| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.04.2016, 20:21
| #1 |
| |  Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? Hallo! Ich bin mit meinem Latein am Ende. Ich habe Anfang des Monats einen Zugang zu einer kostenpflichtigen website (ja, das was ihr jetzt denkt...) erworben. Zahlung über epoch, Passwort kam per email. Nach einiger Zeit funktionierte mein login nicht mehr, per email bekam ich ein neues Passwort, mit dem Hinweis, dass das Server-Sicherheitssystem mein Passwort geändert habe, weil Zugriffe aus verschiedenen Ländern erfolgt seien (Verdacht auf Passwort-Sharing oder Malware). Das Spiel hatte ich so ungefähr 3 mal, bis ich den Webmaster der Site gefragt habe, was da los sei. ER antwortete mir, er sehe in den Logs Zugriffe aus Deutschland (evtl. ich) aus Norwegen (sicher nicht ich) und der EU. Ich habe meinen Rechner überprüft mit Bitdefender (lokal), Spybot und dem EU-Cleaner (online), sowie Housecall (online). Kein Scanner hat was gefunden. Nachdem ich das login-Problem dann auch mit einem per mail zugestellten Passwort hatte, das ich noch nie benutzt und eben erst gelesen hatte habe ich auch mein mail Passwort geändert (gmx, online-Platform). Trotzdem ging das so weiter. Nach jeweils 3 Passwörtern setzt mich der webmaster zurück, damit ich überhaupt noch rein komme. Aber wo wird mein passwort geleakt? Gibt es jemanden der meine mails abgreift (lese nur lokal auf gmx, Passwort geändert, ich achte auf die Angabe, wann ich zuletzt eingeloggt war, wie soll da noch einer drankommen???). Gibt es Spyware, die meine Passwörter abgreift? Wie kann ich die finden? Oder denkt Ihr ich habe gar kein Sicherheitsproblem? Vielleicht hat da der Server der Website ne Macke oder nen Trojaner? Bitte um Hilfe, Tipps, Meinungen... LG |
|
20.04.2016, 11:51
| #2 |
| Ruhe in Frieden † 2019     | Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Lass mal nachsehen.  Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.04.2016, 19:57
| #3 |
| | Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? Hallo! Hier die Logfiles!
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Nexu07 (Administrator) auf PC (20-04-2016 20:41:39)
Gestartet von C:\Users\Nexu07\Desktop
Geladene Profile: Nexu07 (Verfügbare Profile: Nexu07 & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Windows\SysWOW64\STGRAMDiskHandler64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Privacy Suite 12\PasswordManager.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8781568 2016-02-14] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [571192 2014-08-14] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1593296 2016-03-07] (Bitdefender)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5380368 2015-07-20] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [693336 2015-07-20] (Acronis International GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Run: [Bitdefender-Geldb�rse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [809472 2016-03-07] (Bitdefender)
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE46F4~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(10).dll [95712 2015-11-05] (Zemana Ltd.)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(10).dll [86936 2015-11-05] (Zemana Ltd.)
AppInit_DLLs-x32: ,C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{133419dd-4472-42a0-ac30-959809c643b1}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1300692338-2230602273-544442824-1001 -> DefaultScope {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL =
SearchScopes: HKU\S-1-5-21-1300692338-2230602273-544442824-1001 -> {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL =
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-03-07] (Bitdefender)
BHO: Kein Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Keine Datei
BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO: Kein Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Keine Datei
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2016-03-07] (Bitdefender)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-11] (Oracle Corporation)
BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-11] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-03-07] (Bitdefender)
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll [2011-09-30] (Steganos Software GmbH)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2016-03-07] (Bitdefender)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default
FF SelectedSearchEngine: benefind
FF Homepage: about:mozilla
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\system32\npdeployJava1.dll [2012-06-26] (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-11] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [Keine Datei]
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-05-30]
FF Extension: CSHelper - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2015-05-30]
FF Extension: BetterPrivacy - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-27]
FF Extension: NoScript - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08]
FF Extension: DownThemAll! - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\firefox@zenmate.com.xpi [2016-03-01]
FF Extension: gui:config - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\guiconfig@slosd.net.xpi [2016-02-23]
FF Extension: Self-Destructing Cookies - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-04-10]
FF Extension: Smart HTTPS - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid0-oFwt2ZcakHhkFl7Kp4lJn@jetpack.xpi [2016-01-14]
FF Extension: Random Agent Spoofer - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2016-01-01]
FF Extension: Statutory - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid1-J19XuM8Nz7J7Fw@jetpack.xpi [2015-11-01]
FF Extension: NO Google Analytics - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2015-05-27]
FF Extension: PDF Viewer - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\uriloader@pdf.js.xpi [2015-04-25]
FF Extension: Video DownloadHelper - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-04-13]
FF Extension: Adblock Plus - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2016-02-01]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-11-13] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012-01-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 [2012-01-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [88432 2016-03-07] (Bitdefender)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-11] (Dell Inc.)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2016-02-14] (Realtek Semiconductor)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 Steganos Volatile Disk; C:\Windows\SysWOW64\STGRAMDiskHandler64.exe [450560 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt) [Datei ist nicht signiert]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-14] (Dell Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [111320 2016-03-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1574744 2016-03-07] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-03-07] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-03-07] (BitDefender)
U5 bdelam; C:\Windows\System32\Drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [107496 2016-01-26] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2016-01-26] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [130656 2016-01-26] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2016-01-26] (BitDefender)
S3 CySmb; C:\Windows\System32\drivers\cysmb.sys [10752 2016-02-14] (Cypress Semiconductor, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-08-10] (Acronis International GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2016-01-23] (BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-04-12] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-10] (REALiX(tm))
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2016-02-14] (Realtek )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [407768 2016-02-14] (Realsil Semiconductor Corporation)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt - )
R1 STGMFEngine64; C:\Windows\system32\drivers\STGMFEngine64.sys [28576 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt.com)
R2 tib; C:\Windows\system32\DRIVERS\tib.sys [1058632 2015-08-10] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [248648 2015-08-10] (Acronis International GmbH)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2016-01-23] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U4 dmwappushsvc; kein ImagePath
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-20 20:41 - 2016-04-20 20:42 - 00025202 _____ C:\Users\Nexu07\Desktop\FRST.txt
2016-04-20 20:36 - 2016-04-20 20:41 - 02375680 _____ (Farbar) C:\Users\Nexu07\Desktop\FRST64.exe
2016-04-20 20:19 - 2016-04-20 20:19 - 00016148 _____ C:\WINDOWS\system32\PC_Nexu07_HistoryPrediction.bin
2016-04-12 22:09 - 2016-03-29 08:40 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 22:09 - 2016-03-29 08:40 - 01381376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 22:09 - 2016-03-25 09:38 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 22:09 - 2016-03-25 09:25 - 12505600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 22:09 - 2016-03-25 09:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 22:09 - 2016-03-25 09:13 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 22:09 - 2016-03-25 08:55 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 22:09 - 2016-03-25 08:54 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 22:09 - 2016-03-16 06:56 - 03467784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-12 22:09 - 2016-03-16 06:56 - 01022664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 22:09 - 2016-03-16 06:56 - 00861512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 22:09 - 2016-03-16 06:55 - 02495768 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 22:09 - 2016-03-16 06:55 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-12 22:09 - 2016-03-16 06:55 - 01299032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 22:09 - 2016-03-16 06:55 - 01127024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 22:09 - 2016-03-16 06:55 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 22:09 - 2016-03-16 06:54 - 00595016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 22:09 - 2016-03-16 06:47 - 22610328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-12 22:09 - 2016-03-16 06:47 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-12 22:09 - 2016-03-16 06:47 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-12 22:09 - 2016-03-16 06:46 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-12 22:09 - 2016-03-16 06:45 - 00140536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-12 22:09 - 2016-03-16 06:41 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 22:09 - 2016-03-16 06:41 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-12 22:09 - 2016-03-16 06:39 - 00983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 22:09 - 2016-03-16 06:37 - 01010016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 22:09 - 2016-03-16 06:21 - 01767000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 22:09 - 2016-03-16 06:21 - 01531888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-12 22:09 - 2016-03-16 06:11 - 21088728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-12 22:09 - 2016-03-16 06:11 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-12 22:09 - 2016-03-16 06:11 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-04-12 22:09 - 2016-03-16 06:08 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-04-12 22:09 - 2016-03-16 06:06 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-12 22:09 - 2016-03-16 06:05 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 22:09 - 2016-03-16 06:03 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 22:09 - 2016-03-16 06:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 22:09 - 2016-03-16 06:00 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 22:09 - 2016-03-16 05:56 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-12 22:09 - 2016-03-16 05:56 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2016-04-12 22:09 - 2016-03-16 05:55 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-12 22:09 - 2016-03-16 05:55 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-04-12 22:09 - 2016-03-16 05:55 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-12 22:09 - 2016-03-16 05:55 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-12 22:09 - 2016-03-16 05:51 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-04-12 22:09 - 2016-03-16 05:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-04-12 22:09 - 2016-03-16 05:49 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 22:09 - 2016-03-16 05:49 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 22:09 - 2016-03-16 05:47 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-12 22:09 - 2016-03-16 05:47 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-12 22:09 - 2016-03-16 05:47 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-12 22:09 - 2016-03-16 05:46 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-04-12 22:09 - 2016-03-16 05:44 - 01016832 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 22:09 - 2016-03-16 05:43 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-04-12 22:09 - 2016-03-16 05:43 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 22:09 - 2016-03-16 05:42 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 22:09 - 2016-03-16 05:42 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 22:09 - 2016-03-16 05:42 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-04-12 22:09 - 2016-03-16 05:41 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 22:09 - 2016-03-16 05:39 - 03363328 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 22:09 - 2016-03-16 05:39 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-12 22:09 - 2016-03-16 05:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 22:09 - 2016-03-16 05:38 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 01794560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-12 22:09 - 2016-03-16 05:34 - 01871872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 22:09 - 2016-03-16 05:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 22:09 - 2016-03-16 05:32 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 22:09 - 2016-03-16 05:31 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-04-12 22:09 - 2016-03-16 05:31 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-04-12 22:09 - 2016-03-16 05:31 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-04-12 22:09 - 2016-03-16 05:28 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-04-12 22:09 - 2016-03-16 05:27 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 22:09 - 2016-03-16 05:24 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-04-12 22:09 - 2016-03-16 05:24 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-04-12 22:09 - 2016-03-16 05:24 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-04-12 22:09 - 2016-03-16 05:21 - 18796544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 22:09 - 2016-03-16 05:20 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 22:09 - 2016-03-16 05:18 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 22:09 - 2016-03-16 05:18 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 03680256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 22:09 - 2016-03-16 05:16 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-04-12 22:09 - 2016-03-16 05:14 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-04-12 22:09 - 2016-03-16 05:14 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-04-12 22:09 - 2016-03-16 05:14 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-04-12 22:09 - 2016-03-16 05:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-04-12 22:09 - 2016-03-16 05:11 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 22:09 - 2016-03-16 05:10 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 21:47 - 2016-04-12 21:47 - 00340408 _____ C:\WINDOWS\Minidump\041216-23000-01.dmp
