Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem? (https://www.trojaner-board.de/178007-fremdverwendung-passwortes-trojaner-mail-gehackt-anderes-problem.html)

Nexu07 19.04.2016 20:21
Fremdverwendung eines Passwortes. Trojaner? Mail gehackt? Anderes Problem?
 
Hallo!
Ich bin mit meinem Latein am Ende. Ich habe Anfang des Monats einen Zugang zu einer kostenpflichtigen website (ja, das was ihr jetzt denkt...) erworben. Zahlung über epoch, Passwort kam per email. Nach einiger Zeit funktionierte mein login nicht mehr, per email bekam ich ein neues Passwort, mit dem Hinweis, dass das Server-Sicherheitssystem mein Passwort geändert habe, weil Zugriffe aus verschiedenen Ländern erfolgt seien (Verdacht auf Passwort-Sharing oder Malware). Das Spiel hatte ich so ungefähr 3 mal, bis ich den Webmaster der Site gefragt habe, was da los sei. ER antwortete mir, er sehe in den Logs Zugriffe aus Deutschland (evtl. ich) aus Norwegen (sicher nicht ich) und der EU. Ich habe meinen Rechner überprüft mit Bitdefender (lokal), Spybot und dem EU-Cleaner (online), sowie Housecall (online). Kein Scanner hat was gefunden. Nachdem ich das login-Problem dann auch mit einem per mail zugestellten Passwort hatte, das ich noch nie benutzt und eben erst gelesen hatte habe ich auch mein mail Passwort geändert (gmx, online-Platform). Trotzdem ging das so weiter. Nach jeweils 3 Passwörtern setzt mich der webmaster zurück, damit ich überhaupt noch rein komme. Aber wo wird mein passwort geleakt?
Gibt es jemanden der meine mails abgreift (lese nur lokal auf gmx, Passwort geändert, ich achte auf die Angabe, wann ich zuletzt eingeloggt war, wie soll da noch einer drankommen???).
Gibt es Spyware, die meine Passwörter abgreift? Wie kann ich die finden?
Oder denkt Ihr ich habe gar kein Sicherheitsproblem? Vielleicht hat da der Server der Website ne Macke oder nen Trojaner?
Bitte um Hilfe, Tipps, Meinungen...
LG

Bootsektor 20.04.2016 11:51
:hallo:

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Lass mal nachsehen. :)


Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Nexu07 20.04.2016 19:57
Hallo! Hier die Logfiles!
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Nexu07 (Administrator) auf PC (20-04-2016 20:41:39)
Gestartet von C:\Users\Nexu07\Desktop
Geladene Profile: Nexu07 (Verfügbare Profile: Nexu07 & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Windows\SysWOW64\STGRAMDiskHandler64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Privacy Suite 12\PasswordManager.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8781568 2016-02-14] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [571192 2014-08-14] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1593296 2016-03-07] (Bitdefender)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5380368 2015-07-20] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [693336 2015-07-20] (Acronis International GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Run: [Bitdefender-Geldb�rse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [809472 2016-03-07] (Bitdefender)
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE46F4~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(10).dll [95712 2015-11-05] (Zemana Ltd.)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs:  C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(10).dll [86936 2015-11-05] (Zemana Ltd.)
AppInit_DLLs-x32: ,C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{133419dd-4472-42a0-ac30-959809c643b1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1300692338-2230602273-544442824-1001 -> DefaultScope {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL =
SearchScopes: HKU\S-1-5-21-1300692338-2230602273-544442824-1001 -> {1D7C86BD-BDE4-4E06-8B5B-6B7726EFA337} URL =
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-03-07] (Bitdefender)
BHO: Kein Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Keine Datei
BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO: Kein Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Keine Datei
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2016-03-07] (Bitdefender)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-11] (Oracle Corporation)
BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-11] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2016-03-07] (Bitdefender)
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll [2011-09-30] (Steganos Software GmbH)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2016-03-07] (Bitdefender)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Keine Datei
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Keine Datei
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default
FF SelectedSearchEngine: benefind
FF Homepage: about:mozilla
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\system32\npdeployJava1.dll [2012-06-26] (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-11] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [Keine Datei]
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-05-30]
FF Extension: CSHelper - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2015-05-30]
FF Extension: BetterPrivacy - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-27]
FF Extension: NoScript - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08]
FF Extension: DownThemAll! - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\firefox@zenmate.com.xpi [2016-03-01]
FF Extension: gui:config - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\guiconfig@slosd.net.xpi [2016-02-23]
FF Extension: Self-Destructing Cookies - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-04-10]
FF Extension: Smart HTTPS - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid0-oFwt2ZcakHhkFl7Kp4lJn@jetpack.xpi [2016-01-14]
FF Extension: Random Agent Spoofer - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2016-01-01]
FF Extension: Statutory - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid1-J19XuM8Nz7J7Fw@jetpack.xpi [2015-11-01]
FF Extension: NO Google Analytics - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2015-05-27]
FF Extension: PDF Viewer - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\uriloader@pdf.js.xpi [2015-04-25]
FF Extension: Video DownloadHelper - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-04-13]
FF Extension: Adblock Plus - C:\Users\Nexu07\AppData\Roaming\Mozilla\Firefox\Profiles\kw6okr3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2016-02-01]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-11-13] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files (x86)\Steganos Privacy Suite 12\pfplugin [2012-01-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Privacy Suite 12\spmplugin3 [2012-01-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [88432 2016-03-07] (Bitdefender)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-11] (Dell Inc.)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2016-02-14] (Realtek Semiconductor)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 Steganos Volatile Disk; C:\Windows\SysWOW64\STGRAMDiskHandler64.exe [450560 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt) [Datei ist nicht signiert]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-14] (Dell Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [111320 2016-03-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1574744 2016-03-07] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-03-07] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-03-07] (BitDefender)
U5 bdelam; C:\Windows\System32\Drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [107496 2016-01-26] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2016-01-26] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [130656 2016-01-26] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2016-01-26] (BitDefender)
S3 CySmb; C:\Windows\System32\drivers\cysmb.sys [10752 2016-02-14] (Cypress Semiconductor, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-08-10] (Acronis International GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2016-01-23] (BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-04-12] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-10] (REALiX(tm))
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2016-02-14] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [407768 2016-02-14] (Realsil Semiconductor Corporation)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt - )
R1 STGMFEngine64; C:\Windows\system32\drivers\STGMFEngine64.sys [28576 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt.com)
R2 tib; C:\Windows\system32\DRIVERS\tib.sys [1058632 2015-08-10] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [248648 2015-08-10] (Acronis International GmbH)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2016-01-23] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U4 dmwappushsvc; kein ImagePath
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-20 20:41 - 2016-04-20 20:42 - 00025202 _____ C:\Users\Nexu07\Desktop\FRST.txt
2016-04-20 20:36 - 2016-04-20 20:41 - 02375680 _____ (Farbar) C:\Users\Nexu07\Desktop\FRST64.exe
2016-04-20 20:19 - 2016-04-20 20:19 - 00016148 _____ C:\WINDOWS\system32\PC_Nexu07_HistoryPrediction.bin
2016-04-12 22:09 - 2016-03-29 08:40 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 22:09 - 2016-03-29 08:40 - 01381376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 22:09 - 2016-03-25 09:38 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 22:09 - 2016-03-25 09:25 - 12505600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 22:09 - 2016-03-25 09:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 22:09 - 2016-03-25 09:13 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 22:09 - 2016-03-25 08:55 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 22:09 - 2016-03-25 08:54 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 22:09 - 2016-03-16 06:56 - 03467784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-12 22:09 - 2016-03-16 06:56 - 01022664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 22:09 - 2016-03-16 06:56 - 00861512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 22:09 - 2016-03-16 06:55 - 02495768 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 22:09 - 2016-03-16 06:55 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-12 22:09 - 2016-03-16 06:55 - 01299032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 22:09 - 2016-03-16 06:55 - 01127024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 22:09 - 2016-03-16 06:55 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 22:09 - 2016-03-16 06:54 - 00595016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 22:09 - 2016-03-16 06:47 - 22610328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-12 22:09 - 2016-03-16 06:47 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-12 22:09 - 2016-03-16 06:47 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-12 22:09 - 2016-03-16 06:46 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-12 22:09 - 2016-03-16 06:45 - 00140536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-12 22:09 - 2016-03-16 06:41 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 22:09 - 2016-03-16 06:41 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-12 22:09 - 2016-03-16 06:39 - 00983904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 22:09 - 2016-03-16 06:37 - 01010016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 22:09 - 2016-03-16 06:21 - 01767000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 22:09 - 2016-03-16 06:21 - 01531888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-12 22:09 - 2016-03-16 06:11 - 21088728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-12 22:09 - 2016-03-16 06:11 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-12 22:09 - 2016-03-16 06:11 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-04-12 22:09 - 2016-03-16 06:08 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-04-12 22:09 - 2016-03-16 06:06 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-12 22:09 - 2016-03-16 06:05 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 22:09 - 2016-03-16 06:03 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 22:09 - 2016-03-16 06:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 22:09 - 2016-03-16 06:00 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 22:09 - 2016-03-16 05:56 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-12 22:09 - 2016-03-16 05:56 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2016-04-12 22:09 - 2016-03-16 05:55 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-12 22:09 - 2016-03-16 05:55 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-04-12 22:09 - 2016-03-16 05:55 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-12 22:09 - 2016-03-16 05:55 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-12 22:09 - 2016-03-16 05:51 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-04-12 22:09 - 2016-03-16 05:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-04-12 22:09 - 2016-03-16 05:49 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 22:09 - 2016-03-16 05:49 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 22:09 - 2016-03-16 05:47 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-12 22:09 - 2016-03-16 05:47 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-12 22:09 - 2016-03-16 05:47 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-12 22:09 - 2016-03-16 05:46 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-04-12 22:09 - 2016-03-16 05:44 - 01016832 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 22:09 - 2016-03-16 05:43 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-04-12 22:09 - 2016-03-16 05:43 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 22:09 - 2016-03-16 05:42 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 22:09 - 2016-03-16 05:42 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 22:09 - 2016-03-16 05:42 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-04-12 22:09 - 2016-03-16 05:41 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-12 22:09 - 2016-03-16 05:40 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 22:09 - 2016-03-16 05:39 - 03363328 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 22:09 - 2016-03-16 05:39 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-12 22:09 - 2016-03-16 05:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 22:09 - 2016-03-16 05:38 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-12 22:09 - 2016-03-16 05:37 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-12 22:09 - 2016-03-16 05:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 01794560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-12 22:09 - 2016-03-16 05:35 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-12 22:09 - 2016-03-16 05:34 - 01871872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 22:09 - 2016-03-16 05:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 22:09 - 2016-03-16 05:32 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 22:09 - 2016-03-16 05:31 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-04-12 22:09 - 2016-03-16 05:31 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-04-12 22:09 - 2016-03-16 05:31 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-04-12 22:09 - 2016-03-16 05:28 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-04-12 22:09 - 2016-03-16 05:27 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 22:09 - 2016-03-16 05:24 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-04-12 22:09 - 2016-03-16 05:24 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-04-12 22:09 - 2016-03-16 05:24 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-04-12 22:09 - 2016-03-16 05:21 - 18796544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 22:09 - 2016-03-16 05:20 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 22:09 - 2016-03-16 05:18 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 22:09 - 2016-03-16 05:18 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 03680256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-04-12 22:09 - 2016-03-16 05:17 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 22:09 - 2016-03-16 05:16 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-04-12 22:09 - 2016-03-16 05:14 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-04-12 22:09 - 2016-03-16 05:14 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-04-12 22:09 - 2016-03-16 05:14 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-04-12 22:09 - 2016-03-16 05:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-04-12 22:09 - 2016-03-16 05:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-04-12 22:09 - 2016-03-16 05:11 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 22:09 - 2016-03-16 05:10 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 21:47 - 2016-04-12 21:47 - 00340408 _____ C:\WINDOWS\Minidump\041216-23000-01.dmp
2016-04-12 21:27 - 2016-04-12 21:27 - 00354832 _____ C:\WINDOWS\Minidump\041216-23968-01.dmp
2016-04-12 21:03 - 2016-04-12 21:47 - 702391583 _____ C:\WINDOWS\MEMORY.DMP
2016-04-12 21:03 - 2016-04-12 21:04 - 00342088 _____ C:\WINDOWS\Minidump\041216-49468-01.dmp
2016-04-12 21:03 - 2016-04-12 21:03 - 00316400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-12 20:43 - 2016-04-20 20:19 - 00229568 _____ C:\WINDOWS\ntbtlog.txt
2016-04-12 20:43 - 2016-04-12 21:32 - 00049584 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-04-12 20:41 - 2016-04-12 22:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-12 20:41 - 2016-04-12 21:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-12 20:41 - 2016-04-12 20:41 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-12 20:31 - 2016-04-16 23:39 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-12 20:31 - 2016-04-12 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-12 20:31 - 2016-04-12 20:31 - 00004002 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-11 22:51 - 2016-04-11 22:51 - 00001219 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk
2016-04-11 22:51 - 2016-04-11 22:51 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2016-04-11 22:45 - 2016-04-11 22:45 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-11 22:45 - 2016-04-11 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-11 22:45 - 2016-04-11 22:45 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-11 21:14 - 2016-01-24 14:16 - 00451041 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160411-211458.backup
2016-04-11 09:44 - 2016-04-18 13:32 - 00000012 _____ C:\Users\Nexu07\Desktop\gmx_last_login.txt
2016-04-09 10:02 - 2016-04-09 10:02 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2016-04-08 07:51 - 2016-04-08 07:51 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-06 07:46 - 2016-04-06 07:46 - 00002381 _____ C:\Users\Nexu07\Downloads\82B6.tmp
2016-04-02 16:57 - 2016-04-02 16:57 - 00004114 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-04-02 16:57 - 2016-04-02 16:57 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-04-02 16:57 - 2016-04-02 16:57 - 00003398 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2016-04-02 16:57 - 2016-04-02 16:57 - 00003284 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-04-02 16:56 - 2016-04-02 16:56 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-04-02 16:56 - 2016-04-02 16:56 - 00000000 ____D C:\Program Files\Dell Support Center

