Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen? Trojan Z-000

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.07.2015, 05:53   #1
Snakedoctor
 
Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



Hallo zusammen,

folgende Problematik liegt bei mir vor (in Klammer wie lange schon):

HINWEIS: Rechner wird auch geschäftlich genutzt. (Selbstständig, Privat und Geschäftsnutzung)

1. Firefox langsam / Abstürze (schon länger, seit Update auf 39 vermehrt). Im Addon Manger steht nach wie vor ich nutze eine alte Version. Auch manche Seiten sperren mich da ich eine veraltete Version nutze.

2. WD Smart Draw (Externe Festplatte): Hier lässt sich das Kennwort nicht mehr eingeben. Eingabefeld verschwindet nach ein paar Sekunden

3. Allgemeine Perfomance meiner Meinung nach Schlecht.

4. Ich dachte lange hat mit Systemauslastung zu tun (Systemlaufwerk zu 95% voll)

5. Vor 3 Tagen erhielt ich eine Email von einem Kollegen eine Email mit einer Datei (rar)die er nicht öffnen konnte. Auf Nachfrage ob er den Absender 100% kennt, bejahte er. Emailadresse ist von einem Geschäftspartner. Ich öffnete die rar Datei aber nicht die Textdatei die hinterlegt war. Mir kam das doch komisch vor, ich rief den Geschäftspartner an und dieser sagt "ja ich weiß nicht öffnen". Danach löschte ich die Email.

6. Danach führte ich einen Scan mit Kasperky Pure 3 durch ohne Befund
7. Da ich etwas in Panik verfallen bin lies ich noch folgendes laufen
- Malewarebyte laufen (1 Befund),
- Spybot (1 Befund "Trojan Z-000") löschen nicht erfolgreich
- Spyhunter gleich wieder nach ANleitung im Netz manuell entfernt
- Trojan Remover - 1 Befund Safe (Logfile vorhanden, bin nicht ganz sicher wann ich es posten soll !?)
- Hijack ohne Befund


Die anderen Logfiles habe ich leider nicht gespeichert

Iich bin nicht sicher ob ich wirklich ein Trojaner oder ähnliches habe, habe aber ein ungutes Gefühl und würde gern auf Nummer sicher gehen.

Vielen Dank vorab für eure Unterstützung.

Gruss
S

Alt 29.07.2015, 06:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 29.07.2015, 08:24   #3
Snakedoctor
 
Trojaner eingefangen? Trojan Z-000 - Standard

FRST



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von Sb (Administrator) auf SB-PC (29-07-2015 09:18:16)
Gestartet von D:\
Geladene Profile: Sb (Verfügbare Profile: Sb)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) D:\Programme exe\adm\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) D:\ Malwarebytes Anti-Malware \mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Sb\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sb\AppData\Local\Akamai\netsession_win.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(RealNetworks, Inc.) D:\Programme\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mister Group) D:\System Explorer\SystemExplorer.exe
(Mister Group) D:\System Explorer\service\SystemExplorerService64.exe
(Microsoft Corporation) D:\office\Office14\OUTLOOK.EXE
(Mozilla Corporation) D:\Programme\fire\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [TkBellExe] => D:\Programme\update\realsched.exe [295512 2014-08-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => D:\System Explorer\SystemExplorer.exe [3391720 2015-07-26] (Mister Group)
HKLM-x32\...\Run: [TrojanScanner] => D:\Trojan Remover\Trjscan.exe [1911712 2015-07-28] (Simply Super Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [Skype] => D:\Programme\skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sb\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
Startup: C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-07-31] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-08-06] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-08-06] (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388156245&from=cor&uid=OCZ-AGILITY3_OCZ-U9766JZB79XHC65Z&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388156245&from=cor&uid=OCZ-AGILITY3_OCZ-U9766JZB79XHC65Z&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388156245&from=cor&uid=OCZ-AGILITY3_OCZ-U9766JZB79XHC65Z&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388156245&from=cor&uid=OCZ-AGILITY3_OCZ-U9766JZB79XHC65Z&q={searchTerms}
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3516261958-1870124179-1371758590-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3516261958-1870124179-1371758590-1000 -> {0436B53D-D541-4D72-A231-CC301E4DE575} URL = 
SearchScopes: HKU\S-1-5-21-3516261958-1870124179-1371758590-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-06] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-3516261958-1870124179-1371758590-1000 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  Keine Datei
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{DA6E5973-6D8B-433D-B264-CDE691F579E3}: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{F31AEACE-C472-426E-A34A-5ADA8AA01123}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default
FF Homepage: https://www.facebook.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> D:\Programme\Netscape6\nppl3260.dll [2014-08-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> D:\Programme\Netscape6\nprpplugin.dll [2014-08-15] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> D:\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF Plugin HKU\S-1-5-21-3516261958-1870124179-1371758590-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Sb\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3516261958-1870124179-1371758590-1000: @phonostar.de/phonostar -> D:\Programme\phonostar-Player\npphonostarDetectNP.dll Keine Datei
FF user.js: detected! => C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\user.js [2013-12-27]
FF user.js: detected! => C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js [2013-12-27]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml [2013-08-06]
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\2020Player_IKEA@2020Technologies.com [2015-02-17]
FF Extension: Ghostery - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: Video DownloadHelper - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: BetterPrivacy - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-24]
FF Extension: HTTPS-Everywhere - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2013-12-15]
FF Extension: Cookie Monster - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2013-12-15]
FF Extension: DownloadHelper - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-15]
FF Extension: Kein Name - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-12-10]
FF Extension: Kein Name - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-09]
FF Extension: Adblock Plus - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: ProfileSwitcher - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-15]
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - D:\Programme\SPEEDbit Video Downloader\SPFireFox
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-05-30]
StartMenuInternet: FIREFOX.EXE - D:\Programme\fire\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - D:\Programme\opera\Opera.exe

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 AdobeActiveFileMonitor12.0; D:\ad\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AMD FUEL Service; D:\Programme exe\adm\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [701824 2014-12-24] ()
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 MBAMScheduler; D:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; D:\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S4 nsmService; D:\NetSetMan\nsmservice.exe [1278632 2015-02-06] (Ilja Herlein)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S4 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [1931632 2015-04-13] (Electronic Arts)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-19] ()
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SDScannerService; D:\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; D:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; D:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; D:\Programme\skype\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R3 SystemExplorerHelpService; D:\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [X]

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AODDriver4.1; D:\Programme exe\adm\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-08-06] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-08-06] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-08-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-08-06] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt - )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-06-13] ()
U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [432512 2006-06-06] (VM)
S4 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-29 09:18 - 2015-07-29 09:18 - 00000000 ___DC C:\FRST
2015-07-29 06:12 - 2015-07-29 06:12 - 00000168 ____C C:\Windows\setupact.log
2015-07-29 06:12 - 2015-07-29 06:12 - 00000000 ____C C:\Windows\setuperr.log
2015-07-29 06:11 - 2015-07-29 06:12 - 05318416 ____C C:\Windows\system32\FNTCACHE.DAT
2015-07-29 06:11 - 2015-07-29 06:11 - 00094470 ____C C:\Windows\PFRO.log
2015-07-28 19:36 - 2015-07-28 19:36 - 00000000 ___DC C:\ProgramData\Licenses
2015-07-28 15:51 - 2015-07-28 15:54 - 00000000 ___DC C:\ProgramData\SystemExplorer
2015-07-28 15:51 - 2015-07-28 15:51 - 00000670 ____C C:\Users\Public\Desktop\Trojan Remover.lnk
2015-07-28 15:51 - 2015-07-28 15:51 - 00000603 ____C C:\Users\Public\Desktop\System Explorer.lnk
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\Users\Sb\Documents\Simply Super Software
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Simply Super Software
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Simply Super Software
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-07-28 08:45 - 2015-07-28 08:45 - 00000000 ____C C:\autoexec.bat
2015-07-28 08:44 - 2015-07-28 08:44 - 00022704 ____C C:\Windows\system32\Drivers\EsgScanner.sys
2015-07-28 08:44 - 2015-07-28 08:44 - 00003308 ____C C:\Windows\System32\Tasks\SpyHunter4Startup
2015-07-28 08:44 - 2015-07-28 08:44 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Enigma Software Group
2015-07-28 08:10 - 2015-07-28 08:10 - 00212152 ____C C:\Users\Sb\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-28 07:18 - 2015-07-28 07:18 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-28 07:07 - 2015-07-28 07:09 - 00000619 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-28 07:07 - 2015-07-28 07:09 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-28 07:07 - 2015-06-18 08:41 - 00109272 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-28 07:07 - 2015-06-18 08:41 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-28 07:07 - 2015-06-18 08:41 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-28 07:05 - 2015-07-28 07:05 - 00000848 ____C C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-28 07:05 - 2015-07-28 07:05 - 00000848 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-28 07:05 - 2015-07-28 07:05 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-28 07:05 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-28 07:04 - 2015-07-28 07:04 - 00000000 ___DC C:\Users\Sb\Desktop\backups
2015-07-28 07:02 - 2015-07-28 07:02 - 00010991 ____C C:\Users\Public\Documents\hijackthis.log
2015-07-28 06:57 - 2015-07-28 06:57 - 00000000 ___DC C:\Program Files\Western Digital
2015-07-27 18:19 - 2015-07-27 18:19 - 00014634 _____ C:\Users\Public\Documents\Schadensmeldung UWS Technologie.xlsx
2015-07-23 13:07 - 2015-07-23 13:07 - 00000000 ___DC C:\Users\Sb\Documents\Neuer Ordner
2015-07-09 11:52 - 2015-07-09 12:12 - 00039600 _____ C:\Users\Public\Documents\Nathan Netto.xlsx
2015-07-08 15:56 - 2015-07-08 15:56 - 00000263 ____C C:\Users\Public\Documents\UWS Katalog 2015-Auszug Complete.log
2015-07-03 08:04 - 2015-06-17 11:10 - 42729104 ____C C:\Windows\system32\nvcompiler.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 37748880 ____C C:\Windows\SysWOW64\nvcompiler.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 30481552 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 22947144 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 16145200 ____C (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 15866992 ____C (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 15224784 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 14497520 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 13263056 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 11831856 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 11011216 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-03 08:04 - 2015-06-17 11:10 - 02997544 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 02932368 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 02599752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01898128 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01567576 ____C (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01557832 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01099992 ____C (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01060168 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01050768 ____C (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00982672 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00975176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00938752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00503408 ____C (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00408392 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00407296 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00364176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00204648 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-03 08:04 - 2015-06-17 11:10 - 00176904 ____C (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00155280 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00150832 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00128696 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00040280 ____C (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-03 07:28 - 2015-07-11 23:31 - 00104758 _____ C:\Users\Public\Documents\Mappe1.xlsx
2015-07-03 07:28 - 2015-07-03 07:28 - 00019790 _____ C:\Users\Public\Documents\Mappe2.xlsx
2015-07-02 08:23 - 2015-07-02 08:23 - 00000432 ____C C:\Users\Sb\Desktop\Any Video Converter.lnk
2015-07-02 08:23 - 2015-07-02 08:23 - 00000000 ___DC C:\Users\Sb\Documents\Any Video Converter
2015-06-29 12:19 - 2015-06-29 18:06 - 00058368 ____C C:\Users\Public\Documents\UWS-Technologie Artikel -  Preislistenzusatz 2015 mit Netto-Brutto-Preis Aktionspakete.xls