2016-04-12 21:27 - 2016-04-12 21:27 - 00354832 _____ C:\WINDOWS\Minidump\041216-23968-01.dmp
2016-04-12 21:03 - 2016-04-12 21:47 - 702391583 _____ C:\WINDOWS\MEMORY.DMP
2016-04-12 21:03 - 2016-04-12 21:04 - 00342088 _____ C:\WINDOWS\Minidump\041216-49468-01.dmp
2016-04-12 21:03 - 2016-04-12 21:03 - 00316400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-12 20:43 - 2016-04-20 20:19 - 00229568 _____ C:\WINDOWS\ntbtlog.txt
2016-04-12 20:43 - 2016-04-12 21:32 - 00049584 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-04-12 20:41 - 2016-04-12 22:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-12 20:41 - 2016-04-12 21:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-12 20:41 - 2016-04-12 20:41 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-12 20:31 - 2016-04-16 23:39 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-12 20:31 - 2016-04-12 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-12 20:31 - 2016-04-12 20:31 - 00004002 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-11 22:51 - 2016-04-11 22:51 - 00001219 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk
2016-04-11 22:51 - 2016-04-11 22:51 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2016-04-11 22:45 - 2016-04-11 22:45 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-11 22:45 - 2016-04-11 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-11 22:45 - 2016-04-11 22:45 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-11 21:14 - 2016-01-24 14:16 - 00451041 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160411-211458.backup
2016-04-11 09:44 - 2016-04-18 13:32 - 00000012 _____ C:\Users\Nexu07\Desktop\gmx_last_login.txt
2016-04-09 10:02 - 2016-04-09 10:02 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2016-04-08 07:51 - 2016-04-08 07:51 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-06 07:46 - 2016-04-06 07:46 - 00002381 _____ C:\Users\Nexu07\Downloads\82B6.tmp
2016-04-02 16:57 - 2016-04-02 16:57 - 00004114 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-04-02 16:57 - 2016-04-02 16:57 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-04-02 16:57 - 2016-04-02 16:57 - 00003398 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2016-04-02 16:57 - 2016-04-02 16:57 - 00003284 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-04-02 16:56 - 2016-04-02 16:56 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-04-02 16:56 - 2016-04-02 16:56 - 00000000 ____D C:\Program Files\Dell Support Center
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-20 20:41 - 2014-01-23 14:32 - 00000000 ____D C:\FRST
2016-04-20 20:31 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-20 20:18 - 2015-08-10 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-20 20:18 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-20 14:02 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-04-20 14:01 - 2015-08-11 00:29 - 00054805 _____ C:\bdlog.txt
2016-04-20 13:51 - 2015-12-11 09:32 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-20 10:58 - 2014-01-18 15:28 - 00000000 ____D C:\AdwCleaner
2016-04-20 10:34 - 2013-09-16 12:24 - 00000000 ____D C:\Users\Nexu07\AppData\Roaming\vlc
2016-04-19 21:33 - 2011-11-21 19:11 - 00000000 ____D C:\Users\Nexu07\AppData\Local\VirtualStore
2016-04-19 20:24 - 2015-07-10 11:05 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-18 21:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2016-04-18 21:10 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-17 21:04 - 2015-08-10 11:31 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-17 21:04 - 2015-07-10 18:34 - 00884928 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-17 21:04 - 2015-07-10 18:34 - 00196026 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-17 21:04 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-17 00:35 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-16 12:59 - 2015-08-09 20:46 - 00000000 ____D C:\Users\Nexu07\Desktop\Nexu07DCT
2016-04-15 09:32 - 2013-07-14 21:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 22:26 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 22:26 - 2011-11-21 20:44 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-14 22:18 - 2015-08-10 12:20 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-14 21:57 - 2016-02-13 20:35 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-14 21:29 - 2014-07-28 11:17 - 00003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1376119929
2016-04-14 21:29 - 2013-09-15 12:45 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-14 21:29 - 2013-08-10 09:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-12 22:14 - 2011-11-18 12:29 - 00000000 ____D C:\Program Files\Intel
2016-04-12 22:12 - 2015-08-10 11:34 - 00000000 ____D C:\Users\Nexu07
2016-04-12 22:11 - 2015-07-13 18:01 - 00000000 ____D C:\ProgramData\McAfee
2016-04-12 21:47 - 2016-01-18 10:24 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-12 21:08 - 2015-08-10 23:51 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-12 21:03 - 2012-05-05 04:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-12 20:42 - 2011-11-18 04:58 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-04-12 20:41 - 2014-06-16 11:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-12 20:33 - 2011-11-21 21:21 - 00000000 ____D C:\Users\Nexu07\AppData\Local\Adobe
2016-04-11 22:51 - 2015-08-10 18:54 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2016-04-11 22:45 - 2016-02-14 16:52 - 00000000 ____D C:\Users\Nexu07\.oracle_jre_usage
2016-04-11 15:46 - 2013-09-25 15:29 - 00401008 _____ C:\Users\Nexu07\AppData\Local\census.cache
2016-04-11 15:46 - 2013-09-25 15:29 - 00000000 _____ C:\Users\Nexu07\AppData\Local\ars.cache
2016-04-08 07:51 - 2015-12-11 09:32 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-06 20:32 - 2015-10-05 22:28 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-10-05 22:28 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-02 16:56 - 2013-05-22 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-04-02 16:56 - 2011-11-23 14:00 - 00000000 ____D C:\ProgramData\PCDr
2016-03-22 21:15 - 2011-11-26 13:29 - 00000000 ____D C:\Dani
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-11-29 18:54 - 2014-11-29 18:54 - 0000050 _____ () C:\Users\Nexu07\AppData\Roaming\Camdata.ini
2014-11-29 18:54 - 2014-11-29 18:54 - 0000408 _____ () C:\Users\Nexu07\AppData\Roaming\CamLayout.ini
2014-11-29 18:54 - 2014-11-29 18:54 - 0000408 _____ () C:\Users\Nexu07\AppData\Roaming\CamShapes.ini
2013-09-25 15:29 - 2016-04-11 15:46 - 0000000 _____ () C:\Users\Nexu07\AppData\Local\ars.cache
2013-09-25 15:29 - 2016-04-11 15:46 - 0401008 _____ () C:\Users\Nexu07\AppData\Local\census.cache
2013-09-25 09:47 - 2013-09-25 09:47 - 0000036 _____ () C:\Users\Nexu07\AppData\Local\housecall.guid.cache
2014-11-03 22:40 - 2014-11-03 22:40 - 0001524 _____ () C:\Users\Nexu07\AppData\Local\PDLSetup.20141103.214011.txt
2015-04-09 21:53 - 2015-04-09 21:53 - 0001526 _____ () C:\Users\Nexu07\AppData\Local\PDLSetup.20150409.215340.txt
2013-08-08 18:34 - 2013-08-08 18:34 - 0001999 _____ () C:\Users\Nexu07\AppData\Local\recently-used.xbel
2011-12-04 14:05 - 2013-01-20 12:14 - 0007612 _____ () C:\Users\Nexu07\AppData\Local\Resmon.ResmonCfg
2015-08-10 16:54 - 2015-08-10 16:54 - 1863318 _____ () C:\ProgramData\1439213473.bdinstall.bin
2016-01-23 13:06 - 2016-01-23 13:06 - 0567604 _____ () C:\ProgramData\1453546727.bdinstall.bin
2011-12-09 23:03 - 2011-12-09 23:03 - 0000176 _____ () C:\ProgramData\search_result.xml
Einige Dateien in TEMP:
====================
C:\Users\Nexu07\AppData\Local\Temp\libeay32.dll
C:\Users\Nexu07\AppData\Local\Temp\msvcr120.dll
C:\Users\Nexu07\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-18 09:06
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Nexu07 (2016-04-20 20:43:07)
Gestartet von C:\Users\Nexu07\Desktop
Windows 10 Home (X64) (2015-08-10 13:20:56)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1300692338-2230602273-544442824-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1300692338-2230602273-544442824-503 - Limited - Disabled)
Gast (S-1-5-21-1300692338-2230602273-544442824-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1300692338-2230602273-544442824-1003 - Limited - Enabled)
Nexu07 (S-1-5-21-1300692338-2230602273-544442824-1001 - Administrator - Enabled) => C:\Users\Nexu07
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acronis True Image 2015 (HKLM-x32\...\{2F70A6E6-2F71-4907-8441-BDC5D300310B}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 19.1.0.115 - Bitdefender)
Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell System Detect (HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen)
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Girlvania (HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\{837FAFB9-EBA5-4727-95AD-792C4F671531}) (Version: 1.1.4 - Girlvanic Studios)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Opera Stable 32.0.1948.25 (HKU\.DEFAULT\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steganos Privacy Suite 12 (HKLM-x32\...\{0F1D1572-9311-4590-A8A6-425224984E54}) (Version: 12.1.1 - Steganos Software GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Web Stream Recorder (HKLM-x32\...\{8AAD9D0F-567C-4F8C-A0DA-1AB5B1243F68}_is1) (Version: 2015 - Bolide Software)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0579ED95-5EA4-48B9-97E0-6777FDBA6FCE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {07530863-3651-4DA0-B0D6-FBFCE4C19999} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {07F120F2-1E4D-4EB6-A296-E5DFB097FBF0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {124F0FC8-7430-4360-A634-91803F7CFC86} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {14732AD8-5262-4CCF-8C4B-4016E881846F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit)
Task: {29BE3962-1EB5-4266-B4D7-C47B10FBD535} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2E03800C-69A8-4231-83B6-4FFC6D3C591B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {393DD0B4-E067-4255-A549-CAD8ECB89EE7} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {3994726D-9A95-45EB-BB1D-1B15E0D1E6C7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3A38C5A1-7EEF-4BE1-A151-C9916F0432E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {41A9527A-B18B-48A8-B3DF-A30EE7A8A1BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-14] (Microsoft Corporation)
Task: {4B22562E-0C6D-4AFF-B65F-5C7E91F9ADD4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {4CB76FBA-1CD6-4F65-990A-49EF63E52BA1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4E5128D5-E628-4061-91B1-F39698F8B558} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4FE91E78-8126-46B7-9715-A346A3FFE5FE} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6CD5ECD2-99F9-4F86-964C-60372021CE39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {6D483747-8919-43DC-940E-CBB7A763168D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6E8A4B1B-4FF8-4370-A9C0-1F5C2215EDD0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {713E8B1E-6E1E-48C7-9731-C410EAA196F4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {725477AA-2B1F-4F29-87AD-C59FEFB461C5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {746E9680-28E7-4312-B0EA-2FDFB8256C8B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {78BB9AFF-F3AF-419B-9DF6-6E34B6939272} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {7A19E660-BE57-4E3C-A077-89C0C65A9B79} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-12] (Adobe Systems Incorporated)
Task: {7FD9110F-31DC-45C4-8415-9BC5C473E741} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {8410232F-67D3-4EAB-B61D-3546B9238899} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {87510294-849F-498B-91AB-45D2DD8F6B54} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {88751C79-42DF-45AC-8F61-62A1BF8F630F} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {943A0771-84E3-4EEB-9543-B11B8C2BE429} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {94E93F29-C6A8-47F2-A902-A41FBE33453B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9708641B-82E3-46AC-9B3C-13E3132BF3CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {997C1010-CE3F-45BF-B98E-C706B728DCFB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {9EE99F03-9AFB-4336-8CB1-51D76DC0790A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A14EE2C8-FC79-4661-B161-FD2EA7011168} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-14] (Dell Inc.)