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-20 20:41 - 2014-01-23 14:32 - 00000000 ____D C:\FRST
2016-04-20 20:31 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-20 20:18 - 2015-08-10 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-20 20:18 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-20 14:02 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-04-20 14:01 - 2015-08-11 00:29 - 00054805 _____ C:\bdlog.txt
2016-04-20 13:51 - 2015-12-11 09:32 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-20 10:58 - 2014-01-18 15:28 - 00000000 ____D C:\AdwCleaner
2016-04-20 10:34 - 2013-09-16 12:24 - 00000000 ____D C:\Users\Nexu07\AppData\Roaming\vlc
2016-04-19 21:33 - 2011-11-21 19:11 - 00000000 ____D C:\Users\Nexu07\AppData\Local\VirtualStore
2016-04-19 20:24 - 2015-07-10 11:05 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-18 21:39 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2016-04-18 21:10 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-17 21:04 - 2015-08-10 11:31 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-17 21:04 - 2015-07-10 18:34 - 00884928 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-17 21:04 - 2015-07-10 18:34 - 00196026 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-17 21:04 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-17 00:35 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-16 12:59 - 2015-08-09 20:46 - 00000000 ____D C:\Users\Nexu07\Desktop\Nexu07DCT
2016-04-15 09:32 - 2013-07-14 21:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 22:26 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 22:26 - 2011-11-21 20:44 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-14 22:18 - 2015-08-10 12:20 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-14 21:57 - 2016-02-13 20:35 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-14 21:29 - 2014-07-28 11:17 - 00003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1376119929
2016-04-14 21:29 - 2013-09-15 12:45 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-14 21:29 - 2013-08-10 09:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-12 22:14 - 2011-11-18 12:29 - 00000000 ____D C:\Program Files\Intel
2016-04-12 22:12 - 2015-08-10 11:34 - 00000000 ____D C:\Users\Nexu07
2016-04-12 22:11 - 2015-07-13 18:01 - 00000000 ____D C:\ProgramData\McAfee
2016-04-12 21:47 - 2016-01-18 10:24 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-12 21:08 - 2015-08-10 23:51 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-12 21:03 - 2012-05-05 04:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-12 20:42 - 2011-11-18 04:58 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-04-12 20:41 - 2014-06-16 11:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-12 20:33 - 2011-11-21 21:21 - 00000000 ____D C:\Users\Nexu07\AppData\Local\Adobe
2016-04-11 22:51 - 2015-08-10 18:54 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2016-04-11 22:45 - 2016-02-14 16:52 - 00000000 ____D C:\Users\Nexu07\.oracle_jre_usage
2016-04-11 15:46 - 2013-09-25 15:29 - 00401008 _____ C:\Users\Nexu07\AppData\Local\census.cache
2016-04-11 15:46 - 2013-09-25 15:29 - 00000000 _____ C:\Users\Nexu07\AppData\Local\ars.cache
2016-04-08 07:51 - 2015-12-11 09:32 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-06 20:32 - 2015-10-05 22:28 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-10-05 22:28 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-02 16:56 - 2013-05-22 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-04-02 16:56 - 2011-11-23 14:00 - 00000000 ____D C:\ProgramData\PCDr
2016-03-22 21:15 - 2011-11-26 13:29 - 00000000 ____D C:\Dani

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-29 18:54 - 2014-11-29 18:54 - 0000050 _____ () C:\Users\Nexu07\AppData\Roaming\Camdata.ini
2014-11-29 18:54 - 2014-11-29 18:54 - 0000408 _____ () C:\Users\Nexu07\AppData\Roaming\CamLayout.ini
2014-11-29 18:54 - 2014-11-29 18:54 - 0000408 _____ () C:\Users\Nexu07\AppData\Roaming\CamShapes.ini
2013-09-25 15:29 - 2016-04-11 15:46 - 0000000 _____ () C:\Users\Nexu07\AppData\Local\ars.cache
2013-09-25 15:29 - 2016-04-11 15:46 - 0401008 _____ () C:\Users\Nexu07\AppData\Local\census.cache
2013-09-25 09:47 - 2013-09-25 09:47 - 0000036 _____ () C:\Users\Nexu07\AppData\Local\housecall.guid.cache
2014-11-03 22:40 - 2014-11-03 22:40 - 0001524 _____ () C:\Users\Nexu07\AppData\Local\PDLSetup.20141103.214011.txt
2015-04-09 21:53 - 2015-04-09 21:53 - 0001526 _____ () C:\Users\Nexu07\AppData\Local\PDLSetup.20150409.215340.txt
2013-08-08 18:34 - 2013-08-08 18:34 - 0001999 _____ () C:\Users\Nexu07\AppData\Local\recently-used.xbel
2011-12-04 14:05 - 2013-01-20 12:14 - 0007612 _____ () C:\Users\Nexu07\AppData\Local\Resmon.ResmonCfg
2015-08-10 16:54 - 2015-08-10 16:54 - 1863318 _____ () C:\ProgramData\1439213473.bdinstall.bin
2016-01-23 13:06 - 2016-01-23 13:06 - 0567604 _____ () C:\ProgramData\1453546727.bdinstall.bin
2011-12-09 23:03 - 2011-12-09 23:03 - 0000176 _____ () C:\ProgramData\search_result.xml

Einige Dateien in TEMP:
====================
C:\Users\Nexu07\AppData\Local\Temp\libeay32.dll
C:\Users\Nexu07\AppData\Local\Temp\msvcr120.dll
C:\Users\Nexu07\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-18 09:06

==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Nexu07 (2016-04-20 20:43:07)
Gestartet von C:\Users\Nexu07\Desktop
Windows 10 Home (X64) (2015-08-10 13:20:56)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1300692338-2230602273-544442824-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1300692338-2230602273-544442824-503 - Limited - Disabled)
Gast (S-1-5-21-1300692338-2230602273-544442824-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1300692338-2230602273-544442824-1003 - Limited - Enabled)
Nexu07 (S-1-5-21-1300692338-2230602273-544442824-1001 - Administrator - Enabled) => C:\Users\Nexu07

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acronis True Image 2015 (HKLM-x32\...\{2F70A6E6-2F71-4907-8441-BDC5D300310B}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 19.1.0.115 - Bitdefender)
Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell System Detect (HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen)
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Girlvania (HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\{837FAFB9-EBA5-4727-95AD-792C4F671531}) (Version: 1.1.4 - Girlvanic Studios)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Opera Stable 32.0.1948.25 (HKU\.DEFAULT\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steganos Privacy Suite 12 (HKLM-x32\...\{0F1D1572-9311-4590-A8A6-425224984E54}) (Version: 12.1.1 - Steganos Software GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Web Stream Recorder (HKLM-x32\...\{8AAD9D0F-567C-4F8C-A0DA-1AB5B1243F68}_is1) (Version: 2015 - Bolide Software)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0579ED95-5EA4-48B9-97E0-6777FDBA6FCE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {07530863-3651-4DA0-B0D6-FBFCE4C19999} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {07F120F2-1E4D-4EB6-A296-E5DFB097FBF0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {124F0FC8-7430-4360-A634-91803F7CFC86} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {14732AD8-5262-4CCF-8C4B-4016E881846F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit)
Task: {29BE3962-1EB5-4266-B4D7-C47B10FBD535} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2E03800C-69A8-4231-83B6-4FFC6D3C591B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {393DD0B4-E067-4255-A549-CAD8ECB89EE7} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {3994726D-9A95-45EB-BB1D-1B15E0D1E6C7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3A38C5A1-7EEF-4BE1-A151-C9916F0432E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {41A9527A-B18B-48A8-B3DF-A30EE7A8A1BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-14] (Microsoft Corporation)
Task: {4B22562E-0C6D-4AFF-B65F-5C7E91F9ADD4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {4CB76FBA-1CD6-4F65-990A-49EF63E52BA1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4E5128D5-E628-4061-91B1-F39698F8B558} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4FE91E78-8126-46B7-9715-A346A3FFE5FE} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6CD5ECD2-99F9-4F86-964C-60372021CE39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {6D483747-8919-43DC-940E-CBB7A763168D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6E8A4B1B-4FF8-4370-A9C0-1F5C2215EDD0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {713E8B1E-6E1E-48C7-9731-C410EAA196F4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {725477AA-2B1F-4F29-87AD-C59FEFB461C5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {746E9680-28E7-4312-B0EA-2FDFB8256C8B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {78BB9AFF-F3AF-419B-9DF6-6E34B6939272} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {7A19E660-BE57-4E3C-A077-89C0C65A9B79} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-12] (Adobe Systems Incorporated)
Task: {7FD9110F-31DC-45C4-8415-9BC5C473E741} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {8410232F-67D3-4EAB-B61D-3546B9238899} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {87510294-849F-498B-91AB-45D2DD8F6B54} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {88751C79-42DF-45AC-8F61-62A1BF8F630F} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {943A0771-84E3-4EEB-9543-B11B8C2BE429} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {94E93F29-C6A8-47F2-A902-A41FBE33453B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9708641B-82E3-46AC-9B3C-13E3132BF3CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {997C1010-CE3F-45BF-B98E-C706B728DCFB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {9EE99F03-9AFB-4336-8CB1-51D76DC0790A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A14EE2C8-FC79-4661-B161-FD2EA7011168} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-14] (Dell Inc.)
Task: {A188857A-853E-48AE-9526-426BC2D9E746} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A317BAAB-A3B6-42C0-9D03-3D00A84ACEF2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AD190C5F-B321-4AFE-8307-B7F1BCC68E94} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {B01833BF-933E-4B94-87A2-361D99CEE6B3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {B2648D2B-8335-4F32-AEE7-2DB648597943} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B949BBC4-D22F-4B39-9482-2F460F3CA57E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C1506EA5-4979-428E-92DF-5CE6FD3B4BDB} - System32\Tasks\Opera scheduled Autoupdate 1376119929 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {C2D07909-8179-4250-A9B9-1255CD69CB84} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C498C282-4AD3-4574-970D-8C36AC3CF9BF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {CB2FEDBA-981C-4BEC-B224-1675A3BDEA88} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {CEDA9B3D-EBA9-43EB-AA1A-3895F68D5C7A} - System32\Tasks\Driver Booster SkipUAC (Nexu07) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit)
Task: {CF7841AB-8CD9-4533-B66D-2FFB70CE33EE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {D1F0B71F-A66D-4940-8BB0-F54AA54CD58A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {D36E7C9A-759F-4842-B256-E190F3127CE7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E270DAEB-595C-4BF7-A01B-4988255166D7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {E485A7CE-2CF6-4144-93FD-E6A6271B7A1D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-12] (Adobe Systems Incorporated)
Task: {EC26B27C-A6C2-46C2-8F92-5C6C958105DD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F1139754-B308-4DBA-B627-5AD69B84790A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {F2E62392-31A1-42ED-9541-497EB22FEC73} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F8C535EF-0727-4681-835C-BB0D065995A7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {FC4DEBA6-E5BF-49EA-9C69-FAA434718671} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-08-10 12:13 - 2015-08-10 12:13 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-11-17 22:22 - 2015-11-17 22:22 - 00265080 ____N () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2016-01-23 13:05 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2016-01-23 13:06 - 2015-11-13 18:46 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2016-01-26 22:15 - 2016-01-26 22:15 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2016-04-11 16:41 - 2016-04-11 16:41 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02151_006\ashttpbr.mdl
2016-04-11 16:41 - 2016-04-11 16:41 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02151_006\ashttpdsp.mdl
2016-04-11 16:41 - 2016-04-11 16:41 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02151_006\ashttpph.mdl
2016-04-11 16:41 - 2016-04-11 16:41 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02151_006\ashttprbl.mdl
2015-08-10 11:27 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-12 22:09 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 22:09 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-08 23:15 - 2015-11-25 06:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 23:15 - 2015-11-25 06:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 23:15 - 2015-11-25 06:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 07:47 - 2015-09-17 07:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-02 07:46 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-07-20 09:15 - 2015-07-20 09:15 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-07-20 09:10 - 2015-07-20 09:10 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Nexu07\Desktop\FRST64.exe:BDU [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7887 mehr Seiten.

IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7888 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-04-11 21:14 - 00451992 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15502 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1300692338-2230602273-544442824-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\startupreg: AccuWeatherWidget =>
MSCONFIG\startupreg: BTMTrayAgent =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Dell DataSafe Online =>
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: IntelPAN =>
MSCONFIG\startupreg: NeroLauncher =>
MSCONFIG\startupreg: OKAYFREEDOM_Agent =>
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SSS12 Browser Monitor => "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SSS12 File Redirection Starter => "C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe"
MSCONFIG\startupreg: SSS12 HotKeys => "C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\StartupApproved\StartupFolder: => "Browser-Anonymisierer.lnk"
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\StartupApproved\Run: => "SSS12_PasswordManager"
HKU\S-1-5-21-1300692338-2230602273-544442824-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{0E9F26DB-115F-40D1-8EE9-5CE1A8E631C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2CAE00F7-B91B-4BD7-BB52-68DC29982054}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3F95655F-5421-4BD5-B070-9520EFCED0A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DA238720-6B8F-4E9A-B388-FB1B272D8C07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F658FBF8-206F-4411-8998-EDC673FDFFEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6A4AA21D-41B0-4569-924A-21DAABE6CAF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46B65D1C-A4A5-4462-9B36-42B57AD9CB31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DAFFBF5-34DA-46E6-8B6D-303FCEE2321B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8ADA620F-7E80-46C3-B6C8-D4EB92B8E966}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{866F5255-70EC-48A1-BE68-AABBD847A898}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{FDC84623-86C8-4165-AE1B-D007C554E04B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{94C9A493-316C-475B-B73A-C06D37FD9A73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{CB87DFB9-352E-4EB1-90CB-109551CEDA1F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{7E3AFDD8-0228-4ED4-B124-7039E7E95AA3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{3AB5D850-908C-4CD5-B657-9B6615B25C06}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B68665F3-8C65-41B2-AEB7-3B17F6EE55F6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F2014DCF-52A0-40CE-A967-CA3022E8C03B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1263435-8F19-47B2-A4FA-708AAFCC741B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{18BB845C-84F7-4621-B9E1-A268B0D5D02E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{0A59490F-759A-4031-88AD-2FAB8F2B7C65}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{EDF51550-C48F-47C5-A5F1-AAEF6869732D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{84E9CCA3-925E-40C2-8B6F-88000C2EAD6F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{DF367B06-96EC-4E94-80B2-5223D5E84EB0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{23477BCD-3FE1-445B-ABFB-A92D4E05F7B2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

27-03-2016 16:37:49 Geplanter Prüfpunkt
06-04-2016 08:45:22 Geplanter Prüfpunkt
11-04-2016 22:44:43 Installed Java 8 Update 77

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/20/2016 08:19:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x5d8
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5

Error: (04/20/2016 08:19:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x164c
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5

Error: (04/20/2016 08:23:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x1028
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5

Error: (04/20/2016 08:23:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x141c
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5

Error: (04/20/2016 08:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x16f4
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5

Error: (04/19/2016 10:05:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/19/2016 10:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10240.16766, Zeitstempel: 0x56e8dba8
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10240.16766, Zeitstempel: 0x56e8d601
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000038ef3
ID des fehlerhaften Prozesses: 0x17f4
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5

Error: (04/18/2016 09:06:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SearchUI.exe, Version 10.0.10240.16603 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 178c

Startzeit: 01d199a50a9effbb

Beendigungszeit: 4294967295

Anwendungspfad: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Berichts-ID: b46a2d8a-0598-11e6-9c0c-848f69b729e3

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Auf das fehlerhafte Paket bezogene Anwendungs-ID: CortanaUI

Error: (04/18/2016 09:06:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PC)
Description: Das Paket „Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (04/18/2016 01:51:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (04/20/2016 08:18:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/20/2016 02:02:20 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Steganos Volatile Disk konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/20/2016 08:18:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎04.‎2016 um 14:02:05 unerwartet heruntergefahren.

Error: (04/20/2016 11:00:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (04/20/2016 10:59:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (04/20/2016 10:59:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/20/2016 10:58:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dell Data Vault" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2016 10:58:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/20/2016 10:58:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2016 10:58:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acronis Sync Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-02-13 13:46:36.927
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 13:46:36.906
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 13:46:36.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 13:46:36.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 13:46:36.761
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 13:46:36.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 13:46:36.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 13:46:36.621
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 13:46:36.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-13 13:46:36.266
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 3990.16 MB
Verfügbarer physikalischer RAM: 1742.43 MB
Summe virtueller Speicher: 10134.16 MB
Verfügbarer virtueller Speicher: 7158.91 MB

==================== Laufwerke ================================

Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:422.78 GB) NTFS
Drive e: (Sicherung) (Fixed) (Total:900.65 GB) (Free:778.84 GB) NTFS
Drive g: (PR0N) (Fixed) (Total:729.49 GB) (Free:93 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=576.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1630.1 GB) (Disk ID: A7E7F267)
Partition 1: (Not Active) - (Size=900.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=729.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Bootsektor 21.04.2016 16:40
Hallo,

das sieht soweit sauber aus, wir werden jetzt nochmal gründlicher nachschauen.

Das betrifft jetzt aber nur den Login zu der Seite, machst du das immer mit demselben Browser?

Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Schritt 2
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Nexu07 21.04.2016 20:33
Hallo!
Ja ich verwende da immer Opera. Normalerweise nehm ich Firefox, mit dem komm ich in dies Seite aber gar nicht rein. Opera ist dann immer meine zweite Wahl, wenn Firefox die Seite nicht so richtig darstellt etc. Hab einmal Edge probiert, da komm ich rein, kann aber nix downloaden. Edge is Schrott, wie ich meine. Hier schon mal das erste Logfile, das mit Malwarebites dauert noch etwas. Das mag der Bitdefender nicht so gerne, muss dafür vermutlich in den abgesicherten Modus oder den Virenscanner deaktivieren. Fragt sich ob das ratsam ist...
Code:
21:07:05.0229 0x202c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
21:07:12.0145 0x202c  ============================================================
21:07:12.0145 0x202c  Current date / time: 2016/04/21 21:07:12.0145
21:07:12.0145 0x202c  SystemInfo:
21:07:12.0145 0x202c 
21:07:12.0145 0x202c  OS Version: 10.0.10586 ServicePack: 0.0
21:07:12.0145 0x202c  Product type: Workstation
21:07:12.0145 0x202c  ComputerName: PC
21:07:12.0146 0x202c  UserName: Nexu07
21:07:12.0146 0x202c  Windows directory: C:\WINDOWS
21:07:12.0146 0x202c  System windows directory: C:\WINDOWS
21:07:12.0146 0x202c  Running under WOW64
21:07:12.0146 0x202c  Processor architecture: Intel x64
21:07:12.0146 0x202c  Number of processors: 4
21:07:12.0146 0x202c  Page size: 0x1000
21:07:12.0146 0x202c  Boot type: Normal boot
21:07:12.0146 0x202c  ============================================================
21:07:13.0137 0x202c  KLMD registered as C:\WINDOWS\system32\drivers\74132776.sys
21:07:13.0540 0x202c  System UUID: {3FF006D0-B1A0-2C75-768F-C84F4BCC2E30}
21:07:16.0079 0x202c  Drive \Device\Harddisk1\DR1 - Size: 0x1978903D800 ( 1630.14 Gb ), SectorSize: 0x200, Cylinders: 0x33F41, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:07:16.0117 0x202c  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:07:16.0123 0x202c  Drive \Device\Harddisk1\DR1 - Size: 0x1978903D800 ( 1630.14 Gb ), SectorSize: 0x200, Cylinders: 0x33F41, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:07:16.0124 0x202c  ============================================================
21:07:16.0124 0x202c  \Device\Harddisk1\DR1:
21:07:16.0125 0x202c  MBR partitions:
21:07:16.0125 0x202c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7094A601
21:07:16.0125 0x202c  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x7094B000, BlocksNum 0x5B2FC000
21:07:16.0125 0x202c  \Device\Harddisk0\DR0:
21:07:16.0125 0x202c  MBR partitions:
21:07:16.0125 0x202c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
21:07:16.0125 0x202c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x48114000
21:07:16.0125 0x202c  \Device\Harddisk1\DR1:
21:07:16.0126 0x202c  MBR partitions:
21:07:16.0126 0x202c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7094A601
21:07:16.0126 0x202c  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x7094B000, BlocksNum 0x5B2FC000
21:07:16.0126 0x202c  ============================================================
21:07:16.0165 0x202c  C: <-> \Device\Harddisk0\DR0\Partition2
21:07:16.0171 0x202c  E: <-> \Device\Harddisk1\DR1\Partition1
21:07:16.0222 0x202c  G: <-> \Device\Harddisk1\DR1\Partition2
21:07:16.0222 0x202c  ============================================================
21:07:16.0222 0x202c  Initialize success
21:07:16.0222 0x202c  ============================================================
21:08:27.0231 0x18a4  ============================================================
21:08:27.0231 0x18a4  Scan started
21:08:27.0231 0x18a4  Mode: Manual; SigCheck; TDLFS;
21:08:27.0231 0x18a4  ============================================================
21:08:27.0231 0x18a4  KSN ping started
21:08:29.0777 0x18a4  KSN ping finished: true
21:08:39.0575 0x18a4  ================ Scan system memory ========================
21:08:39.0575 0x18a4  System memory - ok
21:08:39.0575 0x18a4  ================ Scan services =============================
21:08:39.0809 0x18a4  1394ohci - ok
21:08:39.0809 0x18a4  3ware - ok
21:08:39.0825 0x18a4  ACPI - ok
21:08:39.0825 0x18a4  acpiex - ok
21:08:39.0840 0x18a4  acpipagr - ok
21:08:39.0856 0x18a4  AcpiPmi - ok
21:08:39.0856 0x18a4  acpitime - ok
21:08:39.0981 0x18a4  [ 8EEC0269D86CFADD292C9B05F59F23ED, 779F863563F9F31B102EB7A7C1580281D73F083213B0DD17A82A9EF2886DFD79 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
21:08:40.0137 0x18a4  AcrSch2Svc - ok
21:08:40.0215 0x18a4  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:08:40.0231 0x18a4  AdobeARMservice - ok
21:08:40.0372 0x18a4  [ 04A7B373A727BD3ACD824621CF65AE70, 37FD3893811D8E7FDB2794AE18CB5A85D7FA13AB24DBEEF91F68832668204D21 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:08:40.0387 0x18a4  AdobeFlashPlayerUpdateSvc - ok
21:08:40.0419 0x18a4  ADP80XX - ok
21:08:40.0481 0x18a4  [ 8AFF4C773AAEEE8C8E028902B52713CD, D741A3B443179AC41617A4A9012A0D7E546A88590F5BE0EA578450D5CFB4BF42 ] AERTFilters    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:08:40.0497 0x18a4  AERTFilters - ok
21:08:40.0637 0x18a4  [ 3B0908381A28DEFD42F42DBA9F06D39B, 3179AC9F26338D684CB806F29CD37EA75BE7F4553834F682E65ECE6D6D797FD4 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
21:08:40.0809 0x18a4  afcdpsrv - ok
21:08:40.0825 0x18a4  AFD - ok
21:08:40.0825 0x18a4  agp440 - ok
21:08:40.0825 0x18a4  ahcache - ok
21:08:40.0856 0x18a4  AJRouter - ok
21:08:40.0872 0x18a4  ALG - ok
21:08:40.0872 0x18a4  AmdK8 - ok
21:08:40.0887 0x18a4  AmdPPM - ok
21:08:40.0887 0x18a4  amdsata - ok
21:08:40.0887 0x18a4  amdsbs - ok
21:08:40.0887 0x18a4  amdxata - ok
21:08:40.0934 0x18a4  [ 7D9E301AB3247765702D0B65E2E47E50, 110F1D9A01F1DB36815B4CBF04E540958B760AC46955F7712D03F958F78734D0 ] AMPPAL          C:\WINDOWS\System32\drivers\AMPPAL.sys
21:08:40.0950 0x18a4  AMPPAL - ok
21:08:40.0997 0x18a4  [ DA4AE4C68D135A210FB3E78CFF369EBD, 240BDBB2D9F97333BD78306FFBD56C1EB0DC2B5FED045EC2B6736155B36A97F5 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:08:41.0028 0x18a4  ApfiltrService - ok
21:08:41.0075 0x18a4  AppHostSvc - ok
21:08:41.0090 0x18a4  AppID - ok
21:08:41.0106 0x18a4  AppIDSvc - ok
21:08:41.0122 0x18a4  Appinfo - ok
21:08:41.0122 0x18a4  AppReadiness - ok
21:08:41.0137 0x18a4  AppXSvc - ok
21:08:41.0153 0x18a4  arcsas - ok
21:08:41.0262 0x18a4  aspnet_state - ok
21:08:41.0278 0x18a4  AsyncMac - ok
21:08:41.0278 0x18a4  atapi - ok
21:08:41.0294 0x18a4  AudioEndpointBuilder - ok
21:08:41.0309 0x18a4  Audiosrv - ok
21:08:41.0372 0x18a4  [ B18699497436228F1109132D669CF29A, 1A358BC7E7931FE43B1038E33EBEA365476E5A2EFB9476F47E3476A3669063FB ] avc3            C:\WINDOWS\system32\DRIVERS\avc3.sys
21:08:41.0450 0x18a4  avc3 - ok
21:08:41.0497 0x18a4  [ 1251FB8BF8E6B6129065326A3E8A4378, 1AF1DAE71A8126A875AC3197FD69BCD52949DC08694A29EAB6FA3ED31695BDED ] avckf          C:\WINDOWS\system32\DRIVERS\avckf.sys
21:08:41.0544 0x18a4  avckf - ok
21:08:41.0559 0x18a4  AxInstSV - ok
21:08:41.0575 0x18a4  b06bdrv - ok
21:08:41.0590 0x18a4  BasicDisplay - ok
21:08:41.0590 0x18a4  BasicRender - ok
21:08:41.0590 0x18a4  bcmfn - ok
21:08:41.0590 0x18a4  bcmfn2 - ok
21:08:41.0670 0x18a4  [ AEB6064A3363F2FD688352DA998DF8EE, EB7F025F2F692554C8EEE82B77CB34229749FF44FDEAC6F4801A2E795C30FEED ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
21:08:41.0685 0x18a4  BdDesktopParental - ok
21:08:41.0701 0x18a4  BDESVC - ok
21:08:41.0826 0x18a4  [ 9C3E3B1AC1DD7CDB58597A000C6BA215, 539233DE67BAEB416FE045D98835FBC152061C1A6088989F14C4746AC25BE18D ] BdfNdisf        C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys
21:08:41.0826 0x18a4  BdfNdisf - ok
21:08:41.0873 0x18a4  [ 0B3BADC084AB1592D6E2D4CFA3AA2461, C62860DF753E455D2D4FFFE04CB26D84590947A4B41FA853D83A8F8EB9E80F9C ] bdfwfpf        C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
21:08:41.0873 0x18a4  bdfwfpf - ok
21:08:41.0920 0x18a4  [ 9036F27C0757ECCC7836C5E58D576FB0, 9637FEB50C88D5B0F38FA6328335A5E251BB371862B35B9E6FD96040BE0C2F10 ] bdfwfpf_pc      C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys
21:08:41.0935 0x18a4  bdfwfpf_pc - ok
21:08:41.0967 0x18a4  [ D8FAF7CFBC81E5E15CA7A7EC8EE1B409, 75E60DF2147DFB109E628FDF80EB1BFA5360E5935BB9237B67053588F906E1B1 ] BDVEDISK        C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
21:08:41.0982 0x18a4  BDVEDISK - ok
21:08:41.0998 0x18a4  Beep - ok
21:08:42.0013 0x18a4  BFE - ok
21:08:42.0029 0x18a4  BITS - ok
21:08:42.0045 0x18a4  bowser - ok
21:08:42.0060 0x18a4  BrokerInfrastructure - ok
21:08:42.0060 0x18a4  Browser - ok
21:08:42.0076 0x18a4  BthAvrcpTg - ok
21:08:42.0076 0x18a4  BthHFEnum - ok
21:08:42.0092 0x18a4  bthhfhid - ok
21:08:42.0107 0x18a4  BthHFSrv - ok
21:08:42.0123 0x18a4  BTHMODEM - ok
21:08:42.0123 0x18a4  bthserv - ok