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-29 09:18 - 2012-11-16 12:50 - 00000000 ___DC C:\Users\Sb
2015-07-29 09:16 - 2012-11-16 15:15 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Skype
2015-07-29 09:15 - 2012-11-15 15:04 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2015-07-29 07:50 - 2014-04-08 20:58 - 00113880 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-29 06:49 - 2013-07-18 13:41 - 00000000 ___DC C:\ProgramData\TEMP
2015-07-29 06:23 - 2014-08-06 10:34 - 00008192 ____C C:\Windows\SysWOW64\WDPABKP.dat
2015-07-29 06:20 - 2009-07-14 06:45 - 00021680 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 06:20 - 2009-07-14 06:45 - 00021680 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 06:18 - 2011-04-12 09:43 - 00702926 ____C C:\Windows\system32\perfh007.dat
2015-07-29 06:18 - 2011-04-12 09:43 - 00150566 ____C C:\Windows\system32\perfc007.dat
2015-07-29 06:18 - 2009-07-14 07:13 - 01629276 ____C C:\Windows\system32\PerfStringBackup.INI
2015-07-29 06:16 - 2015-06-14 19:16 - 01473594 ____C C:\Windows\WindowsUpdate.log
2015-07-29 06:12 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2015-07-28 22:22 - 2014-08-15 11:33 - 00003328 ____C C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3516261958-1870124179-1371758590-1000
2015-07-28 22:22 - 2014-08-15 11:33 - 00003188 ____C C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3516261958-1870124179-1371758590-1000
2015-07-28 09:07 - 2014-11-26 15:05 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\HylaFAX-Client-Pro
2015-07-28 08:45 - 2012-11-16 15:06 - 00000000 _RHDC C:\MSOCache
2015-07-28 08:10 - 2014-05-16 10:15 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Wise Disk Cleaner
2015-07-28 08:01 - 2012-11-16 15:26 - 00002758 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-28 07:57 - 2012-11-27 10:34 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\TeamViewer
2015-07-28 07:47 - 2013-09-27 16:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-28 07:05 - 2013-12-02 23:22 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-07-28 06:58 - 2013-10-30 10:27 - 00000000 ___DC C:\ProgramData\Package Cache
2015-07-28 06:57 - 2014-07-31 10:30 - 00000000 ___DC C:\Program Files\Common Files\Western Digital
2015-07-28 06:57 - 2014-07-31 10:29 - 00000000 ___DC C:\ProgramData\Western Digital
2015-07-28 06:57 - 2014-07-31 10:29 - 00000000 ___DC C:\Program Files (x86)\Western Digital
2015-07-25 18:09 - 2013-10-31 10:29 - 00000000 ___DC C:\ProgramData\Oracle
2015-07-25 18:08 - 2013-06-24 13:19 - 00000709 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-25 18:08 - 2013-03-16 18:25 - 00000000 ___DC C:\Program Files (x86)\Java
2015-07-25 18:08 - 2013-02-18 13:29 - 00000709 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-25 18:07 - 2014-04-01 10:13 - 00097888 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-25 15:21 - 2013-04-17 14:44 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\vlc
2015-07-25 13:50 - 2014-09-28 08:30 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 13:08 - 2015-05-26 20:00 - 00001118 ____C C:\Users\Sb\Desktop\Amazon Music.lnk
2015-07-25 12:31 - 2013-07-08 10:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWKI-Reader
2015-07-19 18:23 - 2013-11-20 15:35 - 00000000 ___DC C:\ProgramData\Skype
2015-07-14 12:52 - 2014-09-28 08:30 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 12:52 - 2014-07-31 09:05 - 00000000 ___DC C:\Users\Sb\AppData\Local\Adobe
2015-07-14 12:52 - 2012-11-17 22:29 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 12:52 - 2012-11-17 22:29 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 08:54 - 2015-06-16 15:52 - 00001206 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-12 08:54 - 2015-06-16 15:52 - 00001202 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-09 17:29 - 2014-06-30 12:03 - 00000132 ____C C:\Users\Sb\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-07-05 08:36 - 2012-11-16 16:21 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-03 08:28 - 2015-06-16 15:52 - 00004214 ____C C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-03 08:28 - 2015-06-16 15:52 - 00003962 ____C C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-03 08:28 - 2015-05-30 13:43 - 00003888 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-03 08:06 - 2012-11-15 14:20 - 00000000 ___DC C:\ProgramData\NVIDIA Corporation
2015-07-03 08:06 - 2012-11-15 14:20 - 00000000 ___DC C:\ProgramData\NVIDIA
2015-07-03 08:04 - 2015-06-19 20:24 - 00000000 ___DC C:\ProgramData\boost_interprocess
2015-07-03 07:59 - 2013-09-23 09:50 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Dropbox
2015-07-03 07:41 - 2012-11-15 14:20 - 00000000 ___DC C:\temp
2015-07-03 07:25 - 2013-04-29 16:04 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\AnvSoft
2015-07-02 13:18 - 2013-07-18 17:19 - 00000000 ___DC C:\Users\Sb\dwhelper
2015-07-01 19:07 - 2015-02-05 14:49 - 00000000 ___DC C:\Program Files (x86)\TeamViewer
2015-06-29 10:48 - 2012-11-16 18:45 - 00000000 ___DC C:\ProgramData\regid.1986-12.com.adobe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-22 19:09 - 2014-10-22 19:09 - 0001152 ____C () C:\Users\Sb\AppData\Roaming\ACInitialize.log
2014-06-30 12:03 - 2015-07-09 17:29 - 0000132 ____C () C:\Users\Sb\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2013-04-17 14:40 - 2013-04-25 07:57 - 0000036 ___HC () C:\Users\Sb\AppData\Roaming\swk.ini
2012-12-06 15:05 - 2012-12-06 15:05 - 0094101 ____C () C:\Users\Sb\AppData\Local\8ACB6E5756A44c2bB2219595F7429CB2..DNS
2014-07-30 19:46 - 2014-07-30 19:46 - 0001456 ____C () C:\Users\Sb\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2012-11-23 14:19 - 2014-04-09 10:35 - 0022528 ____C () C:\Users\Sb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-04 12:52 - 2015-01-13 14:58 - 0007605 ____C () C:\Users\Sb\AppData\Local\Resmon.ResmonCfg
2012-11-16 12:51 - 2012-11-16 12:51 - 0017408 ____C () C:\Users\Sb\AppData\Local\WebpageIcons.db
2013-09-23 14:09 - 2013-09-23 14:09 - 0000016 ____C () C:\ProgramData\.7486160831680234
2014-04-28 16:24 - 2014-04-28 16:24 - 0000057 ____C () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-29 07:48

==================== Ende von log ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-07-2015
durchgeführt von Sb an 2015-07-29 09:18:44
Gestartet von D:\
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3516261958-1870124179-1371758590-500 - Administrator - Disabled)
Gast (S-1-5-21-3516261958-1870124179-1371758590-501 - Limited - Disabled)
Sb (S-1-5-21-3516261958-1870124179-1371758590-1000 - Administrator - Enabled) => C:\Users\Sb

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe InDesign CS5.5 (HKLM-x32\...\{857CC5F0-040E-1016-A173-D55ADD80C260}) (Version: 7.5 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Music (HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{047D5657-1DAC-2B16-E110-F4A9C0E7EF2C}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.8.1 (HKLM-x32\...\Any Video Converter) (Version: 5.8.1 - Anvsoft)
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.0.0.2 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-135C (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Browser-Maulkorb 2.0 (HKLM-x32\...\Browser-Maulkorb_is1) (Version: 2.0.0.0 - Alexander Miehlke Softwareentwicklung)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
ColorPicker Version 2.4.1 (HKLM-x32\...\{2A999A57-4530-41AC-AF6B-E5B7A28BA357}_is1) (Version: 2.4.1 - Cronoxyd.de)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{65315E6A-9ADD-4641-89E3-A36A559D3814}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.1.843 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Postleitzahlen-Diagramm 3.8 (HKLM-x32\...\Das Postleitzahlen-Diagramm_is1) (Version:  - Klaus Wessiepe, Softwareentwicklung und Vertrieb)
DatanormStudio V2.5 (HKLM-x32\...\{73473557-F6EC-4F7C-AAB9-2803F0131EA2}_is1) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.29 - Dropbox, Inc.) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Free YouTube Download version 3.2.53.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HylaFAX-Client-Professional (HKLM-x32\...\hylafaxclient-pro_is1) (Version:  - SWT)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDA-STEP (HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\IDA-STEP) (Version: 4.0.18 - LKSoftWare GmbH)
Index.dat Suite (HKLM-x32\...\{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1) (Version: 2.11.0 - Ur I.T. Mate Group)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 7 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170650}) (Version: 1.7.0.650 - Oracle)
JonDo (HKLM-x32\...\JonDoUninstall) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.5.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.5.0 - )
Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.25 - PasswdFinder)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Publisher 2013 - de-de (HKLM\...\PublisherRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive Pro 2013 (HKLM-x32\...\Office15.GROOVER) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
ncontrol (HKLM-x32\...\{695CDDFB-4880-4787-A814-47D2E17D5664}) (Version: 1.0.1 - nfon)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
NetSetMan 4.0.2 (HKLM-x32\...\NetSetMan_is1) (Version: 4.0.2 - Ilja Herlein)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.1 - Frank Heindörfer, Philip Chinery)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safescan Workforce Planner (HKLM-x32\...\{41241A44-9FD3-4036-B3F1-FA06DDA5DB87}_is1) (Version:  - Safescan)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung RAW Converter 4 (HKLM-x32\...\InstallShield_{D09E159D-0264-4597-B200-A9B4C0866F25}) (Version: 4 - Ichikawa Soft Laboratory)
Samsung RAW Converter 4 (x32 Version: 4 - Ichikawa Soft Laboratory) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-00BA-0000-0000-0000000FF1CE}_Office15.GROOVER_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SkypeMoodScheduler (HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\c7e7c74ae7729d75) (Version: 1.0.0.0 - All-Affiliate, Inc)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Smart Styles CS5.5 for InDesign CS5.5 (HKLM-x32\...\{17DECE74-6E44-4889-8669-5FC5BF90DD1D}) (Version: 7.0 - WoodWing)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steganos Safe 12 (HKLM-x32\...\{D9EB1AF1-5A27-49E7-B83B-D3AB9FF407DD}) (Version: 12.0.6 - Steganos Software GmbH)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
SWKI-Reader (HKLM-x32\...\C418B6AC-52E7-4BC8-841F-3E792F0D3F43) (Version: 2.3.4.1 - SWKI)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 6.4.3 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TraXEx 6.0 (HKLM-x32\...\TraXEx_is1) (Version: 6.0.0.0 - Alexander Miehlke Softwareentwicklung)
TreeSize Free V3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.1 - JAM Software)
Trojan Remover 6.9.2.2938 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.2.2938 - Simply Super Software)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{59E0381C-1047-45A3-B68A-57F586EAF3C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{847C1E81-8A3F-49BF-8FF0-189E56634656}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{D338102B-BA1C-4CCA-B870-8690FA0F0433}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{E8DDC6BB-0080-4E70-840B-58B74FBCDE11}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Disk Cleaner 8.41 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 8.41 - WiseCleaner.com, Inc.)
Wondershare MobileTrans ( Version 4.4.0 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 4.4.0 - Wondershare)
Xleaner v4.27.1354 (HKLM-x32\...\{72D84E46-E633-4729-8A77-2347C8CD4096}_is1) (Version:  - More Than A Cleaner.de)
XMedia Recode Version 3.2.0.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.0 - XMedia Recode)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