Task: {A188857A-853E-48AE-9526-426BC2D9E746} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A317BAAB-A3B6-42C0-9D03-3D00A84ACEF2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AD190C5F-B321-4AFE-8307-B7F1BCC68E94} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {B01833BF-933E-4B94-87A2-361D99CEE6B3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {B2648D2B-8335-4F32-AEE7-2DB648597943} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B949BBC4-D22F-4B39-9482-2F460F3CA57E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C1506EA5-4979-428E-92DF-5CE6FD3B4BDB} - System32\Tasks\Opera scheduled Autoupdate 1376119929 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {C2D07909-8179-4250-A9B9-1255CD69CB84} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C498C282-4AD3-4574-970D-8C36AC3CF9BF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {CB2FEDBA-981C-4BEC-B224-1675A3BDEA88} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {CEDA9B3D-EBA9-43EB-AA1A-3895F68D5C7A} - System32\Tasks\Driver Booster SkipUAC (Nexu07) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit)
Task: {CF7841AB-8CD9-4533-B66D-2FFB70CE33EE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {D1F0B71F-A66D-4940-8BB0-F54AA54CD58A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {D36E7C9A-759F-4842-B256-E190F3127CE7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E270DAEB-595C-4BF7-A01B-4988255166D7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {E485A7CE-2CF6-4144-93FD-E6A6271B7A1D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-12] (Adobe Systems Incorporated)
Task: {EC26B27C-A6C2-46C2-8F92-5C6C958105DD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F1139754-B308-4DBA-B627-5AD69B84790A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {F2E62392-31A1-42ED-9541-497EB22FEC73} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F8C535EF-0727-4681-835C-BB0D065995A7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {FC4DEBA6-E5BF-49EA-9C69-FAA434718671} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-10 12:13 - 2015-08-10 12:13 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-11-17 22:22 - 2015-11-17 22:22 - 00265080 ____N () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2016-01-23 13:05 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2016-01-23 13:06 - 2015-11-13 18:46 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2016-01-26 22:15 - 2016-01-26 22:15 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2016-04-11 16:41 - 2016-04-11 16:41 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02151_006\ashttpbr.mdl
2016-04-11 16:41 - 2016-04-11 16:41 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02151_006\ashttpdsp.mdl
2016-04-11 16:41 - 2016-04-11 16:41 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02151_006\ashttpph.mdl
2016-04-11 16:41 - 2016-04-11 16:41 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02151_006\ashttprbl.mdl
2015-08-10 11:27 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-12 22:09 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 22:09 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-08 23:15 - 2015-11-25 06:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 23:15 - 2015-11-25 06:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 23:15 - 2015-11-25 06:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 07:47 - 2015-09-17 07:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-02 07:46 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-07-20 09:15 - 2015-07-20 09:15 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-07-20 09:10 - 2015-07-20 09:10 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Nexu07\Desktop\FRST64.exe:BDU [0]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7887 mehr Seiten.
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7888 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2016-04-11 21:14 - 00451992 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15502 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\startupreg: AccuWeatherWidget =>
MSCONFIG\startupreg: BTMTrayAgent =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Dell DataSafe Online =>
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: IntelPAN =>
MSCONFIG\startupreg: NeroLauncher =>
MSCONFIG\startupreg: OKAYFREEDOM_Agent =>
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SSS12 Browser Monitor => "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SSS12 File Redirection Starter => "C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe"
MSCONFIG\startupreg: SSS12 HotKeys => "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\StartupApproved\StartupFolder: => "Browser-Anonymisierer.lnk"
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\StartupApproved\Run: => "SSS12_PasswordManager"
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{0E9F26DB-115F-40D1-8EE9-5CE1A8E631C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2CAE00F7-B91B-4BD7-BB52-68DC29982054}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3F95655F-5421-4BD5-B070-9520EFCED0A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DA238720-6B8F-4E9A-B388-FB1B272D8C07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F658FBF8-206F-4411-8998-EDC673FDFFEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6A4AA21D-41B0-4569-924A-21DAABE6CAF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46B65D1C-A4A5-4462-9B36-42B57AD9CB31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DAFFBF5-34DA-46E6-8B6D-303FCEE2321B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8ADA620F-7E80-46C3-B6C8-D4EB92B8E966}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{866F5255-70EC-48A1-BE68-AABBD847A898}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{FDC84623-86C8-4165-AE1B-D007C554E04B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{94C9A493-316C-475B-B73A-C06D37FD9A73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{CB87DFB9-352E-4EB1-90CB-109551CEDA1F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{7E3AFDD8-0228-4ED4-B124-7039E7E95AA3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{3AB5D850-908C-4CD5-B657-9B6615B25C06}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B68665F3-8C65-41B2-AEB7-3B17F6EE55F6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F2014DCF-52A0-40CE-A967-CA3022E8C03B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1263435-8F19-47B2-A4FA-708AAFCC741B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{18BB845C-84F7-4621-B9E1-A268B0D5D02E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{0A59490F-759A-4031-88AD-2FAB8F2B7C65}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{EDF51550-C48F-47C5-A5F1-AAEF6869732D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{84E9CCA3-925E-40C2-8B6F-88000C2EAD6F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{DF367B06-96EC-4E94-80B2-5223D5E84EB0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{23477BCD-3FE1-445B-ABFB-A92D4E05F7B2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
27-03-2016 16:37:49 Geplanter Prüfpunkt
06-04-2016 08:45:22 Geplanter Prüfpunkt
11-04-2016 22:44:43 Installed Java 8 Update 77
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/20/2016 08:19:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x5d8
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5
Error: (04/20/2016 08:19:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x164c
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5
Error: (04/20/2016 08:23:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x1028
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5
Error: (04/20/2016 08:23:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x141c
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5
Error: (04/20/2016 08:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x16f4
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5
Error: (04/19/2016 10:05:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/19/2016 10:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x17f4
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5
Error: (04/18/2016 09:06:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SearchUI.exe, Version 10.0.10240.16603 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 178c
Startzeit: 01d199a50a9effbb
Beendigungszeit: 4294967295
Anwendungspfad: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Berichts-ID: b46a2d8a-0598-11e6-9c0c-848f69b729e3
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
Auf das fehlerhafte Paket bezogene Anwendungs-ID: CortanaUI
Error: (04/18/2016 09:06:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PC)
Description: Das Paket „Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (04/18/2016 01:51:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (04/20/2016 08:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/20/2016 02:02:20 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Steganos Volatile Disk konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (04/20/2016 08:18:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.04.2016 um 14:02:05 unerwartet heruntergefahren.