21:08:42.0138 0x18a4  buttonconverter - ok
21:08:42.0138 0x18a4  CapImg - ok
21:08:42.0154 0x18a4  cdfs - ok
21:08:42.0170 0x18a4  CDPSvc - ok
21:08:42.0170 0x18a4  cdrom - ok
21:08:42.0170 0x18a4  CertPropSvc - ok
21:08:42.0185 0x18a4  circlass - ok
21:08:42.0185 0x18a4  CLFS - ok
21:08:42.0217 0x18a4  ClipSVC - ok
21:08:42.0232 0x18a4  CmBatt - ok
21:08:42.0248 0x18a4  CNG - ok
21:08:42.0248 0x18a4  cnghwassist - ok
21:08:42.0310 0x18a4  CompositeBus - ok
21:08:42.0326 0x18a4  COMSysApp - ok
21:08:42.0326 0x18a4  condrv - ok
21:08:42.0342 0x18a4  CoreMessagingRegistrar - ok
21:08:42.0467 0x18a4  [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
21:08:42.0529 0x18a4  cphs - ok
21:08:42.0560 0x18a4  CryptSvc - ok
21:08:42.0592 0x18a4  [ BC3D4F90978CD7C8EABD1BAF3BF7873A, 5978139650FC51BE0CAB12061702C7BC7BEDF6E7C3A047FF0A6328AA674E4226 ] CtClsFlt        C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
21:08:42.0623 0x18a4  CtClsFlt - ok
21:08:42.0654 0x18a4  [ E12939C6D28957C960494DE2EEE30649, 883C02207A9D6DF5363C102DE4B31B3DDB5354B413F9C2FB77832C42EEE9C832 ] CySmb          C:\WINDOWS\System32\drivers\cysmb.sys
21:08:42.0670 0x18a4  CySmb - ok
21:08:42.0685 0x18a4  dam - ok
21:08:42.0701 0x18a4  DcomLaunch - ok
21:08:42.0732 0x18a4  DcpSvc - ok
21:08:42.0763 0x18a4  [ B56714DED87E29377F1EE930691DADA2, B3C3BC4F546A786A93823C1471D560BF678A9C95237065E3B99B2B80E6C28131 ] DDDriver        C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys
21:08:42.0779 0x18a4  DDDriver - ok
21:08:42.0779 0x18a4  defragsvc - ok
21:08:42.0935 0x18a4  [ E554163D138B79CD8C6EDF73187FC635, 0EDC0B76437B145607C39288F3E6B92975E3B406859EA8213BBE635A0C21922D ] DellDataVault  C:\Program Files\Dell\DellDataVault\DellDataVault.exe
21:08:43.0060 0x18a4  DellDataVault - ok
21:08:43.0092 0x18a4  [ D8F74B93897C8FDF2EAF4C99E30500A4, 565D69AE486074C3E2D30EC8DCF11D720F1887BF45BF7EE1DF24DB012ED1F4A3 ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
21:08:43.0107 0x18a4  DellDataVaultWiz - ok
21:08:43.0138 0x18a4  [ DC3BD578642252FD9569B9CD75CEF81E, 63F44BC19389C19BA9F9E974BF2E5236AF7F66D9076943B9CF46775264BBE413 ] DellProf        C:\WINDOWS\system32\drivers\DellProf.sys
21:08:43.0154 0x18a4  DellProf - ok
21:08:43.0170 0x18a4  DeviceAssociationService - ok
21:08:43.0185 0x18a4  DeviceInstall - ok
21:08:43.0201 0x18a4  DevQueryBroker - ok
21:08:43.0217 0x18a4  Dfsc - ok
21:08:43.0248 0x18a4  Dhcp - ok
21:08:43.0295 0x18a4  diagnosticshub.standardcollector.service - ok
21:08:43.0310 0x18a4  DiagTrack - ok
21:08:43.0342 0x18a4  disk - ok
21:08:43.0388 0x18a4  DmEnrollmentSvc - ok
21:08:43.0388 0x18a4  dmvsc - ok
21:08:43.0388 0x18a4  dmwappushservice - ok
21:08:43.0404 0x18a4  Dnscache - ok
21:08:43.0420 0x18a4  dot3svc - ok
21:08:43.0420 0x18a4  DPS - ok
21:08:43.0451 0x18a4  drmkaud - ok
21:08:43.0451 0x18a4  DsmSvc - ok
21:08:43.0467 0x18a4  DsSvc - ok
21:08:43.0467 0x18a4  DXGKrnl - ok
21:08:43.0498 0x18a4  Eaphost - ok
21:08:43.0498 0x18a4  ebdrv - ok
21:08:43.0513 0x18a4  EFS - ok
21:08:43.0513 0x18a4  EhStorClass - ok
21:08:43.0529 0x18a4  EhStorTcgDrv - ok
21:08:43.0545 0x18a4  embeddedmode - ok
21:08:43.0732 0x18a4  [ 6B0564B6DDD28E36A59A7F322E0AE2D6, D8F73C7406F45ACFE8EB7C7EB9593EF577627A00843316194BDF973E2FB824FE ] EMET_Service    C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
21:08:43.0748 0x18a4  EMET_Service - ok
21:08:43.0779 0x18a4  EntAppSvc - ok
21:08:43.0795 0x18a4  ErrDev - ok
21:08:43.0826 0x18a4  EventSystem - ok
21:08:43.0826 0x18a4  exfat - ok
21:08:43.0826 0x18a4  fastfat - ok
21:08:43.0842 0x18a4  Fax - ok
21:08:43.0842 0x18a4  fdc - ok
21:08:43.0857 0x18a4  fdPHost - ok
21:08:43.0857 0x18a4  FDResPub - ok
21:08:43.0857 0x18a4  fhsvc - ok
21:08:43.0873 0x18a4  FileCrypt - ok
21:08:43.0873 0x18a4  FileInfo - ok
21:08:43.0888 0x18a4  Filetrace - ok
21:08:43.0920 0x18a4  [ 72CC30F0D6DF8D3FBD5CD728259A8F69, F7774D35B38F35E31A8EEE37FF2F203C1CED433FF84EC265CD92B38CBFE3AB8F ] file_tracker    C:\WINDOWS\system32\DRIVERS\file_tracker.sys
21:08:43.0935 0x18a4  file_tracker - ok
21:08:43.0951 0x18a4  flpydisk - ok
21:08:43.0951 0x18a4  FltMgr - ok
21:08:43.0982 0x18a4  [ 9BD0273A5B650CC16E8A54AD9B312BEB, 1AA219C4CC29E8301075537A330CC7FB677CD884AABD8FB3D99CFBEA1AB4CDF2 ] fltsrv          C:\WINDOWS\system32\DRIVERS\fltsrv.sys
21:08:43.0982 0x18a4  fltsrv - ok
21:08:44.0014 0x18a4  FontCache - ok
21:08:44.0123 0x18a4  FontCache3.0.0.0 - ok
21:08:44.0123 0x18a4  FsDepends - ok
21:08:44.0123 0x18a4  Fs_Rec - ok
21:08:44.0138 0x18a4  fvevol - ok
21:08:44.0138 0x18a4  gagp30kx - ok
21:08:44.0201 0x18a4  gencounter - ok
21:08:44.0217 0x18a4  genericusbfn - ok
21:08:44.0326 0x18a4  [ 5031F3E650D242EEECEB92EB9900FB93, FB51ADB81AC3E0097362BAECEC4F0C83C46E5505277B7F35FDCE9BF88B72C963 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
21:08:44.0373 0x18a4  GfExperienceService - ok
21:08:44.0388 0x18a4  GPIOClx0101 - ok
21:08:44.0404 0x18a4  gpsvc - ok
21:08:44.0404 0x18a4  GpuEnergyDrv - ok
21:08:44.0435 0x18a4  [ 06BFA49C4D999E93E214DB4E8044DE0B, 5E339A2A6858AA59F8B0879AB4CB87DBC6622322259CB612594552DDE831ACD0 ] gzflt          C:\WINDOWS\system32\DRIVERS\gzflt.sys
21:08:44.0451 0x18a4  gzflt - ok
21:08:44.0451 0x18a4  HDAudBus - ok
21:08:44.0451 0x18a4  HidBatt - ok
21:08:44.0451 0x18a4  HidBth - ok
21:08:44.0467 0x18a4  hidi2c - ok
21:08:44.0467 0x18a4  hidinterrupt - ok
21:08:44.0467 0x18a4  HidIr - ok
21:08:44.0467 0x18a4  hidserv - ok
21:08:44.0482 0x18a4  HidUsb - ok
21:08:44.0514 0x18a4  [ D018C0E0A97905D0859DCD970BE4CE2A, 969B5FF4E762BC84F9B6588ECC9B08026519E081ACC1182885E163762CC3E21A ] hitmanpro37    C:\WINDOWS\system32\drivers\hitmanpro37.sys
21:08:44.0529 0x18a4  hitmanpro37 - ok
21:08:44.0560 0x18a4  HomeGroupListener - ok
21:08:44.0576 0x18a4  HomeGroupProvider - ok
21:08:44.0576 0x18a4  HpSAMD - ok
21:08:44.0598 0x18a4  HTTP - ok
21:08:44.0708 0x18a4  [ E5805896A55D4166C20F216249F40FA3, F426BF60D5B916E7A778EF24C49FE1FFE1B2977C2ABD2977FD5C38C6E6CB139F ] HWiNFO32        C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
21:08:44.0723 0x18a4  HWiNFO32 - ok
21:08:44.0723 0x18a4  hwpolicy - ok
21:08:44.0723 0x18a4  hyperkbd - ok
21:08:44.0739 0x18a4  HyperVideo - ok
21:08:44.0739 0x18a4  i8042prt - ok
21:08:44.0754 0x18a4  iai2c - ok
21:08:44.0754 0x18a4  iaLPSS2i_I2C - ok
21:08:44.0754 0x18a4  iaLPSSi_GPIO - ok
21:08:44.0754 0x18a4  iaLPSSi_I2C - ok
21:08:44.0770 0x18a4  iaStorAV - ok
21:08:44.0770 0x18a4  iaStorV - ok
21:08:44.0770 0x18a4  ibbus - ok
21:08:44.0801 0x18a4  icssvc - ok
21:08:44.0817 0x18a4  IEEtwCollectorService - ok
21:08:44.0989 0x18a4  [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
21:08:45.0208 0x18a4  igfx - ok
21:08:45.0223 0x18a4  IKEEXT - ok
21:08:45.0270 0x18a4  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd          C:\WINDOWS\system32\drivers\Impcd.sys
21:08:45.0286 0x18a4  Impcd - ok
21:08:45.0458 0x18a4  [ 93E07E34AC803B37CD196662FDBA38F8, 540DC5C9EA3361C686A78CFCD4CB0AAA15827A00D4D2F7FFA0D6B791D41BC986 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
21:08:45.0630 0x18a4  IntcAzAudAddService - ok
21:08:45.0645 0x18a4  intelide - ok
21:08:45.0645 0x18a4  intelpep - ok
21:08:45.0661 0x18a4  intelppm - ok
21:08:45.0661 0x18a4  IoQos - ok
21:08:45.0661 0x18a4  IpFilterDriver - ok
21:08:45.0676 0x18a4  iphlpsvc - ok
21:08:45.0676 0x18a4  IPMIDRV - ok
21:08:45.0692 0x18a4  IPNAT - ok
21:08:45.0692 0x18a4  IRENUM - ok
21:08:45.0708 0x18a4  isapnp - ok
21:08:45.0708 0x18a4  iScsiPrt - ok
21:08:45.0739 0x18a4  [ 716F66336F10885D935B08174DC54242, 1992708956A2A45A8870CFCB532F3ABF24B1143B75EF32AB1F59D5D86E65F493 ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
21:08:45.0755 0x18a4  iwdbus - ok
21:08:45.0755 0x18a4  kbdclass - ok
21:08:45.0755 0x18a4  kbdhid - ok
21:08:45.0755 0x18a4  kdnic - ok
21:08:45.0786 0x18a4  [ 547E9B25B4407A125D5F187E918BC217, 036C1151A30A9C25AFC961D7305C58CBF8F68E5E5C1E726565C9A8168C2F3CDB ] keycrypt        C:\WINDOWS\system32\DRIVERS\KeyCrypt64.sys
21:08:45.0801 0x18a4  keycrypt - ok
21:08:45.0817 0x18a4  KeyIso - ok
21:08:45.0817 0x18a4  KSecDD - ok
21:08:45.0833 0x18a4  KSecPkg - ok
21:08:45.0833 0x18a4  ksthunk - ok
21:08:45.0848 0x18a4  KtmRm - ok
21:08:45.0864 0x18a4  LanmanServer - ok
21:08:45.0911 0x18a4  LanmanWorkstation - ok
21:08:45.0958 0x18a4  lfsvc - ok
21:08:45.0973 0x18a4  LicenseManager - ok
21:08:46.0005 0x18a4  lltdio - ok
21:08:46.0005 0x18a4  lltdsvc - ok
21:08:46.0020 0x18a4  lmhosts - ok
21:08:46.0098 0x18a4  [ 7F32D4C47A50E7223491E8FB9359907D, 6D3F59A8D006BED3234697933D09C8EE8F7A9F4A4196CFA878F8E8A929B24CE5 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:08:46.0130 0x18a4  LMS - ok
21:08:46.0145 0x18a4  LSI_SAS - ok
21:08:46.0145 0x18a4  LSI_SAS2i - ok
21:08:46.0145 0x18a4  LSI_SAS3i - ok
21:08:46.0161 0x18a4  LSI_SSS - ok
21:08:46.0161 0x18a4  LSM - ok