29-07-2015 07:55:51 Geplanter Prüfpunkt

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____C C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {081CC7BF-F4B5-4A77-B8C4-08891C388898} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3516261958-1870124179-1371758590-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {13C790FC-4A1A-4407-AC23-4DDC3975222C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3516261958-1870124179-1371758590-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {15ABC1B8-6A91-4E86-A35D-822F944CD5B7} - System32\Tasks\CCleanerSkipUAC => D:\Programme\Cleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {16D1667E-7F33-4ABA-B7CC-853492C4F2CE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {258CB584-33CE-4A55-912C-E49D671F0AEB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3516261958-1870124179-1371758590-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2745B055-5F5A-4E97-8BAE-90EA3774F73C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {348F6434-A5D0-451A-8880-7D65AA70DAA0} - System32\Tasks\Western Digital\SmartWare\____Volume_775ec3b5_2fd9_11e2_ac08_806e6f6e6963______Volume_2942354c_155c_11e4_8836_10bf4884e7a1__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-07-20] (Western Digital Technologies, Inc.)
Task: {43CCF42A-7B90-4F2C-ACEC-AF1B1479C94D} - System32\Tasks\{4D8AA7D6-7173-45D7-A561-7C9AEA2FDF31} => pcalua.exe -a D:\Programme\4.0\cademia.exe -d D:\Programme\4.0
Task: {56158B36-DA43-4A6F-9ADD-D95126690BEA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {5C1B2B9A-F533-4146-B562-74AD7DF26BDE} - System32\Tasks\{47EC3879-7F95-41E4-9806-CF5B9D1BC977} => pcalua.exe -a "D:\Programme exe\ShowRoomSetup21 (1).exe" -d "D:\Programme exe"
Task: {5C2CE6D5-D0AC-4651-9C22-E16DA03E24E9} - System32\Tasks\SmartDefrag4_Startup => D:\Smart Defrag 4\SmartDefrag.exe [2015-05-06] (IObit)
Task: {5CD5097A-355D-47B5-BA5D-3FF1D37D3285} - System32\Tasks\{3FFBDFD9-3112-4673-8DF6-E52EF117445C} => D:\Programme\steam\SteamApps\common\grand ages rome\Rome.exe
Task: {7A664991-A152-4BA3-A902-E7395905442C} - System32\Tasks\{66CB46D8-ECE8-429B-B628-46F4FD9C2139} => pcalua.exe -a D:\Audials_One-Setup__741_12.0.60800.exe -d D:\
Task: {8C86B502-CB94-48E9-B7E0-BDCDB52B0428} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {92B2E889-D1A6-4C37-BC3A-3D01B293CF56} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3516261958-1870124179-1371758590-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9EA78F48-85F6-4F4C-9479-98A0399519FB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {A3327ABA-46E2-48E9-9A08-E23B69AC1814} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {A6999AAC-96E7-4668-AFE9-A388BDEDAB2A} - System32\Tasks\{AFEF5FDC-1F26-4801-AE32-B0BD3B01C1B2} => pcalua.exe -a D:\Programme\vcredist.exe -d D:\Programme
Task: {AC6BB271-7EBB-4430-82CD-7F8CE67612A9} - System32\Tasks\{AA2D8648-434D-490B-8248-00F12748A60C} => pcalua.exe -a "C:\Program Files (x86)\File Type Advisor\fileadvisor.exe" -d D:\ -c /info "D:\SiDa AQUAMIN F 3120 Nov2013.ps"
Task: {AEBBB478-3567-4B0E-8F7E-7714F4F065E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {B3C873B2-5FA8-4AB2-8369-BDC501760502} - System32\Tasks\{A3E314EC-E967-4C29-A4E0-DA69C221E0B0} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {B5D7A8AB-83BD-4BB6-89C8-B5558377B674} - System32\Tasks\{A818E407-E7A7-4C6B-B7C4-CF75A92D60C5} => pcalua.exe -a E:\NVSETUP.exe -d E:\
Task: {C78D0BA5-115D-4A7F-89BD-39E1CE9B90E1} - System32\Tasks\{CFF500E0-F880-4139-988D-A1E7E056F6A3} => pcalua.exe -a "D:\Programme exe\ShowRoomSetup21.exe" -d "D:\Programme exe"
Task: {C8BB88E1-9B62-471C-811A-F79941369879} - System32\Tasks\{E4535D8A-AF81-4EDB-9D9E-A48CD8E03DC2} => pcalua.exe -a C:\Users\Sb\Documents\setup_de.exe -d C:\Users\Sb\Documents
Task: {D83C6855-0146-48FF-B8FF-A6B8558C5FF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {F7E9A799-84B7-411F-B19C-C0CA052E9384} - System32\Tasks\SmartDefrag4_Update => D:\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {F9B93258-5931-4A8D-8532-10F9C7CF67BF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3516261958-1870124179-1371758590-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-03-13 11:09 - 2015-06-18 12:25 - 00020240 ____C () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2012-11-15 14:20 - 2015-06-17 08:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-04 23:04 - 2012-07-04 23:04 - 00212480 _____ () D:\Programme exe\adm\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 17:03 - 2012-03-05 17:03 - 00677376 _____ () D:\Programme exe\adm\ATI.ACE\Fuel\Device.dll
2012-02-16 15:53 - 2012-02-16 15:53 - 03642880 _____ () D:\Programme exe\adm\ATI.ACE\Fuel\Platform.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () D:\Programme\Unlocker\UnlockerCOM.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2015-04-07 07:19 - 2015-06-24 13:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-03-17 01:34 - 2015-03-17 01:34 - 00141312 ____C () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\de_de\PDFMaker\PDFMOutlookAddin.DEU
2015-03-17 01:34 - 2015-03-17 01:34 - 04023456 ____C () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\AdobePDFMakerX.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 01494016 ____C () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () D:\office\Office14\ADDINS\UmOutlookAddin.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 02097312 ____C () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\SendAsLinkX.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00230400 ____C () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\de_DE\Adobe Send\SendAsLinkX.DEU
2015-07-14 12:52 - 2015-07-14 12:52 - 17448624 ____C () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv Firewall Dienst läuft nicht.
MpsSvc Firewall Dienst läuft nicht.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^Users^Sb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Sb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ncontrol.lnk => C:\Windows\pss\ncontrol.lnk.Startup
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge => 
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Sb\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Sb\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CAHeadless => D:\ad\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
MSCONFIG\startupreg: CCleaner Monitoring => "D:\Programme\Cleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: Eraser => "D:\eras\Eraser.exe" --atRestart
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_Plugin.exe -update plugin
MSCONFIG\startupreg: OpAgent => "OpAgent.exe" /agent
MSCONFIG\startupreg: phonostar-PlayerTimer => "D:\Programme\phonostar-Player\phonostarTimer.exe"
MSCONFIG\startupreg: SDTray => "D:\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Spybot-S&D Cleaning => "D:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: TkBellExe => "D:\Programme\update\realsched.exe"  -osboot
MSCONFIG\startupreg: VM_STI => C:\Windows\VM_STI.exe Philips SPC200NC Webcam
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
MSCONFIG\startupreg: Xvid => D:\Programme\x\CheckUpdate.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F60D3874-A2F7-4229-9A3D-1933BB513729}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{057B29D0-A1AC-4D8A-BA02-2B925521977B}] => (Allow) LPort=2869
FirewallRules: [{9C816AE9-E39C-424C-A245-C3AA127EE906}] => (Allow) LPort=1900
FirewallRules: [{1B8EA77C-AB2F-46F9-92A0-328025EAE656}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9B223CDF-62B8-4776-903A-68472064902C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{7B181B4D-40C9-4BCA-9842-95392309BFF6}] => (Allow) D:\office\Office14\ONENOTE.EXE
FirewallRules: [{3F07A39F-B227-4D7B-B1C7-559C14B7E6DD}] => (Allow) D:\office\Office14\ONENOTE.EXE
FirewallRules: [{3E8132E9-47F4-4CFB-9B88-1B0BE0BBA47C}] => (Allow) D:\office\Office14\outlook.exe
FirewallRules: [{02349A1E-1D5F-43CD-B2F1-9F114186CCE1}] => (Allow) D:\Programme\steam\Steam.exe
FirewallRules: [{DFFA0870-213E-4A1D-82D9-6094BF21A9B4}] => (Allow) D:\Programme\steam\Steam.exe
FirewallRules: [{4590FE1A-32BE-48AE-9242-93A83811438F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{2C26F0EC-C786-48FD-8A7C-55FEAE827CA3}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{3A717EA2-9542-4AEF-BF30-6468BF619310}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1C20E225-8939-4FE8-B5C3-FBEAC1811711}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8AF3EBBE-143B-4795-9622-7DBAB3A42FC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FCB8D9D0-8AFE-4A2E-8EC1-BBFA117F80A6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F6F75E4A-8BFC-42A0-B012-2449A036942D}] => (Allow) LPort=58752
FirewallRules: [{4FC7710B-10A5-4F1F-ACFB-59C5717ED5E9}] => (Allow) LPort=58752
FirewallRules: [{50C27194-9372-442D-96D3-F4F4199C4BCF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C8C4C2F-1389-4296-A947-2DC34CFB1D16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A749BB38-1922-4923-A185-0E4543B88D06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{44C83DED-6847-4EB5-8870-3766B037CFF6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
StandardProfile\AuthorizedApplications: [D:\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [D:\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [D:\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [D:\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Konnte Geräte nicht auflisten. Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/29/2015 06:13:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2015 06:12:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (2988) WebCacheLocal: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\Sb\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (07/28/2015 08:44:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/28/2015 08:23:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: Sb-PC)
Description: Produkt: Adobe Acrobat DC - Update "{AC76BA86-A440-FFFF-A440-0C0F084E7200}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/28/2015 08:10:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WiseDiskCleaner.exe, Version 8.4.1.595 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 415c

Startzeit: 01d0c8fb01b5898e

Endzeit: 42

Anwendungspfad: D:\Wise Disk Cleaner\WiseDiskCleaner.exe

Berichts-ID: 5df89c8a-34ef-11e5-9e60-10bf4884e7a1


Systemfehler:
=============
Error: (07/29/2015 06:23:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/29/2015 06:23:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/29/2015 06:23:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/29/2015 06:23:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/29/2015 06:13:37 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (07/29/2015 06:12:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎07.‎2015 um 06:10:38 unerwartet heruntergefahren.


Microsoft Office:
=========================
Error: (07/29/2015 06:13:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2015 06:12:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost2988WebCacheLocal: C:\Users\Sb\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)

Error: (07/28/2015 08:44:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Error: (07/28/2015 08:23:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: Sb-PC)
Description: Adobe Acrobat DC{AC76BA86-A440-FFFF-A440-0C0F084E7200}1625(NULL)(NULL)(NULL)

Error: (07/28/2015 08:10:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WiseDiskCleaner.exe8.4.1.595415c01d0c8fb01b5898e42D:\Wise Disk Cleaner\WiseDiskCleaner.exe5df89c8a-34ef-11e5-9e60-10bf4884e7a1


==================== Speicherinformationen =========================== 

Processor: AMD FX(tm)-8320 Eight-Core Processor 
Percentage of memory in use: 38%
Total physical RAM: 8174.12 MB
Available physical RAM: 5044.79 MB
Total Virtual: 16346.43 MB
Available Virtual: 12582 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:46.13 GB) (Free:1.51 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Volume) (Fixed) (Total:1863.01 GB) (Free:1106.07 GB) NTFS
Drive e: (My Disc) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 3A4021A3)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=46.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CDFADFD8)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== Ende von log ============================
         
__________________

Alt 29.07.2015, 14:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.07.2015, 19:33   #5
Snakedoctor
 
Trojaner eingefangen? Trojan Z-000 - Standard

Malware ANti Root



No Clean up required

(Ich konnte Clean up nicht drücken)