Error: (04/20/2016 11:00:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/20/2016 10:59:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (04/20/2016 10:59:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/20/2016 10:58:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dell Data Vault" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/20/2016 10:58:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/20/2016 10:58:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/20/2016 10:58:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acronis Sync Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-02-13 13:46:36.927
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-13 13:46:36.906
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-13 13:46:36.883
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-13 13:46:36.855
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-13 13:46:36.761
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-13 13:46:36.668
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-13 13:46:36.644
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-13 13:46:36.621
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-13 13:46:36.502
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-13 13:46:36.266
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 3990.16 MB
Verfügbarer physikalischer RAM: 1742.43 MB
Summe virtueller Speicher: 10134.16 MB
Verfügbarer virtueller Speicher: 7158.91 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:422.78 GB) NTFS
Drive e: (Sicherung) (Fixed) (Total:900.65 GB) (Free:778.84 GB) NTFS
Drive g: (PR0N) (Fixed) (Total:729.49 GB) (Free:93 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=576.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1630.1 GB) (Disk ID: A7E7F267)
Partition 1: (Not Active) - (Size=900.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=729.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
21.04.2016, 16:40
| #4 |
| Ruhe in Frieden † 2019 | Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? Hallo, das sieht soweit sauber aus, wir werden jetzt nochmal gründlicher nachschauen. Das betrifft jetzt aber nur den Login zu der Seite, machst du das immer mit demselben Browser? Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
21.04.2016, 20:33
| #5 |
| | Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? Hallo! Ja ich verwende da immer Opera. Normalerweise nehm ich Firefox, mit dem komm ich in dies Seite aber gar nicht rein. Opera ist dann immer meine zweite Wahl, wenn Firefox die Seite nicht so richtig darstellt etc. Hab einmal Edge probiert, da komm ich rein, kann aber nix downloaden. Edge is Schrott, wie ich meine. Hier schon mal das erste Logfile, das mit Malwarebites dauert noch etwas. Das mag der Bitdefender nicht so gerne, muss dafür vermutlich in den abgesicherten Modus oder den Virenscanner deaktivieren. Fragt sich ob das ratsam ist... Code:
ATTFilter 21:07:05.0229 0x202c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
21:07:12.0145 0x202c ============================================================
21:07:12.0145 0x202c Current date / time: 2016/04/21 21:07:12.0145
21:07:12.0145 0x202c SystemInfo:
21:07:12.0145 0x202c
21:07:12.0145 0x202c OS Version: 10.0.10586 ServicePack: 0.0
21:07:12.0145 0x202c Product type: Workstation
21:07:12.0145 0x202c ComputerName: PC
21:07:12.0146 0x202c UserName: Nexu07
21:07:12.0146 0x202c Windows directory: C:\WINDOWS
21:07:12.0146 0x202c System windows directory: C:\WINDOWS
21:07:12.0146 0x202c Running under WOW64
21:07:12.0146 0x202c Processor architecture: Intel x64
21:07:12.0146 0x202c Number of processors: 4
21:07:12.0146 0x202c Page size: 0x1000
21:07:12.0146 0x202c Boot type: Normal boot
21:07:12.0146 0x202c ============================================================
21:07:13.0137 0x202c KLMD registered as C:\WINDOWS\system32\drivers\74132776.sys
21:07:13.0540 0x202c System UUID: {3FF006D0-B1A0-2C75-768F-C84F4BCC2E30}
21:07:16.0079 0x202c Drive \Device\Harddisk1\DR1 - Size: 0x1978903D800 ( 1630.14 Gb ), SectorSize: 0x200, Cylinders: 0x33F41, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:07:16.0117 0x202c Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:07:16.0123 0x202c Drive \Device\Harddisk1\DR1 - Size: 0x1978903D800 ( 1630.14 Gb ), SectorSize: 0x200, Cylinders: 0x33F41, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:07:16.0124 0x202c ============================================================
21:07:16.0124 0x202c \Device\Harddisk1\DR1:
21:07:16.0125 0x202c MBR partitions:
21:07:16.0125 0x202c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7094A601
21:07:16.0125 0x202c \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x7094B000, BlocksNum 0x5B2FC000
21:07:16.0125 0x202c \Device\Harddisk0\DR0:
21:07:16.0125 0x202c MBR partitions:
21:07:16.0125 0x202c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
21:07:16.0125 0x202c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x48114000
21:07:16.0125 0x202c \Device\Harddisk1\DR1:
21:07:16.0126 0x202c MBR partitions:
21:07:16.0126 0x202c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7094A601
21:07:16.0126 0x202c \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x7094B000, BlocksNum 0x5B2FC000
21:07:16.0126 0x202c ============================================================
21:07:16.0165 0x202c C: <-> \Device\Harddisk0\DR0\Partition2
21:07:16.0171 0x202c E: <-> \Device\Harddisk1\DR1\Partition1
21:07:16.0222 0x202c G: <-> \Device\Harddisk1\DR1\Partition2
21:07:16.0222 0x202c ============================================================
21:07:16.0222 0x202c Initialize success
21:07:16.0222 0x202c ============================================================
21:08:27.0231 0x18a4 ============================================================
21:08:27.0231 0x18a4 Scan started
21:08:27.0231 0x18a4 Mode: Manual; SigCheck; TDLFS;
21:08:27.0231 0x18a4 ============================================================
21:08:27.0231 0x18a4 KSN ping started
21:08:29.0777 0x18a4 KSN ping finished: true
21:08:39.0575 0x18a4 ================ Scan system memory ========================
21:08:39.0575 0x18a4 System memory - ok
21:08:39.0575 0x18a4 ================ Scan services =============================
21:08:39.0809 0x18a4 1394ohci - ok
21:08:39.0809 0x18a4 3ware - ok
21:08:39.0825 0x18a4 ACPI - ok
21:08:39.0825 0x18a4 acpiex - ok
21:08:39.0840 0x18a4 acpipagr - ok
21:08:39.0856 0x18a4 AcpiPmi - ok
21:08:39.0856 0x18a4 acpitime - ok
21:08:39.0981 0x18a4 [ 8EEC0269D86CFADD292C9B05F59F23ED, 779F863563F9F31B102EB7A7C1580281D73F083213B0DD17A82A9EF2886DFD79 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
21:08:40.0137 0x18a4 AcrSch2Svc - ok
21:08:40.0215 0x18a4 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:08:40.0231 0x18a4 AdobeARMservice - ok
21:08:40.0372 0x18a4 [ 04A7B373A727BD3ACD824621CF65AE70, 37FD3893811D8E7FDB2794AE18CB5A85D7FA13AB24DBEEF91F68832668204D21 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:08:40.0387 0x18a4 AdobeFlashPlayerUpdateSvc - ok
21:08:40.0419 0x18a4 ADP80XX - ok
21:08:40.0481 0x18a4 [ 8AFF4C773AAEEE8C8E028902B52713CD, D741A3B443179AC41617A4A9012A0D7E546A88590F5BE0EA578450D5CFB4BF42 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:08:40.0497 0x18a4 AERTFilters - ok
21:08:40.0637 0x18a4 [ 3B0908381A28DEFD42F42DBA9F06D39B, 3179AC9F26338D684CB806F29CD37EA75BE7F4553834F682E65ECE6D6D797FD4 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
21:08:40.0809 0x18a4 afcdpsrv - ok
21:08:40.0825 0x18a4 AFD - ok
21:08:40.0825 0x18a4 agp440 - ok
21:08:40.0825 0x18a4 ahcache - ok
21:08:40.0856 0x18a4 AJRouter - ok
21:08:40.0872 0x18a4 ALG - ok
21:08:40.0872 0x18a4 AmdK8 - ok
21:08:40.0887 0x18a4 AmdPPM - ok
21:08:40.0887 0x18a4 amdsata - ok
21:08:40.0887 0x18a4 amdsbs - ok
21:08:40.0887 0x18a4 amdxata - ok
21:08:40.0934 0x18a4 [ 7D9E301AB3247765702D0B65E2E47E50, 110F1D9A01F1DB36815B4CBF04E540958B760AC46955F7712D03F958F78734D0 ] AMPPAL C:\WINDOWS\System32\drivers\AMPPAL.sys
21:08:40.0950 0x18a4 AMPPAL - ok
21:08:40.0997 0x18a4 [ DA4AE4C68D135A210FB3E78CFF369EBD, 240BDBB2D9F97333BD78306FFBD56C1EB0DC2B5FED045EC2B6736155B36A97F5 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:08:41.0028 0x18a4 ApfiltrService - ok
21:08:41.0075 0x18a4 AppHostSvc - ok
21:08:41.0090 0x18a4 AppID - ok
21:08:41.0106 0x18a4 AppIDSvc - ok
21:08:41.0122 0x18a4 Appinfo - ok
21:08:41.0122 0x18a4 AppReadiness - ok
21:08:41.0137 0x18a4 AppXSvc - ok
21:08:41.0153 0x18a4 arcsas - ok
21:08:41.0262 0x18a4 aspnet_state - ok
21:08:41.0278 0x18a4 AsyncMac - ok
21:08:41.0278 0x18a4 atapi - ok
21:08:41.0294 0x18a4 AudioEndpointBuilder - ok
21:08:41.0309 0x18a4 Audiosrv - ok
21:08:41.0372 0x18a4 [ B18699497436228F1109132D669CF29A, 1A358BC7E7931FE43B1038E33EBEA365476E5A2EFB9476F47E3476A3669063FB ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys
21:08:41.0450 0x18a4 avc3 - ok
21:08:41.0497 0x18a4 [ 1251FB8BF8E6B6129065326A3E8A4378, 1AF1DAE71A8126A875AC3197FD69BCD52949DC08694A29EAB6FA3ED31695BDED ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys
21:08:41.0544 0x18a4 avckf - ok