21:08:46.0176 0x18a4  luafv - ok
21:08:46.0192 0x18a4  MapsBroker - ok
21:08:46.0192 0x18a4  megasas - ok
21:08:46.0192 0x18a4  megasr - ok
21:08:46.0223 0x18a4  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
21:08:46.0223 0x18a4  MEIx64 - ok
21:08:46.0223 0x18a4  MessagingService - ok
21:08:46.0239 0x18a4  mlx4_bus - ok
21:08:46.0255 0x18a4  MMCSS - ok
21:08:46.0255 0x18a4  Modem - ok
21:08:46.0255 0x18a4  monitor - ok
21:08:46.0270 0x18a4  mouclass - ok
21:08:46.0270 0x18a4  mouhid - ok
21:08:46.0270 0x18a4  mountmgr - ok
21:08:46.0333 0x18a4  [ 63282F5EB7E5BFB58FD1EC93C6ADB457, 25096C4AE319E854153C75DCEC0A67A63F6B05FDD0B49D4D373724B3BF55D665 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:08:46.0348 0x18a4  MozillaMaintenance - ok
21:08:46.0348 0x18a4  mpsdrv - ok
21:08:46.0348 0x18a4  MpsSvc - ok
21:08:46.0380 0x18a4  MQAC - ok
21:08:46.0380 0x18a4  MRxDAV - ok
21:08:46.0380 0x18a4  mrxsmb - ok
21:08:46.0395 0x18a4  mrxsmb10 - ok
21:08:46.0395 0x18a4  mrxsmb20 - ok
21:08:46.0395 0x18a4  MsBridge - ok
21:08:46.0411 0x18a4  MSDTC - ok
21:08:46.0411 0x18a4  Msfs - ok
21:08:46.0426 0x18a4  msgpiowin32 - ok
21:08:46.0426 0x18a4  mshidkmdf - ok
21:08:46.0426 0x18a4  mshidumdf - ok
21:08:46.0442 0x18a4  msisadrv - ok
21:08:46.0458 0x18a4  MSiSCSI - ok
21:08:46.0458 0x18a4  msiserver - ok
21:08:46.0458 0x18a4  MSKSSRV - ok
21:08:46.0473 0x18a4  MsLldp - ok
21:08:46.0489 0x18a4  MSMQ - ok
21:08:46.0489 0x18a4  MSPCLOCK - ok
21:08:46.0489 0x18a4  MSPQM - ok
21:08:46.0489 0x18a4  MsRPC - ok
21:08:46.0505 0x18a4  mssmbios - ok
21:08:46.0505 0x18a4  MSTEE - ok
21:08:46.0505 0x18a4  MTConfig - ok
21:08:46.0520 0x18a4  Mup - ok
21:08:46.0520 0x18a4  mvumis - ok
21:08:46.0520 0x18a4  NativeWifiP - ok
21:08:46.0551 0x18a4  NcaSvc - ok
21:08:46.0567 0x18a4  NcbService - ok
21:08:46.0583 0x18a4  NcdAutoSetup - ok
21:08:46.0583 0x18a4  ndfltr - ok
21:08:46.0583 0x18a4  NDIS - ok
21:08:46.0598 0x18a4  NdisCap - ok
21:08:46.0598 0x18a4  NdisImPlatform - ok
21:08:46.0598 0x18a4  NdisTapi - ok
21:08:46.0614 0x18a4  Ndisuio - ok
21:08:46.0614 0x18a4  NdisVirtualBus - ok
21:08:46.0630 0x18a4  NdisWan - ok
21:08:46.0630 0x18a4  ndiswanlegacy - ok
21:08:46.0630 0x18a4  ndproxy - ok
21:08:46.0630 0x18a4  Ndu - ok
21:08:46.0645 0x18a4  NetBIOS - ok
21:08:46.0645 0x18a4  NetBT - ok
21:08:46.0645 0x18a4  Netlogon - ok
21:08:46.0692 0x18a4  Netman - ok
21:08:46.0786 0x18a4  NetMsmqActivator - ok
21:08:46.0786 0x18a4  NetPipeActivator - ok
21:08:46.0786 0x18a4  netprofm - ok
21:08:46.0801 0x18a4  NetSetupSvc - ok
21:08:46.0801 0x18a4  NetTcpActivator - ok
21:08:46.0801 0x18a4  NetTcpPortSharing - ok
21:08:46.0817 0x18a4  netvsc - ok
21:08:47.0145 0x18a4  [ BB92813C0806A005ACA240222CE198C9, 8AA52F4FC5C7B96EAA9A95338AA5860A596FDA2998D7925071D60943260555FB ] NETwNs64        C:\WINDOWS\System32\drivers\NETwsw00.sys
21:08:47.0286 0x28f0  Object required for P2P: [ 04A7B373A727BD3ACD824621CF65AE70 ] AdobeFlashPlayerUpdateSvc
21:08:47.0536 0x18a4  NETwNs64 - ok
21:08:47.0583 0x18a4  NgcCtnrSvc - ok
21:08:47.0583 0x18a4  NgcSvc - ok
21:08:47.0598 0x18a4  NlaSvc - ok
21:08:47.0598 0x18a4  Npfs - ok
21:08:47.0630 0x18a4  npsvctrig - ok
21:08:47.0630 0x18a4  nsi - ok
21:08:47.0630 0x18a4  nsiproxy - ok
21:08:47.0645 0x18a4  NTFS - ok
21:08:47.0645 0x18a4  Null - ok
21:08:48.0005 0x18a4  [ DF0BB2C179476D312B7BC0056CEC50A6, 64CC3201FA903E0EC9C99BE167C439C14A4C9AC2A88898B64789EEB381DB97B6 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
21:08:48.0395 0x18a4  nvlddmkm - ok
21:08:48.0536 0x18a4  [ 4EBEE69A8FE7DC85FD3C122821C617A0, 7193C14DEB4C5B0D86C5C6841C80879C28E1FDA8F77879EB18A3D2685C67B986 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
21:08:48.0677 0x18a4  NvNetworkService - ok
21:08:48.0708 0x18a4  [ 2328DC3622412EE112868645DA013075, 361A3D2FDE53F5EAF3068A64F7848020C62B256C3F08BE5F863544A0747DD2D6 ] nvpciflt        C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
21:08:48.0708 0x18a4  nvpciflt - ok
21:08:48.0708 0x18a4  nvraid - ok
21:08:48.0723 0x18a4  nvstor - ok
21:08:48.0817 0x18a4  [ 0EF30778078D7B5877F8F57151699798, B0409C79143BDBB774C3C740CCA8EB77CF67915E59EC6050DB993ED0575EC077 ] NvStreamKms    C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
21:08:48.0833 0x18a4  NvStreamKms - ok
21:08:48.0989 0x18a4  [ D23A07D549243F5B77780BAA4FBF5BC3, 5BC5161CAE6BE6382BDCDE9B1CDD5F4DEBC3EA18D01B0E261AF716FDB04154BC ] NvStreamSvc    C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
21:08:49.0177 0x18a4  NvStreamSvc - ok
21:08:49.0239 0x18a4  [ DFCCA437717EACA8418F47992A41B39A, E587A629B894EE6A16AC414747D492FFC6B6E9F051B40F7D25F0D4406E2FF919 ] nvsvc          C:\WINDOWS\system32\nvvsvc.exe
21:08:49.0302 0x18a4  nvsvc - ok
21:08:49.0333 0x18a4  [ 4F00008B513F4019623ED61159363888, A1047FF1FCF3ED405C3426C8959AD10426F30E3F58E95BFD6ADF1DBC947AB379 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
21:08:49.0348 0x18a4  nvvad_WaveExtensible - ok
21:08:49.0364 0x18a4  nv_agp - ok
21:08:49.0380 0x18a4  OneSyncSvc - ok
21:08:49.0411 0x18a4  p2pimsvc - ok
21:08:49.0427 0x18a4  p2psvc - ok
21:08:49.0442 0x18a4  Parport - ok
21:08:49.0442 0x18a4  partmgr - ok
21:08:49.0442 0x18a4  PcaSvc - ok
21:08:49.0458 0x18a4  pci - ok
21:08:49.0458 0x18a4  pciide - ok
21:08:49.0458 0x18a4  pcmcia - ok
21:08:49.0473 0x18a4  pcw - ok
21:08:49.0473 0x18a4  pdc - ok
21:08:49.0489 0x18a4  PEAUTH - ok
21:08:49.0505 0x18a4  percsas2i - ok
21:08:49.0505 0x18a4  percsas3i - ok
21:08:49.0583 0x18a4  PerfHost - ok
21:08:49.0614 0x18a4  PhoneSvc - ok
21:08:49.0630 0x18a4  PimIndexMaintenanceSvc - ok
21:08:49.0645 0x18a4  pla - ok
21:08:49.0661 0x18a4  PlugPlay - ok
21:08:49.0677 0x18a4  PNRPAutoReg - ok
21:08:49.0677 0x18a4  PNRPsvc - ok
21:08:49.0708 0x18a4  [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64        C:\WINDOWS\System32\drivers\point64.sys
21:08:49.0723 0x18a4  Point64 - ok
21:08:49.0739 0x18a4  PolicyAgent - ok
21:08:49.0739 0x18a4  Power - ok
21:08:49.0755 0x18a4  PptpMiniport - ok
21:08:49.0786 0x18a4  PrintNotify - ok
21:08:49.0802 0x18a4  Processor - ok
21:08:49.0802 0x18a4  ProfSvc - ok
21:08:49.0817 0x18a4  Psched - ok
21:08:49.0848 0x28f0  Object send P2P result: true
21:08:49.0848 0x28f0  Object required for P2P: [ 9036F27C0757ECCC7836C5E58D576FB0 ] bdfwfpf_pc
21:08:49.0848 0x18a4  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI            C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
21:08:49.0848 0x18a4  PSI - ok
21:08:49.0880 0x18a4  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\WINDOWS\system32\Drivers\PxHlpa64.sys
21:08:49.0895 0x18a4  PxHlpa64 - ok
21:08:49.0911 0x18a4  QWAVE - ok
21:08:49.0911 0x18a4  QWAVEdrv - ok
21:08:49.0927 0x18a4  RasAcd - ok
21:08:49.0942 0x18a4  RasAgileVpn - ok
21:08:49.0942 0x18a4  RasAuto - ok
21:08:49.0958 0x18a4  Rasl2tp - ok
21:08:49.0958 0x18a4  RasMan - ok
21:08:49.0973 0x18a4  RasPppoe - ok
21:08:49.0973 0x18a4  RasSstp - ok
21:08:49.0973 0x18a4  rdbss - ok
21:08:49.0989 0x18a4  rdpbus - ok
21:08:49.0989 0x18a4  RDPDR - ok
21:08:50.0005 0x18a4  RdpVideoMiniport - ok
21:08:50.0005 0x18a4  rdyboost - ok
21:08:50.0005 0x18a4  ReFSv1 - ok
21:08:50.0020 0x18a4  RemoteAccess - ok
21:08:50.0020 0x18a4  RemoteRegistry - ok
21:08:50.0020 0x18a4  RetailDemo - ok
21:08:50.0161 0x18a4  [ 3C957189B31C34D3AD21967B12B6AED7, 878FE6EA03F60592D6D557B905A5119E2CC836C2A6A86ED2867C3C9B0F0FDBA2 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:08:50.0255 0x18a4  RoxMediaDB12OEM - ok
21:08:50.0302 0x18a4  [ 2B73088CC2CA757A172B425C9398E5BC, 3D296B4D6F66F7729CC48FE54456E6E6D8207DBA7E31D66653566C128E53163B ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:08:50.0317 0x18a4  RoxWatch12 - ok
21:08:50.0333 0x18a4  RpcEptMapper - ok
21:08:50.0348 0x18a4  RpcLocator - ok
21:08:50.0348 0x18a4  RpcSs - ok
21:08:50.0364 0x18a4  rspndr - ok
21:08:50.0395 0x18a4  [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR      C:\WINDOWS\System32\Drivers\RtsUStor.sys
21:08:50.0411 0x18a4  RSUSBSTOR - ok
21:08:50.0458 0x18a4  [ F5C08707F5B16E53110A6FD074C326DD, 732D8D1C765C5C1E4E1C7D29E723E144061D2BADD6A63BAB3E27D1845D7D3E7B ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
21:08:50.0505 0x18a4  rt640x64 - ok
21:08:50.0567 0x18a4  [ 23A922B92A854B9846D3D41EFBBF3A4B, 37E80E5D11D79D1F5CE5B19430C455D82DE21A18B84BD03778325C518E321373 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
21:08:50.0583 0x18a4  RtkAudioService - ok
21:08:50.0645 0x18a4  [ E2AD4EE81F401ADDAAA1DB9561058629, C33BC12DC7EB70538902C1D326C415C87E76388FF0B5AA30E4B8D162228FE73A ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
21:08:50.0661 0x18a4  RTSUER - ok
21:08:50.0661 0x18a4  s3cap - ok
21:08:50.0692 0x18a4  SamSs - ok
21:08:50.0692 0x18a4  sbp2port - ok
21:08:50.0723 0x18a4  SCardSvr - ok
21:08:50.0755 0x18a4  ScDeviceEnum - ok
21:08:50.0755 0x18a4  scfilter - ok