Code:
ATTFilter
20:03:19.0727 0x0540  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
20:03:26.0148 0x0540  ============================================================
20:03:26.0148 0x0540  Current date / time: 2015/07/29 20:03:26.0148
20:03:26.0148 0x0540  SystemInfo:
20:03:26.0148 0x0540  
20:03:26.0148 0x0540  OS Version: 6.1.7601 ServicePack: 1.0
20:03:26.0148 0x0540  Product type: Workstation
20:03:26.0149 0x0540  ComputerName: SB-PC
20:03:26.0149 0x0540  UserName: Sb
20:03:26.0149 0x0540  Windows directory: C:\Windows
20:03:26.0149 0x0540  System windows directory: C:\Windows
20:03:26.0149 0x0540  Running under WOW64
20:03:26.0149 0x0540  Processor architecture: Intel x64
20:03:26.0149 0x0540  Number of processors: 8
20:03:26.0149 0x0540  Page size: 0x1000
20:03:26.0149 0x0540  Boot type: Normal boot
20:03:26.0149 0x0540  ============================================================
20:03:26.0229 0x0540  KLMD registered as C:\Windows\system32\drivers\69852713.sys
20:03:26.0377 0x0540  System UUID: {456FAC18-17B2-E6F8-DAC8-E944A84F2459}
20:03:26.0850 0x0540  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 ( 55.90 Gb ), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:03:26.0858 0x0540  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:03:26.0908 0x0540  ============================================================
20:03:26.0908 0x0540  \Device\Harddisk0\DR0:
20:03:26.0910 0x0540  MBR partitions:
20:03:26.0910 0x0540  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x5C43800
20:03:26.0910 0x0540  \Device\Harddisk1\DR1:
20:03:26.0920 0x0540  MBR partitions:
20:03:26.0920 0x0540  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
20:03:26.0920 0x0540  ============================================================
20:03:26.0940 0x0540  C: <-> \Device\Harddisk0\DR0\Partition1
20:03:26.0986 0x0540  D: <-> \Device\Harddisk1\DR1\Partition1
20:03:26.0987 0x0540  ============================================================
20:03:26.0987 0x0540  Initialize success
20:03:26.0987 0x0540  ============================================================
20:16:59.0323 0x1410  ============================================================
20:16:59.0323 0x1410  Scan started
20:16:59.0323 0x1410  Mode: Manual; SigCheck; TDLFS; 
20:16:59.0323 0x1410  ============================================================
20:16:59.0323 0x1410  KSN ping started
20:17:02.0035 0x1410  KSN ping finished: true
20:17:02.0849 0x1410  ================ Scan system memory ========================
20:17:02.0849 0x1410  System memory - ok
20:17:02.0850 0x1410  ================ Scan services =============================
20:17:02.0978 0x1410  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:17:03.0083 0x1410  1394ohci - ok
20:17:03.0157 0x1410  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:17:03.0177 0x1410  ACPI - ok
20:17:03.0193 0x1410  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:17:03.0247 0x1410  AcpiPmi - ok
20:17:03.0302 0x1410  [ 430C19CB511FD6E0DDCD44B42B1810DA, 2EE9FFB0B6DEC653327D8932EC731D81FF86C64A67CD37AABD2022CF04AA487C ] AdobeActiveFileMonitor12.0 D:\ad\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
20:17:03.0315 0x1410  AdobeActiveFileMonitor12.0 - ok
20:17:03.0323 0x1410  [ A542C712794FB8FBD27E37271C730F36, 8C327BFAC10C7BBD48277D4FEB862D58CA1F22DC10F0632BB8B18CF54A507216 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:17:03.0333 0x1410  AdobeARMservice - ok
20:17:03.0362 0x1410  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:17:03.0377 0x1410  AdobeFlashPlayerUpdateSvc - ok
20:17:03.0396 0x1410  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:17:03.0422 0x1410  adp94xx - ok
20:17:03.0436 0x1410  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:17:03.0454 0x1410  adpahci - ok
20:17:03.0467 0x1410  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:17:03.0486 0x1410  adpu320 - ok
20:17:03.0492 0x1410  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:17:03.0504 0x1410  AeLookupSvc - ok
20:17:03.0520 0x1410  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:17:03.0545 0x1410  AFD - ok
20:17:03.0551 0x1410  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:17:03.0561 0x1410  agp440 - ok
20:17:03.0567 0x1410  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:17:03.0583 0x1410  ALG - ok
20:17:03.0587 0x1410  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:17:03.0597 0x1410  aliide - ok
20:17:03.0621 0x1410  AMD FUEL Service - ok
20:17:03.0625 0x1410  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:17:03.0634 0x1410  amdide - ok
20:17:03.0639 0x1410  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
20:17:03.0657 0x1410  amdiox64 - ok
20:17:03.0662 0x1410  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:17:03.0674 0x1410  AmdK8 - ok
20:17:03.0680 0x1410  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:17:03.0692 0x1410  AmdPPM - ok
20:17:03.0699 0x1410  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:17:03.0711 0x1410  amdsata - ok
20:17:03.0720 0x1410  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:17:03.0736 0x1410  amdsbs - ok
20:17:03.0741 0x1410  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:17:03.0750 0x1410  amdxata - ok
20:17:03.0756 0x1410  [ EE4797DFEBBE8ACDB548DD8E80BE0A88, 9D56F835A5A9C045829EDFB546379E3448C9E539E5C2608B559DE4D052FEC769 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
20:17:03.0767 0x1410  amd_sata - ok
20:17:03.0772 0x1410  [ D56EAD71A86FD2ACAE2DB47D0A6A3A41, 2E5E6D0E00D25765CC8B9997B26DE43F305966BFA518CB72EA7CA77152001726 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
20:17:03.0781 0x1410  amd_xata - ok
20:17:03.0796 0x1410  [ 5B25D1A753CC3A3EDB909BB759AC1098, 1B931342D8D36C8D177D6D9BFFFD8CDC0C6E6F82BA552DC8E5CDC1CAF528D0B0 ] AODDriver4.1    D:\Programme exe\adm\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:17:03.0805 0x1410  AODDriver4.1 - ok
20:17:03.0810 0x1410  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
20:17:03.0825 0x1410  AppID - ok
20:17:03.0829 0x1410  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:17:03.0840 0x1410  AppIDSvc - ok
20:17:03.0845 0x1410  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:17:03.0857 0x1410  Appinfo - ok
20:17:03.0865 0x1410  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:17:03.0880 0x1410  AppMgmt - ok
20:17:03.0890 0x1410  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:17:03.0903 0x1410  arc - ok
20:17:03.0909 0x1410  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:17:03.0921 0x1410  arcsas - ok
20:17:03.0934 0x1410  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:17:03.0948 0x1410  aspnet_state - ok
20:17:03.0952 0x1410  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:17:04.0013 0x1410  AsyncMac - ok
20:17:04.0017 0x1410  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:17:04.0027 0x1410  atapi - ok
20:17:04.0031 0x1410  [ 66828FF07CE53217582005540E31F84A, 67191E1CAF324014EB50E5C8BEE45D45C8A40C5CE02629AB83D3007E28CE2C35 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie64.sys
20:17:04.0039 0x1410  AtiPcie - ok
20:17:04.0057 0x1410  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:17:04.0084 0x1410  AudioEndpointBuilder - ok
20:17:04.0102 0x1410  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:17:04.0125 0x1410  AudioSrv - ok
20:17:04.0132 0x1410  avp - ok
20:17:04.0140 0x1410  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:17:04.0167 0x1410  AxInstSV - ok
20:17:04.0206 0x1410  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:17:04.0232 0x1410  b06bdrv - ok
20:17:04.0249 0x1410  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:17:04.0266 0x1410  b57nd60a - ok
20:17:04.0277 0x1410  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:17:04.0297 0x1410  BDESVC - ok
20:17:04.0302 0x1410  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:17:04.0336 0x1410  Beep - ok
20:17:04.0357 0x1410  [ 29875A9AEF3F6CB1BDCD190222AEA31C, E673C26BACC0F5A2234F82C3AEE0EF5E7C969FD633E6DD796D9B278E530AA5AE ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
20:17:04.0386 0x1410  BEService - ok
20:17:04.0409 0x1410  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:17:04.0440 0x1410  BFE - ok
20:17:04.0467 0x1410  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:17:04.0587 0x1410  BITS - ok
20:17:04.0596 0x1410  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:17:04.0607 0x1410  blbdrive - ok
20:17:04.0630 0x1410  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:17:04.0646 0x1410  Bonjour Service - ok
20:17:04.0652 0x1410  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:17:04.0676 0x1410  bowser - ok
20:17:04.0685 0x1410  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:17:04.0703 0x1410  BrFiltLo - ok
20:17:04.0710 0x1410  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:17:04.0726 0x1410  BrFiltUp - ok
20:17:04.0734 0x1410  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:17:04.0756 0x1410  Browser - ok
20:17:04.0767 0x1410  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:17:04.0793 0x1410  Brserid - ok
20:17:04.0799 0x1410  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:17:04.0822 0x1410  BrSerWdm - ok
20:17:04.0832 0x1410  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:17:04.0844 0x1410  BrUsbMdm - ok
20:17:04.0848 0x1410  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:17:04.0864 0x1410  BrUsbSer - ok
20:17:04.0876 0x1410  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:17:04.0890 0x1410  BTHMODEM - ok
20:17:04.0904 0x1410  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:17:04.0934 0x1410  bthserv - ok
20:17:04.0945 0x1410  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:17:04.0981 0x1410  cdfs - ok
20:17:04.0990 0x1410  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:17:05.0002 0x1410  cdrom - ok
20:17:05.0030 0x1410  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:17:05.0069 0x1410  CertPropSvc - ok
20:17:05.0076 0x1410  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:17:05.0096 0x1410  circlass - ok
20:17:05.0116 0x1410  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
20:17:05.0134 0x1410  CLFS - ok
20:17:05.0317 0x1410  [ 880A6DAC6E03871B37A782155D189A53, 93659BB67236F5EBC317FD73879EB79EFB195728A2C0BC997881D3622C6CF981 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
20:17:05.0493 0x1410  ClickToRunSvc - ok
20:17:05.0513 0x1410  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:17:05.0524 0x1410  clr_optimization_v2.0.50727_32 - ok
20:17:05.0531 0x1410  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:17:05.0542 0x1410  clr_optimization_v2.0.50727_64 - ok
20:17:05.0554 0x1410  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:17:05.0567 0x1410  clr_optimization_v4.0.30319_32 - ok
20:17:05.0573 0x1410  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:17:05.0589 0x1410  clr_optimization_v4.0.30319_64 - ok
20:17:05.0593 0x1410  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:17:05.0604 0x1410  CmBatt - ok
20:17:05.0611 0x1410  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:17:05.0621 0x1410  cmdide - ok
20:17:05.0681 0x1410  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:17:05.0708 0x1410  CNG - ok
20:17:05.0713 0x1410  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:17:05.0722 0x1410  Compbatt - ok
20:17:05.0726 0x1410  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:17:05.0738 0x1410  CompositeBus - ok
20:17:05.0742 0x1410  COMSysApp - ok
20:17:05.0744 0x1410  cpuz130 - ok
20:17:05.0749 0x1410  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:17:05.0758 0x1410  crcdisk - ok
20:17:05.0768 0x1410  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:17:05.0784 0x1410  CryptSvc - ok
20:17:05.0802 0x1410  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
20:17:05.0828 0x1410  CSC - ok
20:17:05.0834 0x1410  [ 04199CA5C4A6F6E935906A74EAFCA8E7, F02E807E04DA16117E9E4D183186DF9425E9E1AD7CBC34AEED63A38F7D1E75E6 ] CSCrySec        C:\Windows\system32\DRIVERS\CSCrySec.sys
20:17:05.0845 0x1410  CSCrySec - ok
20:17:05.0866 0x1410  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
20:17:05.0896 0x1410  CscService - ok
20:17:05.0923 0x1410  [ 0B7E221689F370C87F640C6D2EED7D3F, 2EBA565DAC2DC7182C43174BAAA373610C7083B57279CAD5EA5765E25EA27BCF ] CSObjectsSrv    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
20:17:05.0948 0x1410  CSObjectsSrv - ok
20:17:05.0955 0x1410  [ 7D7F90460F1309B5205BF8CDFAD63E42, 885B9EA530E7B6D51DC24A5009F37A2D4CCACAFCA0A7CB693F4320E110AFFA4F ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
20:17:05.0965 0x1410  CSVirtualDiskDrv - ok
20:17:05.0969 0x1410  dbupdate - ok
20:17:05.0971 0x1410  dbupdatem - ok
20:17:05.0990 0x1410  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:17:06.0031 0x1410  DcomLaunch - ok
20:17:06.0195 0x1410  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:17:06.0238 0x1410  defragsvc - ok
20:17:06.0245 0x1410  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:17:06.0273 0x1410  DfsC - ok
20:17:06.0280 0x1410  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:17:06.0292 0x1410  dg_ssudbus - ok
20:17:06.0305 0x1410  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:17:06.0326 0x1410  Dhcp - ok
20:17:06.0331 0x1410  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:17:06.0359 0x1410  discache - ok
20:17:06.0364 0x1410  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:17:06.0375 0x1410  Disk - ok
20:17:06.0380 0x1410  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
20:17:06.0393 0x1410  dmvsc - ok
20:17:06.0401 0x1410  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:17:06.0417 0x1410  Dnscache - ok
20:17:06.0427 0x1410  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:17:06.0461 0x1410  dot3svc - ok
20:17:06.0469 0x1410  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:17:06.0499 0x1410  DPS - ok
20:17:06.0502 0x1410  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:17:06.0513 0x1410  drmkaud - ok
20:17:06.0542 0x1410  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:17:06.0581 0x1410  DXGKrnl - ok
20:17:06.0589 0x1410  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:17:06.0619 0x1410  EapHost - ok
20:17:06.0709 0x1410  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:17:06.0852 0x1410  ebdrv - ok
20:17:06.0863 0x1410  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] EFS             C:\Windows\System32\lsass.exe
20:17:06.0874 0x1410  EFS - ok
20:17:06.0895 0x1410  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:17:06.0971 0x1410  elxstor - ok
20:17:06.0976 0x1410  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:17:06.0987 0x1410  ErrDev - ok
20:17:07.0003 0x1410  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:17:07.0041 0x1410  EventSystem - ok
20:17:07.0050 0x1410  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:17:07.0082 0x1410  exfat - ok
20:17:07.0090 0x1410  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:17:07.0122 0x1410  fastfat - ok
20:17:07.0143 0x1410  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:17:07.0174 0x1410  Fax - ok
20:17:07.0180 0x1410  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:17:07.0191 0x1410  fdc - ok
20:17:07.0195 0x1410  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:17:07.0222 0x1410  fdPHost - ok