21:08:41.0559 0x18a4 AxInstSV - ok
21:08:41.0575 0x18a4 b06bdrv - ok
21:08:41.0590 0x18a4 BasicDisplay - ok
21:08:41.0590 0x18a4 BasicRender - ok
21:08:41.0590 0x18a4 bcmfn - ok
21:08:41.0590 0x18a4 bcmfn2 - ok
21:08:41.0670 0x18a4 [ AEB6064A3363F2FD688352DA998DF8EE, EB7F025F2F692554C8EEE82B77CB34229749FF44FDEAC6F4801A2E795C30FEED ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
21:08:41.0685 0x18a4 BdDesktopParental - ok
21:08:41.0701 0x18a4 BDESVC - ok
21:08:41.0826 0x18a4 [ 9C3E3B1AC1DD7CDB58597A000C6BA215, 539233DE67BAEB416FE045D98835FBC152061C1A6088989F14C4746AC25BE18D ] BdfNdisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys
21:08:41.0826 0x18a4 BdfNdisf - ok
21:08:41.0873 0x18a4 [ 0B3BADC084AB1592D6E2D4CFA3AA2461, C62860DF753E455D2D4FFFE04CB26D84590947A4B41FA853D83A8F8EB9E80F9C ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
21:08:41.0873 0x18a4 bdfwfpf - ok
21:08:41.0920 0x18a4 [ 9036F27C0757ECCC7836C5E58D576FB0, 9637FEB50C88D5B0F38FA6328335A5E251BB371862B35B9E6FD96040BE0C2F10 ] bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys
21:08:41.0935 0x18a4 bdfwfpf_pc - ok
21:08:41.0967 0x18a4 [ D8FAF7CFBC81E5E15CA7A7EC8EE1B409, 75E60DF2147DFB109E628FDF80EB1BFA5360E5935BB9237B67053588F906E1B1 ] BDVEDISK C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
21:08:41.0982 0x18a4 BDVEDISK - ok
21:08:41.0998 0x18a4 Beep - ok
21:08:42.0013 0x18a4 BFE - ok
21:08:42.0029 0x18a4 BITS - ok
21:08:42.0045 0x18a4 bowser - ok
21:08:42.0060 0x18a4 BrokerInfrastructure - ok
21:08:42.0060 0x18a4 Browser - ok
21:08:42.0076 0x18a4 BthAvrcpTg - ok
21:08:42.0076 0x18a4 BthHFEnum - ok
21:08:42.0092 0x18a4 bthhfhid - ok
21:08:42.0107 0x18a4 BthHFSrv - ok
21:08:42.0123 0x18a4 BTHMODEM - ok
21:08:42.0123 0x18a4 bthserv - ok
21:08:42.0138 0x18a4 buttonconverter - ok
21:08:42.0138 0x18a4 CapImg - ok
21:08:42.0154 0x18a4 cdfs - ok
21:08:42.0170 0x18a4 CDPSvc - ok
21:08:42.0170 0x18a4 cdrom - ok
21:08:42.0170 0x18a4 CertPropSvc - ok
21:08:42.0185 0x18a4 circlass - ok
21:08:42.0185 0x18a4 CLFS - ok
21:08:42.0217 0x18a4 ClipSVC - ok
21:08:42.0232 0x18a4 CmBatt - ok
21:08:42.0248 0x18a4 CNG - ok
21:08:42.0248 0x18a4 cnghwassist - ok
21:08:42.0310 0x18a4 CompositeBus - ok
21:08:42.0326 0x18a4 COMSysApp - ok
21:08:42.0326 0x18a4 condrv - ok
21:08:42.0342 0x18a4 CoreMessagingRegistrar - ok
21:08:42.0467 0x18a4 [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
21:08:42.0529 0x18a4 cphs - ok
21:08:42.0560 0x18a4 CryptSvc - ok
21:08:42.0592 0x18a4 [ BC3D4F90978CD7C8EABD1BAF3BF7873A, 5978139650FC51BE0CAB12061702C7BC7BEDF6E7C3A047FF0A6328AA674E4226 ] CtClsFlt C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
21:08:42.0623 0x18a4 CtClsFlt - ok
21:08:42.0654 0x18a4 [ E12939C6D28957C960494DE2EEE30649, 883C02207A9D6DF5363C102DE4B31B3DDB5354B413F9C2FB77832C42EEE9C832 ] CySmb C:\WINDOWS\System32\drivers\cysmb.sys
21:08:42.0670 0x18a4 CySmb - ok
21:08:42.0685 0x18a4 dam - ok
21:08:42.0701 0x18a4 DcomLaunch - ok
21:08:42.0732 0x18a4 DcpSvc - ok
21:08:42.0763 0x18a4 [ B56714DED87E29377F1EE930691DADA2, B3C3BC4F546A786A93823C1471D560BF678A9C95237065E3B99B2B80E6C28131 ] DDDriver C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys
21:08:42.0779 0x18a4 DDDriver - ok
21:08:42.0779 0x18a4 defragsvc - ok
21:08:42.0935 0x18a4 [ E554163D138B79CD8C6EDF73187FC635, 0EDC0B76437B145607C39288F3E6B92975E3B406859EA8213BBE635A0C21922D ] DellDataVault C:\Program Files\Dell\DellDataVault\DellDataVault.exe
21:08:43.0060 0x18a4 DellDataVault - ok
21:08:43.0092 0x18a4 [ D8F74B93897C8FDF2EAF4C99E30500A4, 565D69AE486074C3E2D30EC8DCF11D720F1887BF45BF7EE1DF24DB012ED1F4A3 ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
21:08:43.0107 0x18a4 DellDataVaultWiz - ok
21:08:43.0138 0x18a4 [ DC3BD578642252FD9569B9CD75CEF81E, 63F44BC19389C19BA9F9E974BF2E5236AF7F66D9076943B9CF46775264BBE413 ] DellProf C:\WINDOWS\system32\drivers\DellProf.sys
21:08:43.0154 0x18a4 DellProf - ok
21:08:43.0170 0x18a4 DeviceAssociationService - ok
21:08:43.0185 0x18a4 DeviceInstall - ok
21:08:43.0201 0x18a4 DevQueryBroker - ok
21:08:43.0217 0x18a4 Dfsc - ok
21:08:43.0248 0x18a4 Dhcp - ok
21:08:43.0295 0x18a4 diagnosticshub.standardcollector.service - ok
21:08:43.0310 0x18a4 DiagTrack - ok
21:08:43.0342 0x18a4 disk - ok
21:08:43.0388 0x18a4 DmEnrollmentSvc - ok
21:08:43.0388 0x18a4 dmvsc - ok
21:08:43.0388 0x18a4 dmwappushservice - ok
21:08:43.0404 0x18a4 Dnscache - ok
21:08:43.0420 0x18a4 dot3svc - ok
21:08:43.0420 0x18a4 DPS - ok
21:08:43.0451 0x18a4 drmkaud - ok
21:08:43.0451 0x18a4 DsmSvc - ok
21:08:43.0467 0x18a4 DsSvc - ok
21:08:43.0467 0x18a4 DXGKrnl - ok
21:08:43.0498 0x18a4 Eaphost - ok
21:08:43.0498 0x18a4 ebdrv - ok
21:08:43.0513 0x18a4 EFS - ok
21:08:43.0513 0x18a4 EhStorClass - ok
21:08:43.0529 0x18a4 EhStorTcgDrv - ok
21:08:43.0545 0x18a4 embeddedmode - ok
21:08:43.0732 0x18a4 [ 6B0564B6DDD28E36A59A7F322E0AE2D6, D8F73C7406F45ACFE8EB7C7EB9593EF577627A00843316194BDF973E2FB824FE ] EMET_Service C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
21:08:43.0748 0x18a4 EMET_Service - ok
21:08:43.0779 0x18a4 EntAppSvc - ok
21:08:43.0795 0x18a4 ErrDev - ok
21:08:43.0826 0x18a4 EventSystem - ok
21:08:43.0826 0x18a4 exfat - ok
21:08:43.0826 0x18a4 fastfat - ok
21:08:43.0842 0x18a4 Fax - ok
21:08:43.0842 0x18a4 fdc - ok
21:08:43.0857 0x18a4 fdPHost - ok
21:08:43.0857 0x18a4 FDResPub - ok
21:08:43.0857 0x18a4 fhsvc - ok
21:08:43.0873 0x18a4 FileCrypt - ok
21:08:43.0873 0x18a4 FileInfo - ok
21:08:43.0888 0x18a4 Filetrace - ok
21:08:43.0920 0x18a4 [ 72CC30F0D6DF8D3FBD5CD728259A8F69, F7774D35B38F35E31A8EEE37FF2F203C1CED433FF84EC265CD92B38CBFE3AB8F ] file_tracker C:\WINDOWS\system32\DRIVERS\file_tracker.sys
21:08:43.0935 0x18a4 file_tracker - ok
21:08:43.0951 0x18a4 flpydisk - ok
21:08:43.0951 0x18a4 FltMgr - ok
21:08:43.0982 0x18a4 [ 9BD0273A5B650CC16E8A54AD9B312BEB, 1AA219C4CC29E8301075537A330CC7FB677CD884AABD8FB3D99CFBEA1AB4CDF2 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
21:08:43.0982 0x18a4 fltsrv - ok
21:08:44.0014 0x18a4 FontCache - ok
21:08:44.0123 0x18a4 FontCache3.0.0.0 - ok
21:08:44.0123 0x18a4 FsDepends - ok
21:08:44.0123 0x18a4 Fs_Rec - ok
21:08:44.0138 0x18a4 fvevol - ok
21:08:44.0138 0x18a4 gagp30kx - ok
21:08:44.0201 0x18a4 gencounter - ok
21:08:44.0217 0x18a4 genericusbfn - ok
21:08:44.0326 0x18a4 [ 5031F3E650D242EEECEB92EB9900FB93, FB51ADB81AC3E0097362BAECEC4F0C83C46E5505277B7F35FDCE9BF88B72C963 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
21:08:44.0373 0x18a4 GfExperienceService - ok
21:08:44.0388 0x18a4 GPIOClx0101 - ok
21:08:44.0404 0x18a4 gpsvc - ok
21:08:44.0404 0x18a4 GpuEnergyDrv - ok
21:08:44.0435 0x18a4 [ 06BFA49C4D999E93E214DB4E8044DE0B, 5E339A2A6858AA59F8B0879AB4CB87DBC6622322259CB612594552DDE831ACD0 ] gzflt C:\WINDOWS\system32\DRIVERS\gzflt.sys
21:08:44.0451 0x18a4 gzflt - ok
21:08:44.0451 0x18a4 HDAudBus - ok
21:08:44.0451 0x18a4 HidBatt - ok
21:08:44.0451 0x18a4 HidBth - ok
21:08:44.0467 0x18a4 hidi2c - ok
21:08:44.0467 0x18a4 hidinterrupt - ok
21:08:44.0467 0x18a4 HidIr - ok
21:08:44.0467 0x18a4 hidserv - ok
21:08:44.0482 0x18a4 HidUsb - ok
21:08:44.0514 0x18a4 [ D018C0E0A97905D0859DCD970BE4CE2A, 969B5FF4E762BC84F9B6588ECC9B08026519E081ACC1182885E163762CC3E21A ] hitmanpro37 C:\WINDOWS\system32\drivers\hitmanpro37.sys
21:08:44.0529 0x18a4 hitmanpro37 - ok
21:08:44.0560 0x18a4 HomeGroupListener - ok
21:08:44.0576 0x18a4 HomeGroupProvider - ok
21:08:44.0576 0x18a4 HpSAMD - ok
21:08:44.0598 0x18a4 HTTP - ok
21:08:44.0708 0x18a4 [ E5805896A55D4166C20F216249F40FA3, F426BF60D5B916E7A778EF24C49FE1FFE1B2977C2ABD2977FD5C38C6E6CB139F ] HWiNFO32 C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
21:08:44.0723 0x18a4 HWiNFO32 - ok
21:08:44.0723 0x18a4 hwpolicy - ok
21:08:44.0723 0x18a4 hyperkbd - ok
21:08:44.0739 0x18a4 HyperVideo - ok
21:08:44.0739 0x18a4 i8042prt - ok
21:08:44.0754 0x18a4 iai2c - ok
21:08:44.0754 0x18a4 iaLPSS2i_I2C - ok
21:08:44.0754 0x18a4 iaLPSSi_GPIO - ok
21:08:44.0754 0x18a4 iaLPSSi_I2C - ok
21:08:44.0770 0x18a4 iaStorAV - ok
21:08:44.0770 0x18a4 iaStorV - ok
21:08:44.0770 0x18a4 ibbus - ok
21:08:44.0801 0x18a4 icssvc - ok
21:08:44.0817 0x18a4 IEEtwCollectorService - ok
21:08:44.0989 0x18a4 [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
21:08:45.0208 0x18a4 igfx - ok
21:08:45.0223 0x18a4 IKEEXT - ok
21:08:45.0270 0x18a4 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\WINDOWS\system32\drivers\Impcd.sys
21:08:45.0286 0x18a4 Impcd - ok
21:08:45.0458 0x18a4 [ 93E07E34AC803B37CD196662FDBA38F8, 540DC5C9EA3361C686A78CFCD4CB0AAA15827A00D4D2F7FFA0D6B791D41BC986 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
21:08:45.0630 0x18a4 IntcAzAudAddService - ok
21:08:45.0645 0x18a4 intelide - ok
21:08:45.0645 0x18a4 intelpep - ok
21:08:45.0661 0x18a4 intelppm - ok
21:08:45.0661 0x18a4 IoQos - ok
21:08:45.0661 0x18a4 IpFilterDriver - ok
21:08:45.0676 0x18a4 iphlpsvc - ok
21:08:45.0676 0x18a4 IPMIDRV - ok
21:08:45.0692 0x18a4 IPNAT - ok
21:08:45.0692 0x18a4 IRENUM - ok
21:08:45.0708 0x18a4 isapnp - ok
21:08:45.0708 0x18a4 iScsiPrt - ok
21:08:45.0739 0x18a4 [ 716F66336F10885D935B08174DC54242, 1992708956A2A45A8870CFCB532F3ABF24B1143B75EF32AB1F59D5D86E65F493 ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