21:08:50.0786 0x18a4  Schedule - ok
21:08:50.0786 0x18a4  SCPolicySvc - ok
21:08:50.0802 0x18a4  sdbus - ok
21:08:50.0802 0x18a4  SDRSVC - ok
21:08:50.0817 0x18a4  sdstor - ok
21:08:50.0817 0x18a4  seclogon - ok
21:08:50.0911 0x18a4  [ BE43B6172AC5961017762AB3C9B9B4C6, 209356410729F5DB8E9CB64B7F32638CE4C1559B5FA10B66C69C0650A0ADD36E ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:08:50.0989 0x18a4  Secunia PSI Agent - ok
21:08:51.0036 0x18a4  [ C85EE9529401BF0467DACEB3D4BD1EAF, 4CB441A39C4FF3417B9046BEB237B3043A105A0112F5A04444F431C7F77C3D4B ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
21:08:51.0098 0x18a4  Secunia Update Agent - ok
21:08:51.0114 0x18a4  SENS - ok
21:08:51.0130 0x18a4  SensorDataService - ok
21:08:51.0145 0x18a4  SensorService - ok
21:08:51.0161 0x18a4  SensrSvc - ok
21:08:51.0177 0x18a4  SerCx - ok
21:08:51.0192 0x18a4  SerCx2 - ok
21:08:51.0208 0x18a4  Serenum - ok
21:08:51.0208 0x18a4  Serial - ok
21:08:51.0223 0x18a4  sermouse - ok
21:08:51.0239 0x18a4  SessionEnv - ok
21:08:51.0255 0x18a4  sfloppy - ok
21:08:51.0270 0x18a4  SharedAccess - ok
21:08:51.0270 0x18a4  ShellHWDetection - ok
21:08:51.0286 0x18a4  SiSRaid2 - ok
21:08:51.0286 0x18a4  SiSRaid4 - ok
21:08:51.0317 0x18a4  [ 544788D536087DAF32B846F10D8392F5, D38C18ED147BE4BC7CE5DB50DA1DEEEBD192E1D615B2A3F3B5957A1421B9A2C2 ] SLEE_17_DRIVER  C:\Windows\Sleen1764.sys
21:08:51.0333 0x18a4  SLEE_17_DRIVER - ok
21:08:51.0348 0x18a4  smphost - ok
21:08:51.0364 0x18a4  SmsRouter - ok
21:08:51.0411 0x18a4  [ 2F7A6F88A9516EB47B0BF13024434244, 5FC5635D077AAA42853F78306C941995B56E939015CC3F27D376CBD9395C7410 ] snapman        C:\WINDOWS\system32\DRIVERS\snapman.sys
21:08:51.0427 0x18a4  snapman - ok
21:08:51.0442 0x18a4  SNMPTRAP - ok
21:08:51.0442 0x18a4  spaceport - ok
21:08:51.0458 0x18a4  SpbCx - ok
21:08:51.0458 0x18a4  Spooler - ok
21:08:51.0458 0x18a4  sppsvc - ok
21:08:51.0473 0x18a4  srv - ok
21:08:51.0473 0x18a4  srv2 - ok
21:08:51.0473 0x18a4  srvnet - ok
21:08:51.0520 0x18a4  SSDPSRV - ok
21:08:51.0520 0x18a4  SstpSvc - ok
21:08:51.0536 0x18a4  StateRepository - ok
21:08:51.0536 0x18a4  Steganos Volatile Disk - ok
21:08:51.0630 0x18a4  [ 601F0449030798FDFB2932F902C24C98, 95D5BEFF5E909513C6823FC115259FF7C5AD695C5992874B612248D9616F5DA5 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:08:51.0677 0x18a4  Stereo Service - ok
21:08:51.0677 0x18a4  stexstor - ok
21:08:51.0723 0x18a4  [ 70D9E406A1170A801B0D9CCECF9D6914, DD4B6A77B6BFFE2D10B4CD11E9856542A161D20C1BAC13790F12D87072F055F5 ] STGMFEngine64  C:\Windows\system32\drivers\STGMFEngine64.sys
21:08:51.0739 0x18a4  STGMFEngine64 - ok
21:08:51.0755 0x18a4  stisvc - ok
21:08:51.0802 0x18a4  [ 7731F46EC0D687A931CBA063E8F90EF0, 5CF996A209756B901316C4406C7D3E52ECC9C15A1BDB0D4D9C77846AB29FD040 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:08:51.0817 0x18a4  stllssvr - ok
21:08:51.0817 0x18a4  storahci - ok
21:08:51.0833 0x18a4  storflt - ok
21:08:51.0849 0x18a4  stornvme - ok
21:08:51.0849 0x18a4  storqosflt - ok
21:08:51.0864 0x18a4  StorSvc - ok
21:08:51.0880 0x18a4  storufs - ok
21:08:51.0880 0x18a4  storvsc - ok
21:08:51.0974 0x18a4  [ 9CC3E88C12CC5A421FC049EB6C292D36, D1741C300B760624AEEAA226F6AF8EBDFB721CF4C4A41DF502B836DB6D5EE338 ] SupportAssistAgent C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
21:08:51.0989 0x18a4  SupportAssistAgent - ok
21:08:52.0020 0x18a4  svsvc - ok
21:08:52.0036 0x18a4  swenum - ok
21:08:52.0036 0x18a4  swprv - ok
21:08:52.0302 0x18a4  [ 06A5A15C89E5F2C08D0C595C1DA776AF, EEFC5803E3C76115DF24B00A4BD6F3196D6CD87049802EF58BE6CF2CCB758FBF ] syncagentsrv    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
21:08:52.0333 0x28f0  Object send P2P result: true
21:08:52.0333 0x28f0  Object required for P2P: [ E554163D138B79CD8C6EDF73187FC635 ] DellDataVault
21:08:52.0552 0x18a4  syncagentsrv - ok
21:08:52.0599 0x18a4  Synth3dVsc - ok
21:08:52.0599 0x18a4  SysMain - ok
21:08:52.0614 0x18a4  SystemEventsBroker - ok
21:08:52.0630 0x18a4  TabletInputService - ok
21:08:52.0661 0x18a4  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901        C:\WINDOWS\system32\DRIVERS\tap0901.sys
21:08:52.0661 0x18a4  tap0901 - ok
21:08:52.0677 0x18a4  TapiSrv - ok
21:08:52.0677 0x18a4  Tcpip - ok
21:08:52.0692 0x18a4  Tcpip6 - ok
21:08:52.0692 0x18a4  tcpipreg - ok
21:08:52.0724 0x18a4  tdx - ok
21:08:52.0724 0x18a4  terminpt - ok
21:08:52.0724 0x18a4  TermService - ok
21:08:52.0739 0x18a4  Themes - ok
21:08:52.0786 0x18a4  [ AEEEB1EE424A8D6F17B3A6461E0FC7E6, 3A5FD27DF6132E84DC03366FB684B31A454C0805A5E4EA0C67B0CE85FF446B93 ] tib            C:\WINDOWS\system32\DRIVERS\tib.sys
21:08:52.0833 0x18a4  tib - ok
21:08:52.0864 0x18a4  [ 3813F93D8A69EDE68913CC3050640FE3, 4931BC6DA6FD0808C985CD6202FB759F6B8DE8957FB44E6AD8844EA58C891AC1 ] tib_mounter    C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
21:08:52.0880 0x18a4  tib_mounter - ok
21:08:52.0911 0x18a4  TieringEngineService - ok
21:08:52.0927 0x18a4  tiledatamodelsvc - ok
21:08:52.0927 0x18a4  TimeBroker - ok
21:08:52.0942 0x18a4  TPM - ok
21:08:52.0942 0x18a4  TrkWks - ok
21:08:52.0989 0x18a4  [ FE3D70DE933A481284FCE7D5DB5DCE50, A2A1C6AEED6417FCEE5990CD766B2A78D9037583B57617418242D98C031617F2 ] trufos          C:\WINDOWS\system32\DRIVERS\trufos.sys
21:08:53.0005 0x18a4  trufos - ok
21:08:53.0052 0x18a4  TrustedInstaller - ok
21:08:53.0067 0x18a4  tsusbflt - ok
21:08:53.0083 0x18a4  TsUsbGD - ok
21:08:53.0099 0x18a4  tunnel - ok
21:08:53.0130 0x18a4  [ FD24F98D2898BE093FE926604BE7DB99, F9851C57A2ED838AC76BB19FE2F62BB81C57DBBE2A2555F738B5D6725D39AD61 ] TurboB          C:\WINDOWS\system32\DRIVERS\TurboB.sys
21:08:53.0145 0x18a4  TurboB - ok
21:08:53.0208 0x18a4  [ 600B406A04D90F577FEA8A88D7379F08, 77CC8E8AFB6F571A42D916C0B2FEFFD3A7A32A455C78228B407C6C9B6DED8CAD ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:08:53.0224 0x18a4  TurboBoost - ok
21:08:53.0255 0x18a4  tzautoupdate - ok
21:08:53.0270 0x18a4  uagp35 - ok
21:08:53.0270 0x18a4  UASPStor - ok
21:08:53.0270 0x18a4  UcmCx0101 - ok
21:08:53.0286 0x18a4  UcmUcsi - ok
21:08:53.0286 0x18a4  Ucx01000 - ok
21:08:53.0286 0x18a4  UdeCx - ok
21:08:53.0302 0x18a4  udfs - ok
21:08:53.0302 0x18a4  UEFI - ok
21:08:53.0317 0x18a4  Ufx01000 - ok
21:08:53.0333 0x18a4  UfxChipidea - ok
21:08:53.0333 0x18a4  ufxsynopsys - ok
21:08:53.0364 0x18a4  UI0Detect - ok
21:08:53.0364 0x18a4  uliagpkx - ok
21:08:53.0364 0x18a4  umbus - ok
21:08:53.0380 0x18a4  UmPass - ok
21:08:53.0411 0x18a4  UmRdpService - ok
21:08:53.0427 0x18a4  UnistoreSvc - ok
21:08:53.0567 0x18a4  [ 2C16648A12999AE69A9EBF41974B0BA2, 06008F61B6EC36CD34CB8C4BA983371DB7A9F4BEE15E5329F5E90FEEE300D258 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:08:53.0614 0x1828  Object required for P2P: [ 63282F5EB7E5BFB58FD1EC93C6ADB457 ] MozillaMaintenance
21:08:53.0692 0x18a4  UNS - ok
21:08:53.0755 0x18a4  [ 547FC25EE3FF3C3EC02D6A828644C0A2, 8901E977FF4B822DFA485D09C96F74B5F82ED994EFE94F59F35B7817500E110A ] UPDATESRV      C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
21:08:53.0770 0x18a4  UPDATESRV - ok
21:08:53.0770 0x18a4  upnphost - ok
21:08:53.0786 0x18a4  UrsChipidea - ok
21:08:53.0802 0x18a4  UrsCx01000 - ok
21:08:53.0802 0x18a4  UrsSynopsys - ok
21:08:53.0817 0x18a4  usbccgp - ok
21:08:53.0833 0x18a4  usbcir - ok
21:08:53.0833 0x18a4  usbehci - ok
21:08:53.0833 0x18a4  usbhub - ok
21:08:53.0849 0x18a4  USBHUB3 - ok
21:08:53.0849 0x18a4  usbohci - ok
21:08:53.0864 0x18a4  usbprint - ok
21:08:53.0864 0x18a4  usbser - ok
21:08:53.0864 0x18a4  USBSTOR - ok
21:08:53.0880 0x18a4  usbuhci - ok
21:08:53.0880 0x18a4  usbvideo - ok
21:08:53.0880 0x18a4  USBXHCI - ok
21:08:53.0927 0x18a4  UserDataSvc - ok
21:08:53.0942 0x18a4  UserManager - ok
21:08:53.0958 0x18a4  UsoSvc - ok
21:08:53.0958 0x18a4  VaultSvc - ok
21:08:53.0958 0x18a4  vdrvroot - ok
21:08:53.0974 0x18a4  vds - ok
21:08:53.0989 0x18a4  VerifierExt - ok
21:08:53.0989 0x18a4  vhdmp - ok
21:08:53.0989 0x18a4  vhf - ok
21:08:54.0052 0x18a4  [ 905DD422D28A32FACE8AE695B3823843, 7C3742B668CE02B9229A366EC5F2EDADD613ECDCD035FF8A2E6D1DA4406715FC ] vidsflt67      C:\WINDOWS\system32\DRIVERS\vsflt67.sys
21:08:54.0052 0x18a4  vidsflt67 - ok
21:08:54.0067 0x18a4  vmbus - ok
21:08:54.0067 0x18a4  VMBusHID - ok
21:08:54.0099 0x18a4  vmicguestinterface - ok
21:08:54.0099 0x18a4  vmicheartbeat - ok
21:08:54.0099 0x18a4  vmickvpexchange - ok
21:08:54.0114 0x18a4  vmicrdv - ok
21:08:54.0114 0x18a4  vmicshutdown - ok
21:08:54.0114 0x18a4  vmictimesync - ok
21:08:54.0130 0x18a4  vmicvmsession - ok
21:08:54.0130 0x18a4  vmicvss - ok
21:08:54.0130 0x18a4  volmgr - ok
21:08:54.0145 0x18a4  volmgrx - ok
21:08:54.0145 0x18a4  volsnap - ok
21:08:54.0145 0x18a4  vpci - ok
21:08:54.0161 0x18a4  vsmraid - ok
21:08:54.0161 0x18a4  VSS - ok
