_1dn_XP => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{157083F9-E1BC-43FB-9031-4D9F7C095960}\\DhcpNameServer => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2FE0A98-C1E7-4857-99A5-1D9E871E5B89}\\DhcpNameServer => Wert erfolgreich entfernt
EmptyTemp: => 616.9 MB temporäre Dateien entfernt.

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2015-10-04 12:48:07)

C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe => ist erfolgreich verschoben
C:\ProgramData\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe => ist erfolgreich verschoben
C:\Users\All Users\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe => ist erfolgreich verschoben

==== Ende vom Fixlog 12:48:07 ====

Das Chipdownloader nicht mehr akzeptabel sind habe ich inzwischen auch gecheckt. Den fehler mach ich nicht mehr. Hab die Dateien auch schon gelöscht gehabt, deswegen hat sie FRST nicht gefunden.

Combofix konnte ich leider nicht deinstallieren, da ich den Uninstaller nicht finden kann.

Der Weg über Windows+R -> "combofix /uninstall" funktioniert leider auch nicht. Da kommt eine Meldung "Combofix konnte nicht gefunden werden. ..."

DelFix ohne Probleme durchgelaufen, alle Updates sind installiert und alles scheint in bester Ordnung.

Vielen Dank nochmal, und ich werde auf jeden Fall etwas Spenden (wenn das System in ein paar Tagen immer noch so problemlos läuft ;-) )