21:08:45.0755 0x18a4 iwdbus - ok
21:08:45.0755 0x18a4 kbdclass - ok
21:08:45.0755 0x18a4 kbdhid - ok
21:08:45.0755 0x18a4 kdnic - ok
21:08:45.0786 0x18a4 [ 547E9B25B4407A125D5F187E918BC217, 036C1151A30A9C25AFC961D7305C58CBF8F68E5E5C1E726565C9A8168C2F3CDB ] keycrypt C:\WINDOWS\system32\DRIVERS\KeyCrypt64.sys
21:08:45.0801 0x18a4 keycrypt - ok
21:08:45.0817 0x18a4 KeyIso - ok
21:08:45.0817 0x18a4 KSecDD - ok
21:08:45.0833 0x18a4 KSecPkg - ok
21:08:45.0833 0x18a4 ksthunk - ok
21:08:45.0848 0x18a4 KtmRm - ok
21:08:45.0864 0x18a4 LanmanServer - ok
21:08:45.0911 0x18a4 LanmanWorkstation - ok
21:08:45.0958 0x18a4 lfsvc - ok
21:08:45.0973 0x18a4 LicenseManager - ok
21:08:46.0005 0x18a4 lltdio - ok
21:08:46.0005 0x18a4 lltdsvc - ok
21:08:46.0020 0x18a4 lmhosts - ok
21:08:46.0098 0x18a4 [ 7F32D4C47A50E7223491E8FB9359907D, 6D3F59A8D006BED3234697933D09C8EE8F7A9F4A4196CFA878F8E8A929B24CE5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:08:46.0130 0x18a4 LMS - ok
21:08:46.0145 0x18a4 LSI_SAS - ok
21:08:46.0145 0x18a4 LSI_SAS2i - ok
21:08:46.0145 0x18a4 LSI_SAS3i - ok
21:08:46.0161 0x18a4 LSI_SSS - ok
21:08:46.0161 0x18a4 LSM - ok
21:08:46.0176 0x18a4 luafv - ok
21:08:46.0192 0x18a4 MapsBroker - ok
21:08:46.0192 0x18a4 megasas - ok
21:08:46.0192 0x18a4 megasr - ok
21:08:46.0223 0x18a4 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
21:08:46.0223 0x18a4 MEIx64 - ok
21:08:46.0223 0x18a4 MessagingService - ok
21:08:46.0239 0x18a4 mlx4_bus - ok
21:08:46.0255 0x18a4 MMCSS - ok
21:08:46.0255 0x18a4 Modem - ok
21:08:46.0255 0x18a4 monitor - ok
21:08:46.0270 0x18a4 mouclass - ok
21:08:46.0270 0x18a4 mouhid - ok
21:08:46.0270 0x18a4 mountmgr - ok
21:08:46.0333 0x18a4 [ 63282F5EB7E5BFB58FD1EC93C6ADB457, 25096C4AE319E854153C75DCEC0A67A63F6B05FDD0B49D4D373724B3BF55D665 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:08:46.0348 0x18a4 MozillaMaintenance - ok
21:08:46.0348 0x18a4 mpsdrv - ok
21:08:46.0348 0x18a4 MpsSvc - ok
21:08:46.0380 0x18a4 MQAC - ok
21:08:46.0380 0x18a4 MRxDAV - ok
21:08:46.0380 0x18a4 mrxsmb - ok
21:08:46.0395 0x18a4 mrxsmb10 - ok
21:08:46.0395 0x18a4 mrxsmb20 - ok
21:08:46.0395 0x18a4 MsBridge - ok
21:08:46.0411 0x18a4 MSDTC - ok
21:08:46.0411 0x18a4 Msfs - ok
21:08:46.0426 0x18a4 msgpiowin32 - ok
21:08:46.0426 0x18a4 mshidkmdf - ok
21:08:46.0426 0x18a4 mshidumdf - ok
21:08:46.0442 0x18a4 msisadrv - ok
21:08:46.0458 0x18a4 MSiSCSI - ok
21:08:46.0458 0x18a4 msiserver - ok
21:08:46.0458 0x18a4 MSKSSRV - ok
21:08:46.0473 0x18a4 MsLldp - ok
21:08:46.0489 0x18a4 MSMQ - ok
21:08:46.0489 0x18a4 MSPCLOCK - ok
21:08:46.0489 0x18a4 MSPQM - ok
21:08:46.0489 0x18a4 MsRPC - ok
21:08:46.0505 0x18a4 mssmbios - ok
21:08:46.0505 0x18a4 MSTEE - ok
21:08:46.0505 0x18a4 MTConfig - ok
21:08:46.0520 0x18a4 Mup - ok
21:08:46.0520 0x18a4 mvumis - ok
21:08:46.0520 0x18a4 NativeWifiP - ok
21:08:46.0551 0x18a4 NcaSvc - ok
21:08:46.0567 0x18a4 NcbService - ok
21:08:46.0583 0x18a4 NcdAutoSetup - ok
21:08:46.0583 0x18a4 ndfltr - ok
21:08:46.0583 0x18a4 NDIS - ok
21:08:46.0598 0x18a4 NdisCap - ok
21:08:46.0598 0x18a4 NdisImPlatform - ok
21:08:46.0598 0x18a4 NdisTapi - ok
21:08:46.0614 0x18a4 Ndisuio - ok
21:08:46.0614 0x18a4 NdisVirtualBus - ok
21:08:46.0630 0x18a4 NdisWan - ok
21:08:46.0630 0x18a4 ndiswanlegacy - ok
21:08:46.0630 0x18a4 ndproxy - ok
21:08:46.0630 0x18a4 Ndu - ok
21:08:46.0645 0x18a4 NetBIOS - ok
21:08:46.0645 0x18a4 NetBT - ok
21:08:46.0645 0x18a4 Netlogon - ok
21:08:46.0692 0x18a4 Netman - ok
21:08:46.0786 0x18a4 NetMsmqActivator - ok
21:08:46.0786 0x18a4 NetPipeActivator - ok
21:08:46.0786 0x18a4 netprofm - ok
21:08:46.0801 0x18a4 NetSetupSvc - ok
21:08:46.0801 0x18a4 NetTcpActivator - ok
21:08:46.0801 0x18a4 NetTcpPortSharing - ok
21:08:46.0817 0x18a4 netvsc - ok
21:08:47.0145 0x18a4 [ BB92813C0806A005ACA240222CE198C9, 8AA52F4FC5C7B96EAA9A95338AA5860A596FDA2998D7925071D60943260555FB ] NETwNs64 C:\WINDOWS\System32\drivers\NETwsw00.sys
21:08:47.0286 0x28f0 Object required for P2P: [ 04A7B373A727BD3ACD824621CF65AE70 ] AdobeFlashPlayerUpdateSvc
21:08:47.0536 0x18a4 NETwNs64 - ok
21:08:47.0583 0x18a4 NgcCtnrSvc - ok
21:08:47.0583 0x18a4 NgcSvc - ok
21:08:47.0598 0x18a4 NlaSvc - ok
21:08:47.0598 0x18a4 Npfs - ok
21:08:47.0630 0x18a4 npsvctrig - ok
21:08:47.0630 0x18a4 nsi - ok
21:08:47.0630 0x18a4 nsiproxy - ok
21:08:47.0645 0x18a4 NTFS - ok
21:08:47.0645 0x18a4 Null - ok
21:08:48.0005 0x18a4 [ DF0BB2C179476D312B7BC0056CEC50A6, 64CC3201FA903E0EC9C99BE167C439C14A4C9AC2A88898B64789EEB381DB97B6 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
21:08:48.0395 0x18a4 nvlddmkm - ok
21:08:48.0536 0x18a4 [ 4EBEE69A8FE7DC85FD3C122821C617A0, 7193C14DEB4C5B0D86C5C6841C80879C28E1FDA8F77879EB18A3D2685C67B986 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
21:08:48.0677 0x18a4 NvNetworkService - ok
21:08:48.0708 0x18a4 [ 2328DC3622412EE112868645DA013075, 361A3D2FDE53F5EAF3068A64F7848020C62B256C3F08BE5F863544A0747DD2D6 ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
21:08:48.0708 0x18a4 nvpciflt - ok
21:08:48.0708 0x18a4 nvraid - ok
21:08:48.0723 0x18a4 nvstor - ok
21:08:48.0817 0x18a4 [ 0EF30778078D7B5877F8F57151699798, B0409C79143BDBB774C3C740CCA8EB77CF67915E59EC6050DB993ED0575EC077 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
21:08:48.0833 0x18a4 NvStreamKms - ok
21:08:48.0989 0x18a4 [ D23A07D549243F5B77780BAA4FBF5BC3, 5BC5161CAE6BE6382BDCDE9B1CDD5F4DEBC3EA18D01B0E261AF716FDB04154BC ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
21:08:49.0177 0x18a4 NvStreamSvc - ok
21:08:49.0239 0x18a4 [ DFCCA437717EACA8418F47992A41B39A, E587A629B894EE6A16AC414747D492FFC6B6E9F051B40F7D25F0D4406E2FF919 ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
21:08:49.0302 0x18a4 nvsvc - ok
21:08:49.0333 0x18a4 [ 4F00008B513F4019623ED61159363888, A1047FF1FCF3ED405C3426C8959AD10426F30E3F58E95BFD6ADF1DBC947AB379 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
21:08:49.0348 0x18a4 nvvad_WaveExtensible - ok
21:08:49.0364 0x18a4 nv_agp - ok
21:08:49.0380 0x18a4 OneSyncSvc - ok
21:08:49.0411 0x18a4 p2pimsvc - ok
21:08:49.0427 0x18a4 p2psvc - ok
21:08:49.0442 0x18a4 Parport - ok
21:08:49.0442 0x18a4 partmgr - ok
21:08:49.0442 0x18a4 PcaSvc - ok
21:08:49.0458 0x18a4 pci - ok
21:08:49.0458 0x18a4 pciide - ok
21:08:49.0458 0x18a4 pcmcia - ok
21:08:49.0473 0x18a4 pcw - ok
21:08:49.0473 0x18a4 pdc - ok
21:08:49.0489 0x18a4 PEAUTH - ok
21:08:49.0505 0x18a4 percsas2i - ok
21:08:49.0505 0x18a4 percsas3i - ok
21:08:49.0583 0x18a4 PerfHost - ok
21:08:49.0614 0x18a4 PhoneSvc - ok
21:08:49.0630 0x18a4 PimIndexMaintenanceSvc - ok
21:08:49.0645 0x18a4 pla - ok
21:08:49.0661 0x18a4 PlugPlay - ok
21:08:49.0677 0x18a4 PNRPAutoReg - ok
21:08:49.0677 0x18a4 PNRPsvc - ok
21:08:49.0708 0x18a4 [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64 C:\WINDOWS\System32\drivers\point64.sys
21:08:49.0723 0x18a4 Point64 - ok
21:08:49.0739 0x18a4 PolicyAgent - ok
21:08:49.0739 0x18a4 Power - ok
21:08:49.0755 0x18a4 PptpMiniport - ok
21:08:49.0786 0x18a4 PrintNotify - ok
21:08:49.0802 0x18a4 Processor - ok
21:08:49.0802 0x18a4 ProfSvc - ok
21:08:49.0817 0x18a4 Psched - ok
21:08:49.0848 0x28f0 Object send P2P result: true
21:08:49.0848 0x28f0 Object required for P2P: [ 9036F27C0757ECCC7836C5E58D576FB0 ] bdfwfpf_pc
21:08:49.0848 0x18a4 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
21:08:49.0848 0x18a4 PSI - ok
21:08:49.0880 0x18a4 [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\WINDOWS\system32\Drivers\PxHlpa64.sys
21:08:49.0895 0x18a4 PxHlpa64 - ok
21:08:49.0911 0x18a4 QWAVE - ok
21:08:49.0911 0x18a4 QWAVEdrv - ok
21:08:49.0927 0x18a4 RasAcd - ok
21:08:49.0942 0x18a4 RasAgileVpn - ok
21:08:49.0942 0x18a4 RasAuto - ok
21:08:49.0958 0x18a4 Rasl2tp - ok
21:08:49.0958 0x18a4 RasMan - ok
21:08:49.0973 0x18a4 RasPppoe - ok
21:08:49.0973 0x18a4 RasSstp - ok
21:08:49.0973 0x18a4 rdbss - ok
21:08:49.0989 0x18a4 rdpbus - ok
21:08:49.0989 0x18a4 RDPDR - ok
21:08:50.0005 0x18a4 RdpVideoMiniport - ok
21:08:50.0005 0x18a4 rdyboost - ok
21:08:50.0005 0x18a4 ReFSv1 - ok
21:08:50.0020 0x18a4 RemoteAccess - ok
21:08:50.0020 0x18a4 RemoteRegistry - ok
21:08:50.0020 0x18a4 RetailDemo - ok
21:08:50.0161 0x18a4 [ 3C957189B31C34D3AD21967B12B6AED7, 878FE6EA03F60592D6D557B905A5119E2CC836C2A6A86ED2867C3C9B0F0FDBA2 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:08:50.0255 0x18a4 RoxMediaDB12OEM - ok
21:08:50.0302 0x18a4 [ 2B73088CC2CA757A172B425C9398E5BC, 3D296B4D6F66F7729CC48FE54456E6E6D8207DBA7E31D66653566C128E53163B ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:08:50.0317 0x18a4 RoxWatch12 - ok
21:08:50.0333 0x18a4 RpcEptMapper - ok
21:08:50.0348 0x18a4 RpcLocator - ok
21:08:50.0348 0x18a4 RpcSs - ok
21:08:50.0364 0x18a4 rspndr - ok
21:08:50.0395 0x18a4 [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR C:\WINDOWS\System32\Drivers\RtsUStor.sys
21:08:50.0411 0x18a4 RSUSBSTOR - ok
21:08:50.0458 0x18a4 [ F5C08707F5B16E53110A6FD074C326DD, 732D8D1C765C5C1E4E1C7D29E723E144061D2BADD6A63BAB3E27D1845D7D3E7B ] rt640x64 C:\WINDOWS\System32\drivers\rt640x64.sys
21:08:50.0505 0x18a4 rt640x64 - ok