20:17:07.0226 0x1410  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:17:07.0253 0x1410  FDResPub - ok
20:17:07.0260 0x1410  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:17:07.0272 0x1410  FileInfo - ok
20:17:07.0276 0x1410  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:17:07.0304 0x1410  Filetrace - ok
20:17:07.0309 0x1410  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:17:07.0320 0x1410  flpydisk - ok
20:17:07.0333 0x1410  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:17:07.0350 0x1410  FltMgr - ok
20:17:07.0382 0x1410  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:17:07.0431 0x1410  FontCache - ok
20:17:07.0438 0x1410  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:17:07.0448 0x1410  FontCache3.0.0.0 - ok
20:17:07.0453 0x1410  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:17:07.0463 0x1410  FsDepends - ok
20:17:07.0467 0x1410  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:17:07.0477 0x1410  Fs_Rec - ok
20:17:07.0485 0x1410  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:17:07.0503 0x1410  fvevol - ok
20:17:07.0508 0x1410  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:17:07.0519 0x1410  gagp30kx - ok
20:17:07.0563 0x1410  [ 171CCFEB86294AFAA3609DB3899A841E, 0C2162A2D4A276182E922BBEF195CB936ABCBE6729C535CA23CDA9DAD0DDF491 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
20:17:07.0595 0x1410  GfExperienceService - ok
20:17:07.0621 0x1410  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:17:07.0669 0x1410  gpsvc - ok
20:17:07.0674 0x1410  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:17:07.0686 0x1410  hcw85cir - ok
20:17:07.0698 0x1410  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:17:07.0719 0x1410  HdAudAddService - ok
20:17:07.0726 0x1410  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:17:07.0742 0x1410  HDAudBus - ok
20:17:07.0746 0x1410  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:17:07.0758 0x1410  HidBatt - ok
20:17:07.0764 0x1410  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:17:07.0779 0x1410  HidBth - ok
20:17:07.0784 0x1410  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:17:07.0797 0x1410  HidIr - ok
20:17:07.0801 0x1410  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:17:07.0829 0x1410  hidserv - ok
20:17:07.0833 0x1410  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:17:07.0844 0x1410  HidUsb - ok
20:17:07.0849 0x1410  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:17:07.0887 0x1410  hkmsvc - ok
20:17:07.0896 0x1410  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:17:07.0913 0x1410  HomeGroupListener - ok
20:17:07.0923 0x1410  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:17:07.0939 0x1410  HomeGroupProvider - ok
20:17:07.0945 0x1410  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:17:07.0957 0x1410  HpSAMD - ok
20:17:07.0983 0x1410  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:17:08.0017 0x1410  HTTP - ok
20:17:08.0022 0x1410  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:17:08.0031 0x1410  hwpolicy - ok
20:17:08.0037 0x1410  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:17:08.0049 0x1410  i8042prt - ok
20:17:08.0065 0x1410  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:17:08.0087 0x1410  iaStorV - ok
20:17:08.0094 0x1410  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:17:08.0100 0x1410  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:17:10.0902 0x1410  Detect skipped due to KSN trusted
20:17:10.0902 0x1410  IDriverT - ok
20:17:10.0928 0x1410  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:17:10.0961 0x1410  idsvc - ok
20:17:10.0966 0x1410  IEEtwCollectorService - ok
20:17:10.0970 0x1410  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:17:10.0981 0x1410  iirsp - ok
20:17:11.0005 0x1410  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:17:11.0039 0x1410  IKEEXT - ok
20:17:11.0172 0x1410  [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:17:11.0310 0x1410  IntcAzAudAddService - ok
20:17:11.0323 0x1410  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:17:11.0333 0x1410  intelide - ok
20:17:11.0338 0x1410  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:17:11.0350 0x1410  intelppm - ok
20:17:11.0355 0x1410  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:17:11.0385 0x1410  IPBusEnum - ok
20:17:11.0390 0x1410  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:17:11.0417 0x1410  IpFilterDriver - ok
20:17:11.0436 0x1410  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:17:11.0464 0x1410  iphlpsvc - ok
20:17:11.0471 0x1410  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:17:11.0484 0x1410  IPMIDRV - ok
20:17:11.0490 0x1410  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:17:11.0519 0x1410  IPNAT - ok
20:17:11.0523 0x1410  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:17:11.0537 0x1410  IRENUM - ok
20:17:11.0541 0x1410  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:17:11.0551 0x1410  isapnp - ok
20:17:11.0561 0x1410  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:17:11.0578 0x1410  iScsiPrt - ok
20:17:11.0583 0x1410  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:17:11.0593 0x1410  kbdclass - ok
20:17:11.0597 0x1410  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:17:11.0607 0x1410  kbdhid - ok
20:17:11.0612 0x1410  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] KeyIso          C:\Windows\system32\lsass.exe
20:17:11.0621 0x1410  KeyIso - ok
20:17:11.0634 0x1410  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
20:17:11.0652 0x1410  KL1 - ok
20:17:11.0669 0x1410  [ 70D959CB6DC1F2AC6AFF3AC20891939D, 22EECAD6C8DD9C2691D707950FFCD5DBA929942450B7E2E69F5DDE9DD4E7DBFE ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
20:17:11.0690 0x1410  KLIF - ok
20:17:11.0695 0x1410  [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
20:17:11.0704 0x1410  KLIM6 - ok
20:17:11.0707 0x1410  [ AEB50941C6D67128B14F88DB9917C4E0, 2ACE46665DE298CC197660A442A3172B1FB460A40BD18AECEA786ACB011FDA43 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
20:17:11.0716 0x1410  klkbdflt - ok
20:17:11.0720 0x1410  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
20:17:11.0728 0x1410  klmouflt - ok
20:17:11.0733 0x1410  [ 45ECF097BC6330C2054D7D43B7AD822B, 41684ED54E75FE6BEEA322E7CE888DFDD53EE1F45016E01CE10B84ABB02CBDA8 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
20:17:11.0742 0x1410  kltdi - ok
20:17:11.0749 0x1410  [ 0E71FAED99892750DFE1C5237A6F8FE6, 786FEEEF637BC89FDED3DDEA2563144C7128E7C9582261B23F16B98D69149088 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
20:17:11.0761 0x1410  kneps - ok
20:17:11.0768 0x1410  [ 063C09DB965E3DFD6F4F08416F6DB8F5, 0BE015C59288397536B3941BA55EFE0CF06714BC43FF3A33A1D844B4E0F16097 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:17:11.0779 0x1410  KSecDD - ok
20:17:11.0787 0x1410  [ 1FA627E63195BF3BF636BFEF0D7190D4, 794456605303F4916E81BE899E0B05CB070094E719ADA8BE8072A761E35CA8E9 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:17:11.0799 0x1410  KSecPkg - ok
20:17:11.0803 0x1410  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:17:11.0830 0x1410  ksthunk - ok
20:17:11.0842 0x1410  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:17:11.0880 0x1410  KtmRm - ok
20:17:11.0897 0x1410  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:17:11.0947 0x1410  LanmanServer - ok
20:17:11.0954 0x1410  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:17:11.0983 0x1410  LanmanWorkstation - ok
20:17:11.0989 0x1410  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:17:12.0017 0x1410  lltdio - ok
20:17:12.0028 0x1410  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:17:12.0063 0x1410  lltdsvc - ok
20:17:12.0067 0x1410  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:17:12.0094 0x1410  lmhosts - ok
20:17:12.0102 0x1410  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:17:12.0114 0x1410  LSI_FC - ok
20:17:12.0121 0x1410  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:17:12.0134 0x1410  LSI_SAS - ok
20:17:12.0139 0x1410  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:17:12.0150 0x1410  LSI_SAS2 - ok
20:17:12.0156 0x1410  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:17:12.0168 0x1410  LSI_SCSI - ok
20:17:12.0176 0x1410  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:17:12.0206 0x1410  luafv - ok
20:17:12.0210 0x1410  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:17:12.0219 0x1410  MBAMProtector - ok
20:17:12.0341 0x1410  [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler   D:\ Malwarebytes Anti-Malware \mbamscheduler.exe
20:17:12.0395 0x1410  MBAMScheduler - ok
20:17:12.0446 0x1410  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     D:\ Malwarebytes Anti-Malware \mbamservice.exe
20:17:12.0481 0x1410  MBAMService - ok
20:17:12.0490 0x1410  [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:17:12.0500 0x1410  MBAMWebAccessControl - ok
20:17:12.0504 0x1410  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:17:12.0514 0x1410  megasas - ok
20:17:12.0526 0x1410  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:17:12.0544 0x1410  MegaSR - ok
20:17:12.0549 0x1410  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:17:12.0577 0x1410  MMCSS - ok
20:17:12.0581 0x1410  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:17:12.0607 0x1410  Modem - ok
20:17:12.0612 0x1410  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:17:12.0625 0x1410  monitor - ok
20:17:12.0630 0x1410  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:17:12.0640 0x1410  mouclass - ok
20:17:12.0644 0x1410  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:17:12.0654 0x1410  mouhid - ok
20:17:12.0660 0x1410  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:17:12.0672 0x1410  mountmgr - ok
20:17:12.0678 0x1410  [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:17:12.0690 0x1410  MozillaMaintenance - ok
20:17:12.0699 0x1410  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:17:12.0713 0x1410  mpio - ok
20:17:12.0719 0x1410  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:17:12.0747 0x1410  mpsdrv - ok
20:17:12.0773 0x1410  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:17:12.0822 0x1410  MpsSvc - ok
20:17:12.0831 0x1410  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:17:12.0845 0x1410  MRxDAV - ok
20:17:12.0852 0x1410  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:12.0867 0x1410  mrxsmb - ok
20:17:12.0878 0x1410  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:12.0897 0x1410  mrxsmb10 - ok
20:17:12.0904 0x1410  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:12.0917 0x1410  mrxsmb20 - ok
20:17:12.0926 0x1410  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:17:12.0936 0x1410  msahci - ok
20:17:12.0944 0x1410  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:17:12.0958 0x1410  msdsm - ok
20:17:12.0965 0x1410  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:17:12.0980 0x1410  MSDTC - ok
20:17:12.0986 0x1410  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:17:13.0012 0x1410  Msfs - ok
20:17:13.0016 0x1410  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:17:13.0042 0x1410  mshidkmdf - ok
20:17:13.0045 0x1410  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:17:13.0054 0x1410  msisadrv - ok
20:17:13.0061 0x1410  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:17:13.0091 0x1410  MSiSCSI - ok
20:17:13.0094 0x1410  msiserver - ok
20:17:13.0097 0x1410  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:17:13.0123 0x1410  MSKSSRV - ok
20:17:13.0184 0x1410  [ 47A616802531735DF88CD331739D6E97, 28A28794186CC0B5EC5A3838C7CAE16B9DCE2C0BD5873F59CE59F8F4EDA4268B ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
20:17:13.0252 0x1410  msoidsvc - ok
20:17:13.0259 0x1410  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:13.0286 0x1410  MSPCLOCK - ok
20:17:13.0289 0x1410  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:17:13.0315 0x1410  MSPQM - ok
20:17:13.0328 0x1410  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:17:13.0348 0x1410  MsRPC - ok
20:17:13.0353 0x1410  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:17:13.0363 0x1410  mssmbios - ok
20:17:13.0366 0x1410  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:17:13.0392 0x1410  MSTEE - ok
20:17:13.0396 0x1410  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:17:13.0407 0x1410  MTConfig - ok
20:17:13.0411 0x1410  [ 2219A3D695405E7BA2186BA6B9EDE14A, 8B99BD22DACB56FF544ED922962FE4EC1172BF90987A46E3A5F62A3B4E720B0C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:17:13.0419 0x1410  MTsensor - ok
20:17:13.0423 0x1410  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:17:13.0434 0x1410  Mup - ok
20:17:13.0450 0x1410  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:17:13.0490 0x1410  napagent - ok
20:17:13.0503 0x1410  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:17:13.0526 0x1410  NativeWifiP - ok
20:17:13.0556 0x1410  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:17:13.0594 0x1410  NDIS - ok
20:17:13.0599 0x1410  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:13.0626 0x1410  NdisCap - ok
20:17:13.0629 0x1410  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:13.0656 0x1410  NdisTapi - ok
20:17:13.0661 0x1410  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:13.0687 0x1410  Ndisuio - ok
20:17:13.0694 0x1410  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:13.0724 0x1410  NdisWan - ok
20:17:13.0729 0x1410  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:17:13.0756 0x1410  NDProxy - ok
20:17:13.0760 0x1410  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:17:13.0787 0x1410  NetBIOS - ok
20:17:13.0798 0x1410  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:17:13.0833 0x1410  NetBT - ok
20:17:13.0837 0x1410  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] Netlogon        C:\Windows\system32\lsass.exe
20:17:13.0846 0x1410  Netlogon - ok
20:17:13.0859 0x1410  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:17:13.0898 0x1410  Netman - ok
20:17:13.0943 0x1410  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:13.0958 0x1410  NetMsmqActivator - ok
20:17:13.0964 0x1410  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:13.0976 0x1410  NetPipeActivator - ok
20:17:13.0992 0x1410  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:17:14.0032 0x1410  netprofm - ok
20:17:14.0039 0x1410  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:14.0052 0x1410  NetTcpActivator - ok
20:17:14.0058 0x1410  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:14.0070 0x1410  NetTcpPortSharing - ok
20:17:14.0075 0x1410  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:17:14.0085 0x1410  nfrd960 - ok
20:17:14.0097 0x1410  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:17:14.0117 0x1410  NlaSvc - ok
20:17:14.0122 0x1410  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:17:14.0150 0x1410  Npfs - ok
20:17:14.0154 0x1410  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:17:14.0180 0x1410  nsi - ok
20:17:14.0184 0x1410  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:17:14.0211 0x1410  nsiproxy - ok
20:17:14.0273 0x1410  [ 8D2248AF5DFA3D9F23E0A9D0486E408F, FB718945EEEB36ECCA72AD124A790A22DC1C0E695DE86FD0E82351D80DDDBD19 ] nsmService      D:\NetSetMan\nsmservice.exe