21:08:54.0239 0x18a4  [ 96DF3F150627FAB3098583B8A8A2A097, 51873F374E8ED4250BA823D9C015D174C3D03A9B5AF266530761539DB993D831 ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
21:08:54.0302 0x18a4  VSSERV - ok
21:08:54.0317 0x18a4  VSTXRAID - ok
21:08:54.0333 0x18a4  vwifibus - ok
21:08:54.0333 0x18a4  vwififlt - ok
21:08:54.0380 0x18a4  vwifimp - ok
21:08:54.0395 0x18a4  W32Time - ok
21:08:54.0442 0x18a4  w3logsvc - ok
21:08:54.0458 0x18a4  W3SVC - ok
21:08:54.0458 0x18a4  WacomPen - ok
21:08:54.0474 0x18a4  WalletService - ok
21:08:54.0474 0x18a4  wanarp - ok
21:08:54.0474 0x18a4  wanarpv6 - ok
21:08:54.0489 0x18a4  WAS - ok
21:08:54.0489 0x18a4  wbengine - ok
21:08:54.0489 0x18a4  WbioSrvc - ok
21:08:54.0520 0x18a4  Wcmsvc - ok
21:08:54.0520 0x18a4  wcncsvc - ok
21:08:54.0520 0x18a4  WcsPlugInService - ok
21:08:54.0536 0x18a4  WdBoot - ok
21:08:54.0552 0x18a4  Wdf01000 - ok
21:08:54.0552 0x18a4  WdFilter - ok
21:08:54.0552 0x18a4  WdiServiceHost - ok
21:08:54.0567 0x18a4  WdiSystemHost - ok
21:08:54.0567 0x18a4  wdiwifi - ok
21:08:54.0567 0x18a4  WdNisDrv - ok
21:08:54.0599 0x18a4  WdNisSvc - ok
21:08:54.0599 0x18a4  WebClient - ok
21:08:54.0614 0x18a4  Wecsvc - ok
21:08:54.0614 0x18a4  WEPHOSTSVC - ok
21:08:54.0630 0x18a4  wercplsupport - ok
21:08:54.0630 0x18a4  WerSvc - ok
21:08:54.0645 0x18a4  WFPLWFS - ok
21:08:54.0661 0x18a4  WiaRpc - ok
21:08:54.0692 0x18a4  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr        C:\WINDOWS\system32\DRIVERS\wimfltr.sys
21:08:54.0708 0x18a4  WimFltr - ok
21:08:54.0708 0x18a4  WIMMount - ok
21:08:54.0724 0x18a4  WinDefend - ok
21:08:54.0739 0x18a4  WindowsTrustedRT - ok
21:08:54.0755 0x18a4  WindowsTrustedRTProxy - ok
21:08:54.0770 0x18a4  WinHttpAutoProxySvc - ok
21:08:54.0786 0x18a4  WinMad - ok
21:08:54.0802 0x18a4  Winmgmt - ok
21:08:54.0817 0x18a4  WinRM - ok
21:08:54.0817 0x28f0  Object send P2P result: true
21:08:54.0833 0x18a4  WINUSB - ok
21:08:54.0833 0x18a4  WinVerbs - ok
21:08:54.0864 0x18a4  WlanSvc - ok
21:08:54.0895 0x18a4  wlidsvc - ok
21:08:54.0895 0x18a4  WmiAcpi - ok
21:08:54.0911 0x18a4  wmiApSrv - ok
21:08:54.0927 0x18a4  WMPNetworkSvc - ok
21:08:54.0958 0x18a4  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof            C:\WINDOWS\system32\drivers\Wof.sys
21:08:54.0974 0x18a4  Wof - ok
21:08:54.0989 0x18a4  workfolderssvc - ok
21:08:54.0989 0x18a4  wpcfltr - ok
21:08:54.0989 0x18a4  WPDBusEnum - ok
21:08:55.0005 0x18a4  WpdUpFltr - ok
21:08:55.0020 0x18a4  WpnService - ok
21:08:55.0020 0x18a4  ws2ifsl - ok
21:08:55.0036 0x18a4  wscsvc - ok
21:08:55.0036 0x18a4  WSearch - ok
21:08:55.0067 0x18a4  WSService - ok
21:08:55.0067 0x18a4  wuauserv - ok
21:08:55.0083 0x18a4  WudfPf - ok
21:08:55.0083 0x18a4  WUDFRd - ok
21:08:55.0099 0x18a4  wudfsvc - ok
21:08:55.0099 0x18a4  WUDFWpdFs - ok
21:08:55.0114 0x18a4  WwanSvc - ok
21:08:55.0130 0x18a4  XblAuthManager - ok
21:08:55.0130 0x18a4  XblGameSave - ok
21:08:55.0146 0x18a4  xboxgip - ok
21:08:55.0161 0x18a4  XboxNetApiSvc - ok
21:08:55.0161 0x18a4  xinputhid - ok
21:08:55.0161 0x18a4  ================ Scan global ===============================
21:08:55.0224 0x18a4  [ Global ] - ok
21:08:55.0224 0x18a4  ================ Scan MBR ==================================
21:08:55.0224 0x18a4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:08:55.0521 0x18a4  \Device\Harddisk1\DR1 - ok
21:08:55.0521 0x18a4  [ 70EA7098D4DF438BADA9F46F26FA9038 ] \Device\Harddisk0\DR0
21:08:55.0833 0x18a4  \Device\Harddisk0\DR0 - ok
21:08:55.0833 0x18a4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:08:55.0880 0x18a4  \Device\Harddisk1\DR1 - ok
21:08:55.0880 0x18a4  ================ Scan VBR ==================================
21:08:55.0880 0x18a4  [ FCB3E9475913ABEA0AE7841F9CD27E59 ] \Device\Harddisk1\DR1\Partition1
21:08:55.0942 0x18a4  \Device\Harddisk1\DR1\Partition1 - ok
21:08:55.0942 0x18a4  [ 415B200B2000675D71CFD7647DCF8C93 ] \Device\Harddisk1\DR1\Partition2
21:08:55.0958 0x18a4  \Device\Harddisk1\DR1\Partition2 - ok
21:08:55.0974 0x18a4  [ 176F1A254052AF3608EDDA6E9C7D2DA3 ] \Device\Harddisk0\DR0\Partition1
21:08:55.0989 0x18a4  \Device\Harddisk0\DR0\Partition1 - ok
21:08:55.0989 0x18a4  [ 08FD11184CF4A243A1CF3089D944229A ] \Device\Harddisk0\DR0\Partition2
21:08:56.0021 0x18a4  \Device\Harddisk0\DR0\Partition2 - ok
21:08:56.0021 0x18a4  [ FCB3E9475913ABEA0AE7841F9CD27E59 ] \Device\Harddisk1\DR1\Partition1
21:08:56.0021 0x18a4  \Device\Harddisk1\DR1\Partition1 - ok
21:08:56.0021 0x18a4  [ 415B200B2000675D71CFD7647DCF8C93 ] \Device\Harddisk1\DR1\Partition2
21:08:56.0021 0x18a4  \Device\Harddisk1\DR1\Partition2 - ok
21:08:56.0036 0x18a4  ================ Scan generic autorun ======================
21:08:56.0067 0x18a4  [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
21:08:56.0099 0x18a4  IgfxTray - ok
21:08:56.0114 0x18a4  [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
21:08:56.0114 0x1828  Object send P2P result: true
21:08:56.0146 0x18a4  HotKeysCmds - ok
21:08:56.0192 0x18a4  [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
21:08:56.0224 0x18a4  Persistence - ok
21:08:56.0286 0x18a4  [ 49250EC8E64916CF40A78AC6CD916F40, C29B6999D6D98A884FD11C354CD89074A037807B17753CDAC4F218AF070DC40F ] C:\Program Files\DellTPad\Apoint.exe
21:08:56.0333 0x18a4  Apoint - ok
21:08:56.0614 0x18a4  [ 52A3173C9E3BD923E2408392A4210719, 328A1BFA9A819C2478E6931C20055888542409C4BB5A2C05E59D04E6963C86EE ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:08:56.0911 0x18a4  RTHDVCPL - ok
21:08:56.0927 0x18a4  IntelTBRunOnce - ok
21:08:56.0942 0x18a4  ShadowPlay - ok
21:08:57.0036 0x18a4  [ F06F76C6D57022CF30D5B8853A8D873D, 4F373451A9D8CD16D2B4B339C730531936A993BDC819703C737E53384B79A289 ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
21:08:57.0083 0x18a4  Acronis Scheduler2 Service - ok
21:08:57.0255 0x18a4  [ 8F82FFC6CD0F4C83F4565E1A40332CCD, 45D17603664CBE2C4236AEDB3C21D585C8225A3D3B1118365EE2C6BFDB8A7890 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
21:08:57.0411 0x18a4  NvBackend - ok
21:08:57.0633 0x18a4  [ 8FB31BA086A97A50964B23E9803AB9B4, 17508755A9065BC3B327B2E0F99C146760B23BA4092D938C6C85951A2D9ED316 ] C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
21:08:57.0680 0x18a4  Bdagent - ok
21:08:57.0976 0x18a4  [ 70A95A18E3B733EA4C680498A84DB5AD, 873B249847C23E684319C31F99101C9D61686FF40039C81D674140F040033AA8 ] C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
21:08:58.0320 0x18a4  ZALFree - ok
21:08:58.0523 0x18a4  [ 34F837070B4DB119CF03B2749DBD4D8A, 3F8F1605B4F18998BD46A67704C1EE2956A66CC11DF307ED1088B54F080F45AA ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
21:08:58.0742 0x18a4  TrueImageMonitor.exe - ok
21:08:58.0773 0x18a4  [ 9E864BC8914B0E2589B079210965C5B6, 1682736015F11994225778F6A3E1760B228FEC5BA8E33811470B6EC0410A8EDF ] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
21:08:58.0852 0x18a4  AcronisTibMounterMonitor - ok
21:08:58.0945 0x18a4  OneDriveSetup - ok
21:08:58.0945 0x18a4  OneDriveSetup - ok
21:08:59.0008 0x18a4  [ 1BEC35C7187877E5F08C81AE481FBA00, 3116D14AEAA32C978BA6611B6468239E8F599AF7D7F1DF8AA7F2487D1FA0435E ] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
21:08:59.0055 0x18a4  Bitdefender-Geldbörse-Agent - ok
21:08:59.0055 0x18a4  OneDriveSetup - ok
21:08:59.0086 0x18a4  WAB Migrate - ok
21:08:59.0086 0x18a4  Waiting for KSN requests completion. In queue: 32
21:09:00.0103 0x18a4  Waiting for KSN requests completion. In queue: 32
21:09:01.0118 0x18a4  Waiting for KSN requests completion. In queue: 32
21:09:02.0181 0x18a4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x62100 ( disabled : updated )
21:09:02.0181 0x18a4  AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 19.4.0.216 ), 0x41000 ( enabled : updated )
21:09:02.0197 0x18a4  FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 19.4.0.216 ), 0x41010 ( enabled )
21:09:04.0640 0x18a4  ============================================================
21:09:04.0640 0x18a4  Scan finished
21:09:04.0640 0x18a4  ============================================================
21:09:04.0640 0x0e70  Detected object count: 0
21:09:04.0640 0x0e70  Actual detected object count: 0
Malwarebites bringt eine Fehlermeldung beim starten:
"Registry Value AppInit_Dlls has been found, which may be caused by rootkit activity. Note: Press No if you are not sure [...] Do you want to remove this value and restart the tool?"
Soll ich nu ja sagen oder nein???
Hab erst mal nein gesagt und das tool beendet.

Bootsektor 21.04.2016 20:43
Hallo,

nee, das sind keine Rootkits, ich denke dass MBAM da mit Zemana n Problem hat.

Nexu07 23.04.2016 17:32
Also Malwarebytes hat nichts gefunden, das Logfile enthält nichts nennenswertes. Überall 0 Items found.
Sollte ich noch was checken?


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:36 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131