21:08:50.0567 0x18a4 [ 23A922B92A854B9846D3D41EFBBF3A4B, 37E80E5D11D79D1F5CE5B19430C455D82DE21A18B84BD03778325C518E321373 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
21:08:50.0583 0x18a4 RtkAudioService - ok
21:08:50.0645 0x18a4 [ E2AD4EE81F401ADDAAA1DB9561058629, C33BC12DC7EB70538902C1D326C415C87E76388FF0B5AA30E4B8D162228FE73A ] RTSUER C:\WINDOWS\system32\Drivers\RtsUer.sys
21:08:50.0661 0x18a4 RTSUER - ok
21:08:50.0661 0x18a4 s3cap - ok
21:08:50.0692 0x18a4 SamSs - ok
21:08:50.0692 0x18a4 sbp2port - ok
21:08:50.0723 0x18a4 SCardSvr - ok
21:08:50.0755 0x18a4 ScDeviceEnum - ok
21:08:50.0755 0x18a4 scfilter - ok
21:08:50.0786 0x18a4 Schedule - ok
21:08:50.0786 0x18a4 SCPolicySvc - ok
21:08:50.0802 0x18a4 sdbus - ok
21:08:50.0802 0x18a4 SDRSVC - ok
21:08:50.0817 0x18a4 sdstor - ok
21:08:50.0817 0x18a4 seclogon - ok
21:08:50.0911 0x18a4 [ BE43B6172AC5961017762AB3C9B9B4C6, 209356410729F5DB8E9CB64B7F32638CE4C1559B5FA10B66C69C0650A0ADD36E ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:08:50.0989 0x18a4 Secunia PSI Agent - ok
21:08:51.0036 0x18a4 [ C85EE9529401BF0467DACEB3D4BD1EAF, 4CB441A39C4FF3417B9046BEB237B3043A105A0112F5A04444F431C7F77C3D4B ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
21:08:51.0098 0x18a4 Secunia Update Agent - ok
21:08:51.0114 0x18a4 SENS - ok
21:08:51.0130 0x18a4 SensorDataService - ok
21:08:51.0145 0x18a4 SensorService - ok
21:08:51.0161 0x18a4 SensrSvc - ok
21:08:51.0177 0x18a4 SerCx - ok
21:08:51.0192 0x18a4 SerCx2 - ok
21:08:51.0208 0x18a4 Serenum - ok
21:08:51.0208 0x18a4 Serial - ok
21:08:51.0223 0x18a4 sermouse - ok
21:08:51.0239 0x18a4 SessionEnv - ok
21:08:51.0255 0x18a4 sfloppy - ok
21:08:51.0270 0x18a4 SharedAccess - ok
21:08:51.0270 0x18a4 ShellHWDetection - ok
21:08:51.0286 0x18a4 SiSRaid2 - ok
21:08:51.0286 0x18a4 SiSRaid4 - ok
21:08:51.0317 0x18a4 [ 544788D536087DAF32B846F10D8392F5, D38C18ED147BE4BC7CE5DB50DA1DEEEBD192E1D615B2A3F3B5957A1421B9A2C2 ] SLEE_17_DRIVER C:\Windows\Sleen1764.sys
21:08:51.0333 0x18a4 SLEE_17_DRIVER - ok
21:08:51.0348 0x18a4 smphost - ok
21:08:51.0364 0x18a4 SmsRouter - ok
21:08:51.0411 0x18a4 [ 2F7A6F88A9516EB47B0BF13024434244, 5FC5635D077AAA42853F78306C941995B56E939015CC3F27D376CBD9395C7410 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
21:08:51.0427 0x18a4 snapman - ok
21:08:51.0442 0x18a4 SNMPTRAP - ok
21:08:51.0442 0x18a4 spaceport - ok
21:08:51.0458 0x18a4 SpbCx - ok
21:08:51.0458 0x18a4 Spooler - ok
21:08:51.0458 0x18a4 sppsvc - ok
21:08:51.0473 0x18a4 srv - ok
21:08:51.0473 0x18a4 srv2 - ok
21:08:51.0473 0x18a4 srvnet - ok
21:08:51.0520 0x18a4 SSDPSRV - ok
21:08:51.0520 0x18a4 SstpSvc - ok
21:08:51.0536 0x18a4 StateRepository - ok
21:08:51.0536 0x18a4 Steganos Volatile Disk - ok
21:08:51.0630 0x18a4 [ 601F0449030798FDFB2932F902C24C98, 95D5BEFF5E909513C6823FC115259FF7C5AD695C5992874B612248D9616F5DA5 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:08:51.0677 0x18a4 Stereo Service - ok
21:08:51.0677 0x18a4 stexstor - ok
21:08:51.0723 0x18a4 [ 70D9E406A1170A801B0D9CCECF9D6914, DD4B6A77B6BFFE2D10B4CD11E9856542A161D20C1BAC13790F12D87072F055F5 ] STGMFEngine64 C:\Windows\system32\drivers\STGMFEngine64.sys
21:08:51.0739 0x18a4 STGMFEngine64 - ok
21:08:51.0755 0x18a4 stisvc - ok
21:08:51.0802 0x18a4 [ 7731F46EC0D687A931CBA063E8F90EF0, 5CF996A209756B901316C4406C7D3E52ECC9C15A1BDB0D4D9C77846AB29FD040 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:08:51.0817 0x18a4 stllssvr - ok
21:08:51.0817 0x18a4 storahci - ok
21:08:51.0833 0x18a4 storflt - ok
21:08:51.0849 0x18a4 stornvme - ok
21:08:51.0849 0x18a4 storqosflt - ok
21:08:51.0864 0x18a4 StorSvc - ok
21:08:51.0880 0x18a4 storufs - ok
21:08:51.0880 0x18a4 storvsc - ok
21:08:51.0974 0x18a4 [ 9CC3E88C12CC5A421FC049EB6C292D36, D1741C300B760624AEEAA226F6AF8EBDFB721CF4C4A41DF502B836DB6D5EE338 ] SupportAssistAgent C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
21:08:51.0989 0x18a4 SupportAssistAgent - ok
21:08:52.0020 0x18a4 svsvc - ok
21:08:52.0036 0x18a4 swenum - ok
21:08:52.0036 0x18a4 swprv - ok
21:08:52.0302 0x18a4 [ 06A5A15C89E5F2C08D0C595C1DA776AF, EEFC5803E3C76115DF24B00A4BD6F3196D6CD87049802EF58BE6CF2CCB758FBF ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
21:08:52.0333 0x28f0 Object send P2P result: true
21:08:52.0333 0x28f0 Object required for P2P: [ E554163D138B79CD8C6EDF73187FC635 ] DellDataVault
21:08:52.0552 0x18a4 syncagentsrv - ok
21:08:52.0599 0x18a4 Synth3dVsc - ok
21:08:52.0599 0x18a4 SysMain - ok
21:08:52.0614 0x18a4 SystemEventsBroker - ok
21:08:52.0630 0x18a4 TabletInputService - ok
21:08:52.0661 0x18a4 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
21:08:52.0661 0x18a4 tap0901 - ok
21:08:52.0677 0x18a4 TapiSrv - ok
21:08:52.0677 0x18a4 Tcpip - ok
21:08:52.0692 0x18a4 Tcpip6 - ok
21:08:52.0692 0x18a4 tcpipreg - ok
21:08:52.0724 0x18a4 tdx - ok
21:08:52.0724 0x18a4 terminpt - ok
21:08:52.0724 0x18a4 TermService - ok
21:08:52.0739 0x18a4 Themes - ok
21:08:52.0786 0x18a4 [ AEEEB1EE424A8D6F17B3A6461E0FC7E6, 3A5FD27DF6132E84DC03366FB684B31A454C0805A5E4EA0C67B0CE85FF446B93 ] tib C:\WINDOWS\system32\DRIVERS\tib.sys
21:08:52.0833 0x18a4 tib - ok
21:08:52.0864 0x18a4 [ 3813F93D8A69EDE68913CC3050640FE3, 4931BC6DA6FD0808C985CD6202FB759F6B8DE8957FB44E6AD8844EA58C891AC1 ] tib_mounter C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
21:08:52.0880 0x18a4 tib_mounter - ok
21:08:52.0911 0x18a4 TieringEngineService - ok
21:08:52.0927 0x18a4 tiledatamodelsvc - ok
21:08:52.0927 0x18a4 TimeBroker - ok
21:08:52.0942 0x18a4 TPM - ok
21:08:52.0942 0x18a4 TrkWks - ok
21:08:52.0989 0x18a4 [ FE3D70DE933A481284FCE7D5DB5DCE50, A2A1C6AEED6417FCEE5990CD766B2A78D9037583B57617418242D98C031617F2 ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
21:08:53.0005 0x18a4 trufos - ok
21:08:53.0052 0x18a4 TrustedInstaller - ok
21:08:53.0067 0x18a4 tsusbflt - ok
21:08:53.0083 0x18a4 TsUsbGD - ok
21:08:53.0099 0x18a4 tunnel - ok
21:08:53.0130 0x18a4 [ FD24F98D2898BE093FE926604BE7DB99, F9851C57A2ED838AC76BB19FE2F62BB81C57DBBE2A2555F738B5D6725D39AD61 ] TurboB C:\WINDOWS\system32\DRIVERS\TurboB.sys
21:08:53.0145 0x18a4 TurboB - ok
21:08:53.0208 0x18a4 [ 600B406A04D90F577FEA8A88D7379F08, 77CC8E8AFB6F571A42D916C0B2FEFFD3A7A32A455C78228B407C6C9B6DED8CAD ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:08:53.0224 0x18a4 TurboBoost - ok
21:08:53.0255 0x18a4 tzautoupdate - ok
21:08:53.0270 0x18a4 uagp35 - ok
21:08:53.0270 0x18a4 UASPStor - ok
21:08:53.0270 0x18a4 UcmCx0101 - ok
21:08:53.0286 0x18a4 UcmUcsi - ok
21:08:53.0286 0x18a4 Ucx01000 - ok
21:08:53.0286 0x18a4 UdeCx - ok
21:08:53.0302 0x18a4 udfs - ok
21:08:53.0302 0x18a4 UEFI - ok
21:08:53.0317 0x18a4 Ufx01000 - ok
21:08:53.0333 0x18a4 UfxChipidea - ok
21:08:53.0333 0x18a4 ufxsynopsys - ok
21:08:53.0364 0x18a4 UI0Detect - ok
21:08:53.0364 0x18a4 uliagpkx - ok
21:08:53.0364 0x18a4 umbus - ok
21:08:53.0380 0x18a4 UmPass - ok
21:08:53.0411 0x18a4 UmRdpService - ok
21:08:53.0427 0x18a4 UnistoreSvc - ok
21:08:53.0567 0x18a4 [ 2C16648A12999AE69A9EBF41974B0BA2, 06008F61B6EC36CD34CB8C4BA983371DB7A9F4BEE15E5329F5E90FEEE300D258 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:08:53.0614 0x1828 Object required for P2P: [ 63282F5EB7E5BFB58FD1EC93C6ADB457 ] MozillaMaintenance
21:08:53.0692 0x18a4 UNS - ok
21:08:53.0755 0x18a4 [ 547FC25EE3FF3C3EC02D6A828644C0A2, 8901E977FF4B822DFA485D09C96F74B5F82ED994EFE94F59F35B7817500E110A ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
21:08:53.0770 0x18a4 UPDATESRV - ok
21:08:53.0770 0x18a4 upnphost - ok
21:08:53.0786 0x18a4 UrsChipidea - ok
21:08:53.0802 0x18a4 UrsCx01000 - ok
21:08:53.0802 0x18a4 UrsSynopsys - ok
21:08:53.0817 0x18a4 usbccgp - ok
21:08:53.0833 0x18a4 usbcir - ok
21:08:53.0833 0x18a4 usbehci - ok
21:08:53.0833 0x18a4 usbhub - ok
21:08:53.0849 0x18a4 USBHUB3 - ok
21:08:53.0849 0x18a4 usbohci - ok
21:08:53.0864 0x18a4 usbprint - ok
21:08:53.0864 0x18a4 usbser - ok
21:08:53.0864 0x18a4 USBSTOR - ok
21:08:53.0880 0x18a4 usbuhci - ok
21:08:53.0880 0x18a4 usbvideo - ok
21:08:53.0880 0x18a4 USBXHCI - ok
21:08:53.0927 0x18a4 UserDataSvc - ok
21:08:53.0942 0x18a4 UserManager - ok
21:08:53.0958 0x18a4 UsoSvc - ok
21:08:53.0958 0x18a4 VaultSvc - ok
21:08:53.0958 0x18a4 vdrvroot - ok
21:08:53.0974 0x18a4 vds - ok
21:08:53.0989 0x18a4 VerifierExt - ok
21:08:53.0989 0x18a4 vhdmp - ok
21:08:53.0989 0x18a4 vhf - ok
21:08:54.0052 0x18a4 [ 905DD422D28A32FACE8AE695B3823843, 7C3742B668CE02B9229A366EC5F2EDADD613ECDCD035FF8A2E6D1DA4406715FC ] vidsflt67 C:\WINDOWS\system32\DRIVERS\vsflt67.sys
21:08:54.0052 0x18a4 vidsflt67 - ok
21:08:54.0067 0x18a4 vmbus - ok
21:08:54.0067 0x18a4 VMBusHID - ok
21:08:54.0099 0x18a4 vmicguestinterface - ok
21:08:54.0099 0x18a4 vmicheartbeat - ok
21:08:54.0099 0x18a4 vmickvpexchange - ok
21:08:54.0114 0x18a4 vmicrdv - ok
21:08:54.0114 0x18a4 vmicshutdown - ok
21:08:54.0114 0x18a4 vmictimesync - ok
21:08:54.0130 0x18a4 vmicvmsession - ok
21:08:54.0130 0x18a4 vmicvss - ok
21:08:54.0130 0x18a4 volmgr - ok
21:08:54.0145 0x18a4 volmgrx - ok
21:08:54.0145 0x18a4 volsnap - ok
21:08:54.0145 0x18a4 vpci - ok
21:08:54.0161 0x18a4 vsmraid - ok
21:08:54.0161 0x18a4 VSS - ok