20:17:14.0313 0x1410  nsmService - ok
20:17:14.0358 0x1410  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:17:14.0408 0x1410  Ntfs - ok
20:17:14.0414 0x1410  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:17:14.0441 0x1410  Null - ok
20:17:14.0451 0x1410  [ B9E5A80F646DDFEF158773722A466EA3, 028979FE600D17DA70445F44D81FAE4EDA3478FCC81FA5506133CCAC37C4E2BF ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:17:14.0467 0x1410  NVHDA - ok
20:17:14.0778 0x1410  [ BF769EC1CC472FAD4C6EAEEB96ED857E, BBF8BA2B703BF4C36DFC7F69B4D8E477C8162BEC492C6C5D1A7751C19305ABE8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:17:15.0110 0x1410  nvlddmkm - ok
20:17:15.0189 0x1410  [ 4B1E6975B565883985FB43C3FD6C88C6, D4CCA860A9AFDF5D729885896B3034A55C4778FE0A333C06B8B71C20BF73A48A ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
20:17:15.0235 0x1410  NvNetworkService - ok
20:17:15.0248 0x1410  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:17:15.0262 0x1410  nvraid - ok
20:17:15.0270 0x1410  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:17:15.0284 0x1410  nvstor - ok
20:17:15.0289 0x1410  [ DD8043B662B1F0CFC037976E38271975, A129975AE17677783A76E8DBEC6D01709BC40202672AAB5BB72A8E19A285C4C9 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
20:17:15.0297 0x1410  NvStreamKms - ok
20:17:15.0300 0x1410  NvStreamSvc - ok
20:17:15.0323 0x1410  [ 039ACFA07F59DB2109BB6A2C0FA2C0D9, E641179FCDB83BBFFADDDECD646F69D667F494BFC41FCE1F035EE78A944C6D5B ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:17:15.0351 0x1410  nvsvc - ok
20:17:15.0357 0x1410  [ 6AC68DDFCAC19A300D738AF3493E46AA, 4E92215B6E3ED263E89489851C6FEAD08D3155C82A74E880DA460DED0021DF42 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
20:17:15.0368 0x1410  nvvad_WaveExtensible - ok
20:17:15.0375 0x1410  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:17:15.0388 0x1410  nv_agp - ok
20:17:15.0394 0x1410  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:17:15.0406 0x1410  ohci1394 - ok
20:17:15.0519 0x1410  [ D06C2368C93396C6B983CE60523BA99F, ABC90E2DC2DE577AFA37BF34630502AA209C9556DFCC1757844D95D9370FFA8C ] Origin Client Service D:\Programme\Origin\OriginClientService.exe
20:17:15.0573 0x1410  Origin Client Service - ok
20:17:15.0587 0x1410  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:17:15.0600 0x1410  ose - ok
20:17:15.0747 0x1410  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:17:15.0863 0x1410  osppsvc - ok
20:17:15.0889 0x1410  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:17:15.0917 0x1410  p2pimsvc - ok
20:17:15.0933 0x1410  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:17:15.0955 0x1410  p2psvc - ok
20:17:15.0961 0x1410  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
20:17:15.0974 0x1410  Parport - ok
20:17:15.0989 0x1410  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:17:16.0000 0x1410  partmgr - ok
20:17:16.0008 0x1410  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:17:16.0023 0x1410  PcaSvc - ok
20:17:16.0031 0x1410  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:17:16.0046 0x1410  pci - ok
20:17:16.0049 0x1410  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:17:16.0058 0x1410  pciide - ok
20:17:16.0068 0x1410  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:17:16.0083 0x1410  pcmcia - ok
20:17:16.0088 0x1410  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:17:16.0099 0x1410  pcw - ok
20:17:16.0118 0x1410  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:17:16.0147 0x1410  PEAUTH - ok
20:17:16.0186 0x1410  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:17:16.0235 0x1410  PeerDistSvc - ok
20:17:16.0259 0x1410  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:17:16.0271 0x1410  PerfHost - ok
20:17:16.0315 0x1410  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:17:16.0381 0x1410  pla - ok
20:17:16.0399 0x1410  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:17:16.0422 0x1410  PlugPlay - ok
20:17:16.0426 0x1410  PnkBstrA - ok
20:17:16.0430 0x1410  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:17:16.0441 0x1410  PNRPAutoReg - ok
20:17:16.0453 0x1410  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:17:16.0469 0x1410  PNRPsvc - ok
20:17:16.0487 0x1410  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:17:16.0527 0x1410  PolicyAgent - ok
20:17:16.0537 0x1410  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:17:16.0569 0x1410  Power - ok
20:17:16.0576 0x1410  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:17:16.0604 0x1410  PptpMiniport - ok
20:17:16.0610 0x1410  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:17:16.0622 0x1410  Processor - ok
20:17:16.0630 0x1410  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:17:16.0646 0x1410  ProfSvc - ok
20:17:16.0651 0x1410  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:17:16.0660 0x1410  ProtectedStorage - ok
20:17:16.0667 0x1410  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:17:16.0695 0x1410  Psched - ok
20:17:16.0701 0x1410  [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64        C:\Windows\system32\drivers\PxHlpa64.sys
20:17:16.0711 0x1410  PxHlpa64 - ok
20:17:16.0765 0x1410  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:17:16.0825 0x1410  ql2300 - ok
20:17:16.0836 0x1410  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:17:16.0849 0x1410  ql40xx - ok
20:17:16.0861 0x1410  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:17:16.0883 0x1410  QWAVE - ok
20:17:16.0888 0x1410  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:17:16.0903 0x1410  QWAVEdrv - ok
20:17:16.0906 0x1410  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:17:16.0932 0x1410  RasAcd - ok
20:17:16.0937 0x1410  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:17:16.0964 0x1410  RasAgileVpn - ok
20:17:16.0970 0x1410  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:17:17.0000 0x1410  RasAuto - ok
20:17:17.0006 0x1410  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:17:17.0035 0x1410  Rasl2tp - ok
20:17:17.0047 0x1410  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:17:17.0084 0x1410  RasMan - ok
20:17:17.0090 0x1410  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:17:17.0118 0x1410  RasPppoe - ok
20:17:17.0123 0x1410  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:17:17.0151 0x1410  RasSstp - ok
20:17:17.0163 0x1410  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:17:17.0198 0x1410  rdbss - ok
20:17:17.0202 0x1410  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:17:17.0214 0x1410  rdpbus - ok
20:17:17.0218 0x1410  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:17:17.0243 0x1410  RDPCDD - ok
20:17:17.0253 0x1410  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:17:17.0268 0x1410  RDPDR - ok
20:17:17.0272 0x1410  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:17:17.0299 0x1410  RDPENCDD - ok
20:17:17.0303 0x1410  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:17:17.0329 0x1410  RDPREFMP - ok
20:17:17.0336 0x1410  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:17:17.0347 0x1410  RdpVideoMiniport - ok
20:17:17.0356 0x1410  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:17:17.0374 0x1410  RDPWD - ok
20:17:17.0384 0x1410  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:17:17.0400 0x1410  rdyboost - ok
20:17:17.0408 0x1410  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
20:17:17.0418 0x1410  RealNetworks Downloader Resolver Service - ok
20:17:17.0424 0x1410  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:17:17.0454 0x1410  RemoteAccess - ok
20:17:17.0462 0x1410  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:17:17.0493 0x1410  RemoteRegistry - ok
20:17:17.0498 0x1410  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:17:17.0527 0x1410  RpcEptMapper - ok
20:17:17.0531 0x1410  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:17:17.0542 0x1410  RpcLocator - ok
20:17:17.0559 0x1410  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:17:17.0594 0x1410  RpcSs - ok
20:17:17.0600 0x1410  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:17:17.0628 0x1410  rspndr - ok
20:17:17.0651 0x1410  [ 6CF9DB101A75360E98659F823852E540, A7D48DF41A831EEF9978B51786EF80DB9CC40602BE66D46CA11BE1548BC2D10C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:17:17.0679 0x1410  RTL8167 - ok
20:17:17.0684 0x1410  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:17:17.0693 0x1410  s3cap - ok
20:17:17.0697 0x1410  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] SamSs           C:\Windows\system32\lsass.exe
20:17:17.0707 0x1410  SamSs - ok
20:17:17.0713 0x1410  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:17:17.0725 0x1410  sbp2port - ok
20:17:17.0734 0x1410  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:17:17.0766 0x1410  SCardSvr - ok
20:17:17.0771 0x1410  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:17:17.0797 0x1410  scfilter - ok
20:17:17.0828 0x1410  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:17:17.0886 0x1410  Schedule - ok
20:17:17.0899 0x1410  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:17:17.0925 0x1410  SCPolicySvc - ok
20:17:17.0936 0x1410  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:17:17.0953 0x1410  SDRSVC - ok
20:17:18.0070 0x1410  [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService D:\Spybot - Search & Destroy 2\SDFSSvc.exe
20:17:18.0174 0x1410  SDScannerService - ok
20:17:18.0218 0x1410  [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService D:\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:17:18.0254 0x1410  SDUpdateService - ok
20:17:18.0270 0x1410  [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService    D:\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:17:18.0282 0x1410  SDWSCService - ok
20:17:18.0289 0x1410  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:17:18.0316 0x1410  secdrv - ok
20:17:18.0321 0x1410  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:17:18.0349 0x1410  seclogon - ok
20:17:18.0355 0x1410  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:17:18.0383 0x1410  SENS - ok
20:17:18.0387 0x1410  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:17:18.0400 0x1410  SensrSvc - ok
20:17:18.0403 0x1410  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:17:18.0414 0x1410  Serenum - ok
20:17:18.0420 0x1410  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
20:17:18.0434 0x1410  Serial - ok
20:17:18.0438 0x1410  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:17:18.0449 0x1410  sermouse - ok
20:17:18.0460 0x1410  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:17:18.0490 0x1410  SessionEnv - ok
20:17:18.0494 0x1410  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:17:18.0507 0x1410  sffdisk - ok
20:17:18.0511 0x1410  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:17:18.0523 0x1410  sffp_mmc - ok
20:17:18.0527 0x1410  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:17:18.0540 0x1410  sffp_sd - ok
20:17:18.0544 0x1410  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:17:18.0554 0x1410  sfloppy - ok
20:17:18.0567 0x1410  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:17:18.0604 0x1410  SharedAccess - ok
20:17:18.0616 0x1410  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:17:18.0653 0x1410  ShellHWDetection - ok
20:17:18.0659 0x1410  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:17:18.0670 0x1410  SiSRaid2 - ok
20:17:18.0677 0x1410  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:17:18.0689 0x1410  SiSRaid4 - ok
20:17:18.0727 0x1410  [ 0B70786BD1062CD4C6B58E412B9C3E55, 60ED027642FFF97BFFA55AE3EFFCCBB6D6AD8196D35E9ED06F9AF431E3C0402A ] SkypeUpdate     D:\Programme\skype\Updater\Updater.exe
20:17:18.0746 0x1410  SkypeUpdate - ok
20:17:18.0755 0x1410  [ 544788D536087DAF32B846F10D8392F5, D38C18ED147BE4BC7CE5DB50DA1DEEEBD192E1D615B2A3F3B5957A1421B9A2C2 ] SLEE_17_DRIVER  C:\Windows\Sleen1764.sys
20:17:18.0768 0x1410  SLEE_17_DRIVER - ok
20:17:18.0780 0x1410  [ E77CB3736A702D46A6FB15FB4A9894E3, A341AD51825D4DB8A68ADDABE0FD17693DE387B0DA11800D427B8EA31577626C ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
20:17:18.0791 0x1410  SmartDefragDriver - ok
20:17:18.0798 0x1410  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:17:18.0829 0x1410  Smb - ok
20:17:18.0836 0x1410  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:17:18.0847 0x1410  SNMPTRAP - ok
20:17:18.0851 0x1410  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:17:18.0860 0x1410  spldr - ok
20:17:18.0877 0x1410  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:17:18.0904 0x1410  Spooler - ok
20:17:19.0007 0x1410  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:17:19.0144 0x1410  sppsvc - ok
20:17:19.0155 0x1410  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:17:19.0185 0x1410  sppuinotify - ok
20:17:19.0201 0x1410  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:17:19.0225 0x1410  srv - ok
20:17:19.0239 0x1410  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:17:19.0261 0x1410  srv2 - ok
20:17:19.0269 0x1410  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:17:19.0284 0x1410  srvnet - ok
20:17:19.0293 0x1410  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:17:19.0326 0x1410  SSDPSRV - ok
20:17:19.0332 0x1410  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:17:19.0361 0x1410  SstpSvc - ok
20:17:19.0371 0x1410  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:17:19.0386 0x1410  ssudmdm - ok
20:17:19.0410 0x1410  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:17:19.0440 0x1410  Steam Client Service - ok
20:17:19.0446 0x1410  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:17:19.0455 0x1410  stexstor - ok
20:17:19.0458 0x1410  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:17:19.0469 0x1410  StillCam - ok
20:17:19.0488 0x1410  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:17:19.0519 0x1410  stisvc - ok
20:17:19.0525 0x1410  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:17:19.0535 0x1410  storflt - ok
20:17:19.0539 0x1410  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
20:17:19.0550 0x1410  StorSvc - ok
20:17:19.0554 0x1410  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:17:19.0564 0x1410  storvsc - ok
20:17:19.0569 0x1410  [ 0857B76E4F95E2B0CDFF575762158AB2, 99A3C101E9B478582AB6F3FD51A63E0ECB1DA6DB967A27D3CA91F1DF3C33FD64 ] SWDUMon         C:\Windows\system32\DRIVERS\SWDUMon.sys
20:17:19.0578 0x1410  SWDUMon - ok
20:17:19.0581 0x1410  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:17:19.0591 0x1410  swenum - ok
20:17:19.0609 0x1410  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:17:19.0632 0x1410  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:17:22.0399 0x1410  Detect skipped due to KSN trusted
20:17:22.0399 0x1410  SwitchBoard - ok
20:17:22.0417 0x1410  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:17:22.0459 0x1410  swprv - ok
20:17:22.0512 0x1410  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:17:22.0578 0x1410  SysMain - ok
20:17:22.0627 0x1410  [ 00068CD7BD0A2BFA6ACC1F75671394FF, BE2235923006B300910404020D8FA3E4B6F4798778E03D1AFD3A04D995411C72 ] SystemExplorerHelpService D:\System Explorer\service\SystemExplorerService64.exe
20:17:22.0652 0x1410  SystemExplorerHelpService - ok
20:17:22.0660 0x1410  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:17:22.0677 0x1410  TabletInputService - ok
20:17:22.0681 0x1410  [ F9BE29D5E097F03F81D3CD12B794CB66, 5EC208DEAF7C721F4C36512E7DAD4AC66578AB935B9502A5E1E213BC91BE508C ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
20:17:22.0692 0x1410  tap0901 - ok
20:17:22.0703 0x1410  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:17:22.0738 0x1410  TapiSrv - ok
20:17:22.0743 0x1410  [ 048CFE7569D6ADCAB9349BB1A566A79E, E248D2A66881FDFF9505896F383EFFEF2FD5AFC15D8992E653F5C31F1F80DAF3 ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
20:17:22.0753 0x1410  tbhsd - ok
20:17:22.0758 0x1410  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:17:22.0787 0x1410  TBS - ok
20:17:22.0839 0x1410  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:17:22.0902 0x1410  Tcpip - ok
20:17:22.0958 0x1410  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:17:23.0005 0x1410  TCPIP6 - ok
20:17:23.0016 0x1410  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:17:23.0027 0x1410  tcpipreg - ok
20:17:23.0032 0x1410  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:17:23.0043 0x1410  TDPIPE - ok
20:17:23.0048 0x1410  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:17:23.0057 0x1410  TDTCP - ok
20:17:23.0063 0x1410  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:17:23.0076 0x1410  tdx - ok
20:17:23.0249 0x1410  [ A903E5C565A2677F3960E4AAB7B42280, 6D819D4F464005FBAECAAB719EB2D6539E8A48851C09A1AA8E9D48CDFDA9FEE1 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
20:17:23.0443 0x1410  TeamViewer - ok
20:17:23.0461 0x1410  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:17:23.0472 0x1410  TermDD - ok
20:17:23.0489 0x1410  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:17:23.0515 0x1410  TermService - ok
20:17:23.0521 0x1410  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:17:23.0537 0x1410  Themes - ok
20:17:23.0543 0x1410  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:17:23.0570 0x1410  THREADORDER - ok
20:17:23.0577 0x1410  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:17:23.0608 0x1410  TrkWks - ok
20:17:23.0616 0x1410  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:17:23.0647 0x1410  TrustedInstaller - ok
20:17:23.0653 0x1410  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:17:23.0664 0x1410  tssecsrv - ok
20:17:23.0669 0x1410  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:17:23.0681 0x1410  TsUsbFlt - ok
20:17:23.0685 0x1410  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:17:23.0696 0x1410  TsUsbGD - ok
20:17:23.0703 0x1410  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:17:23.0732 0x1410  tunnel - ok
20:17:23.0738 0x1410  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:17:23.0748 0x1410  uagp35 - ok
20:17:23.0762 0x1410  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:17:23.0801 0x1410  udfs - ok
20:17:23.0811 0x1410  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:17:23.0824 0x1410  UI0Detect - ok
20:17:23.0830 0x1410  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:17:23.0841 0x1410  uliagpkx - ok
20:17:23.0846 0x1410  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:17:23.0857 0x1410  umbus - ok
20:17:23.0862 0x1410  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:17:23.0873 0x1410  UmPass - ok
20:17:23.0884 0x1410  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:17:23.0902 0x1410  UmRdpService - ok
20:17:23.0922 0x1410  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 D:\Programme\Unlocker\UnlockerDriver5.sys
20:17:23.0930 0x1410  UnlockerDriver5 - ok
20:17:23.0944 0x1410  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:17:23.0981 0x1410  upnphost - ok
20:17:23.0987 0x1410  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:17:24.0001 0x1410  usbccgp - ok
20:17:24.0007 0x1410  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:17:24.0020 0x1410  usbcir - ok
20:17:24.0025 0x1410  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:17:24.0036 0x1410  usbehci - ok
20:17:24.0041 0x1410  [ 5AE9C87A1ED4B243942B3FDDD902134B, E19657C637B354F968099755DD311A159E57C4BD5ED89D81BDA1C70A62DC732E ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
20:17:24.0050 0x1410  usbfilter - ok
20:17:24.0062 0x1410  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:17:24.0081 0x1410  usbhub - ok
20:17:24.0086 0x1410  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:17:24.0097 0x1410  usbohci - ok
20:17:24.0102 0x1410  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:17:24.0114 0x1410  usbprint - ok
20:17:24.0119 0x1410  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
20:17:24.0130 0x1410  usbscan - ok
20:17:24.0135 0x1410  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:17:24.0149 0x1410  USBSTOR - ok
20:17:24.0153 0x1410  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:17:24.0163 0x1410  usbuhci - ok
20:17:24.0167 0x1410  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
20:17:24.0178 0x1410  usb_rndisx - ok
20:17:24.0182 0x1410  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:17:24.0211 0x1410  UxSms - ok
20:17:24.0215 0x1410  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] VaultSvc        C:\Windows\system32\lsass.exe
20:17:24.0225 0x1410  VaultSvc - ok
20:17:24.0229 0x1410  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:17:24.0239 0x1410  vdrvroot - ok
20:17:24.0255 0x1410  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:17:24.0296 0x1410  vds - ok
20:17:24.0303 0x1410  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:17:24.0317 0x1410  vga - ok
20:17:24.0324 0x1410  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:17:24.0356 0x1410  VgaSave - ok
20:17:24.0366 0x1410  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:17:24.0381 0x1410  vhdmp - ok
20:17:24.0387 0x1410  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:17:24.0396 0x1410  viaide - ok
20:17:24.0399 0x1410  VideoAcceleratorService - ok
20:17:24.0409 0x1410  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:17:24.0424 0x1410  vmbus - ok
20:17:24.0428 0x1410  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:17:24.0437 0x1410  VMBusHID - ok
20:17:24.0442 0x1410  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:17:24.0453 0x1410  volmgr - ok
20:17:24.0466 0x1410  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:17:24.0486 0x1410  volmgrx - ok
20:17:24.0498 0x1410  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:17:24.0517 0x1410  volsnap - ok
20:17:24.0526 0x1410  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:17:24.0539 0x1410  vsmraid - ok
20:17:24.0583 0x1410  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:17:24.0656 0x1410  VSS - ok
20:17:24.0664 0x1410  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:17:24.0676 0x1410  vwifibus - ok
20:17:24.0688 0x1410  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:17:24.0726 0x1410  W32Time - ok
20:17:24.0732 0x1410  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:17:24.0743 0x1410  WacomPen - ok
20:17:24.0749 0x1410  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:17:24.0777 0x1410  WANARP - ok
20:17:24.0782 0x1410  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:17:24.0809 0x1410  Wanarpv6 - ok
20:17:24.0854 0x1410  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:17:24.0911 0x1410  wbengine - ok
20:17:24.0923 0x1410  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:17:24.0943 0x1410  WbioSrvc - ok
20:17:24.0956 0x1410  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:17:24.0980 0x1410  wcncsvc - ok
20:17:24.0985 0x1410  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:17:25.0013 0x1410  WcsPlugInService - ok
20:17:25.0017 0x1410  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:17:25.0027 0x1410  Wd - ok
20:17:25.0057 0x1410  [ 6211C43075D3538ADBF344F77C1A337C, 1B4F21358C0ED8666213F897F7F254985E8666AC14568157A7143DD3DC9B2ADF ] WDBackup        C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
20:17:25.0086 0x1410  WDBackup - ok
20:17:25.0093 0x1410  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
20:17:25.0103 0x1410  WDC_SAM - ok
20:17:25.0115 0x1410  [ 464C440F9344289FDEA03F7475C44ACC, 5C7F9C1B604FCF01A78F69DBFC379B47E1A00EE35279A9F0F90E1E3663B0C3B7 ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
20:17:25.0128 0x1410  WDDriveService - ok
20:17:25.0152 0x1410  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:17:25.0185 0x1410  Wdf01000 - ok
20:17:25.0192 0x1410  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:17:25.0206 0x1410  WdiServiceHost - ok
20:17:25.0210 0x1410  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:17:25.0222 0x1410  WdiSystemHost - ok
20:17:25.0232 0x1410  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:17:25.0250 0x1410  WebClient - ok
20:17:25.0259 0x1410  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:17:25.0294 0x1410  Wecsvc - ok
20:17:25.0300 0x1410  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:17:25.0331 0x1410  wercplsupport - ok
20:17:25.0340 0x1410  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:17:25.0370 0x1410  WerSvc - ok
20:17:25.0374 0x1410  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:17:25.0400 0x1410  WfpLwf - ok
20:17:25.0404 0x1410  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:17:25.0413 0x1410  WIMMount - ok
20:17:25.0416 0x1410  WinDefend - ok
20:17:25.0422 0x1410  WinHttpAutoProxySvc - ok
20:17:25.0435 0x1410  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:17:25.0469 0x1410  Winmgmt - ok
20:17:25.0520 0x1410  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:17:25.0588 0x1410  WinRM - ok
20:17:25.0599 0x1410  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
20:17:25.0613 0x1410  WinUsb - ok
20:17:25.0639 0x1410  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:17:25.0677 0x1410  Wlansvc - ok
20:17:25.0685 0x1410  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:17:25.0695 0x1410  wlcrasvc - ok
20:17:25.0762 0x1410  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:17:25.0831 0x1410  wlidsvc - ok
20:17:25.0839 0x1410  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:17:25.0849 0x1410  WmiAcpi - ok
20:17:25.0859 0x1410  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:17:25.0875 0x1410  wmiApSrv - ok
20:17:25.0879 0x1410  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:17:25.0891 0x1410  WPCSvc - ok
20:17:25.0897 0x1410  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:17:25.0918 0x1410  WPDBusEnum - ok
20:17:25.0922 0x1410  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:17:25.0949 0x1410  ws2ifsl - ok
20:17:25.0955 0x1410  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:17:25.0972 0x1410  wscsvc - ok
20:17:25.0975 0x1410  WSearch - ok
20:17:26.0067 0x1410  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:17:26.0154 0x1410  wuauserv - ok
20:17:26.0165 0x1410  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:17:26.0179 0x1410  WudfPf - ok
20:17:26.0187 0x1410  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
20:17:26.0202 0x1410  WUDFRd - ok
20:17:26.0208 0x1410  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:17:26.0221 0x1410  wudfsvc - ok
20:17:26.0230 0x1410  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:17:26.0248 0x1410  WwanSvc - ok
20:17:26.0265 0x1410  [ 99217BD11BEE7F21E873F6E39B93AAFD, CF933ED9EEB02427BCAC02CDE32AE01D86D4D535BAC7E2EA473B04C2FDCCCBC9 ] ZSMC301b        C:\Windows\system32\Drivers\usbVM31b.sys
20:17:26.0286 0x1410  ZSMC301b - ok
20:17:26.0292 0x1410  ================ Scan global ===============================
20:17:26.0296 0x1410  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:17:26.0306 0x1410  [ A171AC55EE4B4EE35C18EF0977017A72, E0E3E3B1C3708C30C7292CA09E41CA6C49EB850699126C6D2C0383A72C0097A6 ] C:\Windows\system32\winsrv.dll
20:17:26.0319 0x1410  [ A171AC55EE4B4EE35C18EF0977017A72, E0E3E3B1C3708C30C7292CA09E41CA6C49EB850699126C6D2C0383A72C0097A6 ] C:\Windows\system32\winsrv.dll
20:17:26.0326 0x1410  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:17:26.0339 0x1410  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:17:26.0348 0x1410  [ Global ] - ok
20:17:26.0348 0x1410  ================ Scan MBR ==================================
20:17:26.0350 0x1410  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:17:26.0490 0x1410  \Device\Harddisk0\DR0 - ok
20:17:26.0507 0x1410  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:17:26.0902 0x1410  \Device\Harddisk1\DR1 - ok
20:17:26.0904 0x1410  ================ Scan VBR ==================================
20:17:26.0913 0x1410  [ 685B4038E149766E7E9D861A968CD1D2 ] \Device\Harddisk0\DR0\Partition1
20:17:26.0915 0x1410  \Device\Harddisk0\DR0\Partition1 - ok
20:17:26.0919 0x1410  [ 0AEA1B4DC84F5938E2061B2BD8E90D6F ] \Device\Harddisk1\DR1\Partition1
20:17:26.0979 0x1410  \Device\Harddisk1\DR1\Partition1 - ok
20:17:26.0979 0x1410  ================ Scan generic autorun ======================
20:17:27.0039 0x1410  [ 2DC2C370F785AD5B2717A205238B03E2, 50D002FF269741855986179D4B9D5A820C04E881B624AFEF0B76E80A68930F3D ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
20:17:27.0099 0x1410  NvBackend - ok
20:17:27.0119 0x1410  [ 7E91655B4947EC1B18B3BC1645839145, 4425326D019A7A6380B71D6710AD94D58A11E1BC5BA42159DD4A17437A296C48 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
20:17:27.0133 0x1410  AVP - ok
20:17:27.0177 0x1410  [ F6158734F1E24C6C510155CF0D363911, 320900BA90AF14E254CFAFA70FB15A0E77506217E47A406FA1ED821D0206FE29 ] D:\Programme\update\realsched.exe
20:17:27.0190 0x1410  TkBellExe - ok
20:17:27.0221 0x1410  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:17:27.0267 0x1410  Sidebar - ok
20:17:27.0273 0x1410  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:17:27.0290 0x1410  mctadmin - ok
20:17:27.0323 0x1410  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:17:27.0357 0x1410  Sidebar - ok
20:17:27.0364 0x1410  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:17:27.0379 0x1410  mctadmin - ok
20:17:27.0432 0x1410  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
20:17:27.0486 0x1410  Sidebar - ok
20:17:27.0501 0x1410  Skype - ok
20:17:27.0632 0x1410  [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\Sb\AppData\Local\Akamai\netsession_win.exe
20:17:27.0732 0x1410  Akamai NetSession Interface - ok
20:17:27.0739 0x1410  Waiting for KSN requests completion. In queue: 63
20:17:28.0739 0x1410  Waiting for KSN requests completion. In queue: 63
20:17:29.0739 0x1410  Waiting for KSN requests completion. In queue: 63
20:17:30.0768 0x1410  AV detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmiav.exe ( 13.0.2.558 ), 0x41000 ( enabled : updated )
20:17:30.0770 0x1410  FW detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmifw.exe ( 13.0.2.558 ), 0x41010 ( enabled )
20:17:33.0514 0x1410  ============================================================
20:17:33.0514 0x1410  Scan finished
20:17:33.0514 0x1410  ============================================================
20:17:33.0522 0x22dc  Detected object count: 0
20:17:33.0522 0x22dc  Actual detected object count: 0
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.29.05
  rootkit: v2015.07.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Sb :: SB-PC [administrator]