21:08:54.0239 0x18a4 [ 96DF3F150627FAB3098583B8A8A2A097, 51873F374E8ED4250BA823D9C015D174C3D03A9B5AF266530761539DB993D831 ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
21:08:54.0302 0x18a4 VSSERV - ok
21:08:54.0317 0x18a4 VSTXRAID - ok
21:08:54.0333 0x18a4 vwifibus - ok
21:08:54.0333 0x18a4 vwififlt - ok
21:08:54.0380 0x18a4 vwifimp - ok
21:08:54.0395 0x18a4 W32Time - ok
21:08:54.0442 0x18a4 w3logsvc - ok
21:08:54.0458 0x18a4 W3SVC - ok
21:08:54.0458 0x18a4 WacomPen - ok
21:08:54.0474 0x18a4 WalletService - ok
21:08:54.0474 0x18a4 wanarp - ok
21:08:54.0474 0x18a4 wanarpv6 - ok
21:08:54.0489 0x18a4 WAS - ok
21:08:54.0489 0x18a4 wbengine - ok
21:08:54.0489 0x18a4 WbioSrvc - ok
21:08:54.0520 0x18a4 Wcmsvc - ok
21:08:54.0520 0x18a4 wcncsvc - ok
21:08:54.0520 0x18a4 WcsPlugInService - ok
21:08:54.0536 0x18a4 WdBoot - ok
21:08:54.0552 0x18a4 Wdf01000 - ok
21:08:54.0552 0x18a4 WdFilter - ok
21:08:54.0552 0x18a4 WdiServiceHost - ok
21:08:54.0567 0x18a4 WdiSystemHost - ok
21:08:54.0567 0x18a4 wdiwifi - ok
21:08:54.0567 0x18a4 WdNisDrv - ok
21:08:54.0599 0x18a4 WdNisSvc - ok
21:08:54.0599 0x18a4 WebClient - ok
21:08:54.0614 0x18a4 Wecsvc - ok
21:08:54.0614 0x18a4 WEPHOSTSVC - ok
21:08:54.0630 0x18a4 wercplsupport - ok
21:08:54.0630 0x18a4 WerSvc - ok
21:08:54.0645 0x18a4 WFPLWFS - ok
21:08:54.0661 0x18a4 WiaRpc - ok
21:08:54.0692 0x18a4 [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\WINDOWS\system32\DRIVERS\wimfltr.sys
21:08:54.0708 0x18a4 WimFltr - ok
21:08:54.0708 0x18a4 WIMMount - ok
21:08:54.0724 0x18a4 WinDefend - ok
21:08:54.0739 0x18a4 WindowsTrustedRT - ok
21:08:54.0755 0x18a4 WindowsTrustedRTProxy - ok
21:08:54.0770 0x18a4 WinHttpAutoProxySvc - ok
21:08:54.0786 0x18a4 WinMad - ok
21:08:54.0802 0x18a4 Winmgmt - ok
21:08:54.0817 0x18a4 WinRM - ok
21:08:54.0817 0x28f0 Object send P2P result: true
21:08:54.0833 0x18a4 WINUSB - ok
21:08:54.0833 0x18a4 WinVerbs - ok
21:08:54.0864 0x18a4 WlanSvc - ok
21:08:54.0895 0x18a4 wlidsvc - ok
21:08:54.0895 0x18a4 WmiAcpi - ok
21:08:54.0911 0x18a4 wmiApSrv - ok
21:08:54.0927 0x18a4 WMPNetworkSvc - ok
21:08:54.0958 0x18a4 [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof C:\WINDOWS\system32\drivers\Wof.sys
21:08:54.0974 0x18a4 Wof - ok
21:08:54.0989 0x18a4 workfolderssvc - ok
21:08:54.0989 0x18a4 wpcfltr - ok
21:08:54.0989 0x18a4 WPDBusEnum - ok
21:08:55.0005 0x18a4 WpdUpFltr - ok
21:08:55.0020 0x18a4 WpnService - ok
21:08:55.0020 0x18a4 ws2ifsl - ok
21:08:55.0036 0x18a4 wscsvc - ok
21:08:55.0036 0x18a4 WSearch - ok
21:08:55.0067 0x18a4 WSService - ok
21:08:55.0067 0x18a4 wuauserv - ok
21:08:55.0083 0x18a4 WudfPf - ok
21:08:55.0083 0x18a4 WUDFRd - ok
21:08:55.0099 0x18a4 wudfsvc - ok
21:08:55.0099 0x18a4 WUDFWpdFs - ok
21:08:55.0114 0x18a4 WwanSvc - ok
21:08:55.0130 0x18a4 XblAuthManager - ok
21:08:55.0130 0x18a4 XblGameSave - ok
21:08:55.0146 0x18a4 xboxgip - ok
21:08:55.0161 0x18a4 XboxNetApiSvc - ok
21:08:55.0161 0x18a4 xinputhid - ok
21:08:55.0161 0x18a4 ================ Scan global ===============================
21:08:55.0224 0x18a4 [ Global ] - ok
21:08:55.0224 0x18a4 ================ Scan MBR ==================================
21:08:55.0224 0x18a4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:08:55.0521 0x18a4 \Device\Harddisk1\DR1 - ok
21:08:55.0521 0x18a4 [ 70EA7098D4DF438BADA9F46F26FA9038 ] \Device\Harddisk0\DR0
21:08:55.0833 0x18a4 \Device\Harddisk0\DR0 - ok
21:08:55.0833 0x18a4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:08:55.0880 0x18a4 \Device\Harddisk1\DR1 - ok
21:08:55.0880 0x18a4 ================ Scan VBR ==================================
21:08:55.0880 0x18a4 [ FCB3E9475913ABEA0AE7841F9CD27E59 ] \Device\Harddisk1\DR1\Partition1
21:08:55.0942 0x18a4 \Device\Harddisk1\DR1\Partition1 - ok
21:08:55.0942 0x18a4 [ 415B200B2000675D71CFD7647DCF8C93 ] \Device\Harddisk1\DR1\Partition2
21:08:55.0958 0x18a4 \Device\Harddisk1\DR1\Partition2 - ok
21:08:55.0974 0x18a4 [ 176F1A254052AF3608EDDA6E9C7D2DA3 ] \Device\Harddisk0\DR0\Partition1
21:08:55.0989 0x18a4 \Device\Harddisk0\DR0\Partition1 - ok
21:08:55.0989 0x18a4 [ 08FD11184CF4A243A1CF3089D944229A ] \Device\Harddisk0\DR0\Partition2
21:08:56.0021 0x18a4 \Device\Harddisk0\DR0\Partition2 - ok
21:08:56.0021 0x18a4 [ FCB3E9475913ABEA0AE7841F9CD27E59 ] \Device\Harddisk1\DR1\Partition1
21:08:56.0021 0x18a4 \Device\Harddisk1\DR1\Partition1 - ok
21:08:56.0021 0x18a4 [ 415B200B2000675D71CFD7647DCF8C93 ] \Device\Harddisk1\DR1\Partition2
21:08:56.0021 0x18a4 \Device\Harddisk1\DR1\Partition2 - ok
21:08:56.0036 0x18a4 ================ Scan generic autorun ======================
21:08:56.0067 0x18a4 [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
21:08:56.0099 0x18a4 IgfxTray - ok
21:08:56.0114 0x18a4 [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
21:08:56.0114 0x1828 Object send P2P result: true
21:08:56.0146 0x18a4 HotKeysCmds - ok
21:08:56.0192 0x18a4 [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
21:08:56.0224 0x18a4 Persistence - ok
21:08:56.0286 0x18a4 [ 49250EC8E64916CF40A78AC6CD916F40, C29B6999D6D98A884FD11C354CD89074A037807B17753CDAC4F218AF070DC40F ] C:\Program Files\DellTPad\Apoint.exe
21:08:56.0333 0x18a4 Apoint - ok
21:08:56.0614 0x18a4 [ 52A3173C9E3BD923E2408392A4210719, 328A1BFA9A819C2478E6931C20055888542409C4BB5A2C05E59D04E6963C86EE ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:08:56.0911 0x18a4 RTHDVCPL - ok
21:08:56.0927 0x18a4 IntelTBRunOnce - ok
21:08:56.0942 0x18a4 ShadowPlay - ok
21:08:57.0036 0x18a4 [ F06F76C6D57022CF30D5B8853A8D873D, 4F373451A9D8CD16D2B4B339C730531936A993BDC819703C737E53384B79A289 ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
21:08:57.0083 0x18a4 Acronis Scheduler2 Service - ok
21:08:57.0255 0x18a4 [ 8F82FFC6CD0F4C83F4565E1A40332CCD, 45D17603664CBE2C4236AEDB3C21D585C8225A3D3B1118365EE2C6BFDB8A7890 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
21:08:57.0411 0x18a4 NvBackend - ok
21:08:57.0633 0x18a4 [ 8FB31BA086A97A50964B23E9803AB9B4, 17508755A9065BC3B327B2E0F99C146760B23BA4092D938C6C85951A2D9ED316 ] C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
21:08:57.0680 0x18a4 Bdagent - ok
21:08:57.0976 0x18a4 [ 70A95A18E3B733EA4C680498A84DB5AD, 873B249847C23E684319C31F99101C9D61686FF40039C81D674140F040033AA8 ] C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
21:08:58.0320 0x18a4 ZALFree - ok
21:08:58.0523 0x18a4 [ 34F837070B4DB119CF03B2749DBD4D8A, 3F8F1605B4F18998BD46A67704C1EE2956A66CC11DF307ED1088B54F080F45AA ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
21:08:58.0742 0x18a4 TrueImageMonitor.exe - ok
21:08:58.0773 0x18a4 [ 9E864BC8914B0E2589B079210965C5B6, 1682736015F11994225778F6A3E1760B228FEC5BA8E33811470B6EC0410A8EDF ] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
21:08:58.0852 0x18a4 AcronisTibMounterMonitor - ok
21:08:58.0945 0x18a4 OneDriveSetup - ok
21:08:58.0945 0x18a4 OneDriveSetup - ok
21:08:59.0008 0x18a4 [ 1BEC35C7187877E5F08C81AE481FBA00, 3116D14AEAA32C978BA6611B6468239E8F599AF7D7F1DF8AA7F2487D1FA0435E ] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
21:08:59.0055 0x18a4 Bitdefender-Geldbörse-Agent - ok
21:08:59.0055 0x18a4 OneDriveSetup - ok
21:08:59.0086 0x18a4 WAB Migrate - ok
21:08:59.0086 0x18a4 Waiting for KSN requests completion. In queue: 32
21:09:00.0103 0x18a4 Waiting for KSN requests completion. In queue: 32
21:09:01.0118 0x18a4 Waiting for KSN requests completion. In queue: 32
21:09:02.0181 0x18a4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x62100 ( disabled : updated )
21:09:02.0181 0x18a4 AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 19.4.0.216 ), 0x41000 ( enabled : updated )
21:09:02.0197 0x18a4 FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 19.4.0.216 ), 0x41010 ( enabled )
21:09:04.0640 0x18a4 ============================================================
21:09:04.0640 0x18a4 Scan finished
21:09:04.0640 0x18a4 ============================================================
21:09:04.0640 0x0e70 Detected object count: 0
21:09:04.0640 0x0e70 Actual detected object count: 0
"Registry Value AppInit_Dlls has been found, which may be caused by rootkit activity. Note: Press No if you are not sure [...] Do you want to remove this value and restart the tool?" Soll ich nu ja sagen oder nein??? Hab erst mal nein gesagt und das tool beendet. |
|
21.04.2016, 20:43
| #6 |
| Ruhe in Frieden † 2019 | Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? Hallo, nee, das sind keine Rootkits, ich denke dass MBAM da mit Zemana n Problem hat.
__________________ --> Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? |
|
23.04.2016, 17:32
| #7 |
| | Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? Also Malwarebytes hat nichts gefunden, das Logfile enthält nichts nennenswertes. Überall 0 Items found. Sollte ich noch was checken? |
|
| Themen zu Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? |
| anderes, bitdefender, defender, email account, gehackt, gmx, lokal, mail, mails, malware, neues, nicht mehr, online, passwort, passwort gehackt, passwörter, problem, rechner, scan, scanner, spybot, spyware, tipps, trojaner, trojaner?, verdacht, zugang |
Linear-Darstellung