29.07.2015 20:06:01
mbar-log-2015-07-29 (20-06-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 380250
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 30.07.2015, 08:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Trojaner eingefangen? Trojan Z-000

Alt 30.07.2015, 11:10   #7
Snakedoctor
 
Trojaner eingefangen? Trojan Z-000 - Standard

Combofix



Code:
ATTFilter
ComboFix 15-07-23.01 - Sb 30.07.2015  10:47:06.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8174.3336 [GMT 2:00]
ausgeführt von:: C:\Users\Sb\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Sb\AppData\Local\Adobe\downloader.dll
C:\Users\Sb\AppData\Local\Adobe\gccheck.exe
C:\Users\Sb\AppData\Local\Adobe\gtbcheck.exe
C:\Windows\msdownld.tmp
C:\Windows\SysWow64\zip32.dll
C:\Windows\wininit.ini
D:\install.exe


(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACEDRV11


(((((((((((((((((((((((   Dateien erstellt von 2015-06-28 bis 2015-07-30  ))))))))))))))))))))))))))))))


2015-07-30 09:34:34 . 2015-07-21 05:25:36	12222168	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{826D3460-B790-4CB0-A72A-195B73CFB6F2}\mpengine.dll
2015-07-29 18:05:50 . 2015-07-29 18:15:23	--------	dc----w-	C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-29 07:18:07 . 2015-07-29 07:20:42	--------	dc----w-	C:\FRST
2015-07-28 17:36:59 . 2015-07-28 17:36:59	--------	dc----w-	C:\ProgramData\Licenses
2015-07-28 13:51:59 . 2015-07-28 13:51:59	--------	dc----w-	C:\Users\Sb\AppData\Roaming\Simply Super Software
2015-07-28 13:51:41 . 2015-07-28 13:51:41	--------	dc----w-	C:\ProgramData\Simply Super Software
2015-07-28 13:51:10 . 2015-07-28 13:54:15	--------	dc----w-	C:\ProgramData\SystemExplorer
2015-07-28 06:44:56 . 2015-07-28 06:44:56	--------	dc----w-	C:\Users\Sb\AppData\Roaming\Enigma Software Group
2015-07-28 06:44:13 . 2015-07-28 06:44:13	22704	-c--a-w-	C:\Windows\system32\drivers\EsgScanner.sys
2015-07-28 05:18:03 . 2015-07-28 05:18:06	--------	dc----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-28 05:07:26 . 2015-07-29 18:02:52	107736	-c--a-w-	C:\Windows\system32\drivers\mbamchameleon.sys
2015-07-28 05:07:26 . 2015-06-18 06:41:56	63704	-c--a-w-	C:\Windows\system32\drivers\mwac.sys
2015-07-28 05:07:26 . 2015-06-18 06:41:40	25816	-c--a-w-	C:\Windows\system32\drivers\mbam.sys
2015-07-28 05:05:49 . 2013-09-20 08:49:34	21040	-c--a-w-	C:\Windows\system32\sdnclean64.exe
2015-07-28 04:57:57 . 2015-07-28 04:57:57	--------	dc----w-	C:\Program Files\Western Digital
2015-07-25 16:07:56 . 2015-07-25 16:07:56	--------	dc----w-	C:\Program Files (x86)\Common Files\Java
2015-07-13 18:29:14 . 2015-07-13 18:29:14	--------	dc----w-	C:\Users\Sb\AppData\Roaming\SolidDocuments
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-07-29 18:05:50 . 2014-04-08 18:58:51	136408	-c--a-w-	C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-06-15 01:09:05 . 2015-06-14 17:49:52	459336	----a-w-	C:\Windows\system32\drivers\cng.sys
2015-06-15 01:09:05 . 2015-06-14 17:49:51	95672	----a-w-	C:\Windows\system32\drivers\ksecdd.sys
2015-06-15 01:09:05 . 2015-06-14 17:49:51	686080	----a-w-	C:\Windows\SysWow64\adtschema.dll
2015-06-15 01:09:05 . 2015-06-14 17:49:51	155576	----a-w-	C:\Windows\system32\drivers\ksecpkg.sys
2015-06-15 01:07:29 . 2015-06-14 17:49:41	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-06-15 01:07:29 . 2015-06-14 17:49:41	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-15 01:07:29 . 2015-06-14 17:49:41	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2015-06-15 01:06:41 . 2015-06-14 17:49:39	69888	----a-w-	C:\Windows\system32\drivers\stream.sys
2015-06-15 01:06:19 . 2015-06-14 17:49:39	754688	----a-w-	C:\Windows\system32\drivers\http.sys
2015-05-19 03:29:01 . 2015-06-19 18:24:29	46768	-c--a-w-	C:\Windows\system32\drivers\nvvad64v.sys
         

Alt 30.07.2015, 18:19   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.07.2015, 19:50   #9
Snakedoctor
 
Trojaner eingefangen? Trojan Z-000 - Standard

Mbam



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Error, 30.07.2015 11:09, SYSTEM, SB-PC, Protection, IsLicensed, 13, 
Protection, 30.07.2015 11:09, SYSTEM, SB-PC, Protection, Malware Protection, Stopping, 
Protection, 30.07.2015 11:09, SYSTEM, SB-PC, Protection, Malware Protection, Stopped, 
Error, 30.07.2015 12:03, SYSTEM, SB-PC, Protection, IsLicensed, 13, 
Protection, 30.07.2015 12:03, SYSTEM, SB-PC, Protection, Malware Protection, Stopping, 
Protection, 30.07.2015 12:03, SYSTEM, SB-PC, Protection, Malware Protection, Stopped, 
Update, 30.07.2015 12:46, SYSTEM, SB-PC, Scheduler, AKA IP Database, 2015.7.15.1, 2015.7.29.1, 
Update, 30.07.2015 12:46, SYSTEM, SB-PC, Scheduler, AKA Domain Database, 2015.7.29.1, 2015.7.29.3, 
Update, 30.07.2015 12:47, SYSTEM, SB-PC, Scheduler, Malware Database, 2015.7.29.5, 2015.7.30.2, 
Update, 30.07.2015 19:52, SYSTEM, SB-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3, 
Update, 30.07.2015 19:52, SYSTEM, SB-PC, Manual, Remediation Database, 2015.3.9.1, 2015.7.28.1, 
Update, 30.07.2015 19:52, SYSTEM, SB-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2, 
Update, 30.07.2015 19:52, SYSTEM, SB-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.7.29.2, 
Update, 30.07.2015 19:52, SYSTEM, SB-PC, Manual, Malware Database, 2015.3.9.5, 2015.7.30.4, 
Error, 30.07.2015 19:53, SYSTEM, SB-PC, Update, Bad md5 or size: akadomains, 11, 
Error, 30.07.2015 19:53, SYSTEM, SB-PC, Update, Bad md5 or size: akaips, 11, 
Update, 30.07.2015 19:53, SYSTEM, SB-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3, 
Update, 30.07.2015 19:53, SYSTEM, SB-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2, 
Update, 30.07.2015 19:53, SYSTEM, SB-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.28.1, 
Update, 30.07.2015 19:53, SYSTEM, SB-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.29.2, 
Update, 30.07.2015 19:53, SYSTEM, SB-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.29.1, 
Update, 30.07.2015 19:53, SYSTEM, SB-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.29.3, 
Update, 30.07.2015 19:53, SYSTEM, SB-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.30.4, 
Protection, 30.07.2015 19:53, SYSTEM, SB-PC, Protection, Refresh, Starting, 
Protection, 30.07.2015 19:53, SYSTEM, SB-PC, Protection, Refresh, Success, 
Scan, 30.07.2015 19:55, SYSTEM, SB-PC, Manual, Start: 30.07.2015 19:54, Dauer: 0 Min. 21 Sek., Bedrohungssuchlauf, Abgebrochen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, 
Scan, 30.07.2015 20:01, SYSTEM, SB-PC, Manual, Start: 30.07.2015 19:55, Dauer: 6 Min. 5 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, 

(end)
         
Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 30/07/2015 um 20:38:16
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-26.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Sb - SB-PC
# Gestarted von : C:\Users\Sb\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : swdumon

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\Applian Technologies
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\Users\Sb\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Sb\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Sb\AppData\Local\StormFall
Ordner Gelöscht : C:\Users\Sb\AppData\Local\slimware utilities inc
Ordner Gelöscht : C:\Users\Sb\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Sb\AppData\Roaming\GrabPro
Ordner Gelöscht : C:\Users\Sb\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Sb\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Sb\AppData\Roaming\ProgSense
Ordner Gelöscht : C:\Users\Sb\Documents\Mobogenie
Datei Gelöscht : C:\Windows\System32\drivers\swdumon.sys
Datei Gelöscht : C:\Users\Sb\daemonprocess.txt
Datei Gelöscht : C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\user.js
Datei Gelöscht : C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\foxydeal
Schlüssel Gelöscht : HKCU\Software\ProgSense
Schlüssel Gelöscht : HKCU\Software\SlimWare Utilities Inc
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Show-Password
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\SlimWare Utilities Inc
Schlüssel Gelöscht : HKU\.DEFAULT\Software\SpeedBit
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v39.0 (x86 de)

[3h05lir7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc8/ui/buttons/menu_header.png\",\"width\":225,\"height\":65},{\"name[...]
[3h05lir7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.searchpredict@speedbit.com.install-event-fired", true);
[JonDoFox\prefs.js] - Zeile Gelöscht : user_pref("pttl.menu-search-groups-tab", false);
[JonDoFox\prefs.js] - Zeile Gelöscht : user_pref("pttl.menu-search-groups-win", false);

*************************

AdwCleaner[R0].txt - [11999 Bytes] - [30/07/2015 20:37:44]
AdwCleaner[S0].txt - [11275 Bytes] - [30/07/2015 20:38:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11335  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Professional x64
Ran by Sb on 30.07.2015 at 20:44:45,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\SmartDefrag4_Startup



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Sb\Appdata\Local\{3F26CA59-9AB0-47A4-9AAE-A33D10F008C9}
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Users\Sb\Appdata\Local\crashrpt



~~~ FireFox

Successfully deleted: [File] C:\Users\Sb\AppData\Roaming\mozilla\firefox\profiles\3h05lir7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Successfully deleted: [File] C:\Users\Sb\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\searchplugins\startpage-hxxps.xml





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.07.2015 at 20:48:19,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
durchgeführt von Sb (Administrator) auf SB-PC (30-07-2015 20:50:00)
Gestartet von D:\
Geladene Profile: Sb (Verfügbare Profile: Sb)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Mister Group) D:\System Explorer\SystemExplorer.exe
(Mister Group) D:\System Explorer\service\SystemExplorerService64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Mozilla Corporation) D:\Programme\fire\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [TkBellExe] => D:\Programme\update\realsched.exe [295512 2014-08-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => D:\System Explorer\SystemExplorer.exe [3391720 2015-07-26] (Mister Group)
HKLM-x32\...\Run: [TrojanScanner] => D:\Trojan Remover\Trjscan.exe [1911712 2015-07-28] (Simply Super Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [Skype] => D:\Programme\skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sb\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [CCleaner Monitoring] => D:\Programme\Cleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-07-31] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-08-06] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-08-06] (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3516261958-1870124179-1371758590-1000 -> {0436B53D-D541-4D72-A231-CC301E4DE575} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-06] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{DA6E5973-6D8B-433D-B264-CDE691F579E3}: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{F31AEACE-C472-426E-A34A-5ADA8AA01123}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default
FF Homepage: https://www.facebook.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> D:\Programme\Netscape6\nppl3260.dll [2014-08-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> D:\Programme\Netscape6\nprpplugin.dll [2014-08-15] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> D:\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF Plugin HKU\S-1-5-21-3516261958-1870124179-1371758590-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Sb\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3516261958-1870124179-1371758590-1000: @phonostar.de/phonostar -> D:\Programme\phonostar-Player\npphonostarDetectNP.dll Keine Datei
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml [2013-08-06]
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\2020Player_IKEA@2020Technologies.com [2015-02-17]
FF Extension: Ghostery - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: BetterPrivacy - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-24]
FF Extension: HTTPS-Everywhere - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2013-12-15]
FF Extension: Cookie Monster - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2013-12-15]
FF Extension: DownloadHelper - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-15]
FF Extension: Kein Name - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-12-10]
FF Extension: NoScript - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-09]
FF Extension: Adblock Plus - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: ProfileSwitcher - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-15]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-05-30]
StartMenuInternet: FIREFOX.EXE - D:\Programme\fire\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - D:\Programme\opera\Opera.exe

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 AdobeActiveFileMonitor12.0; D:\ad\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S2 AMD FUEL Service; D:\Programme exe\adm\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [701824 2014-12-24] ()
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MpsSvc; . [0 ] () <==== ATTENTION (Null Byte Datei/Ordner)
S3 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S4 nsmService; D:\NetSetMan\nsmservice.exe [1278632 2015-02-06] (Ilja Herlein)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S4 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [1931632 2015-04-13] (Electronic Arts)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-19] ()
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SDScannerService; D:\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; D:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; D:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; D:\Programme\skype\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R3 SystemExplorerHelpService; D:\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [X]

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AODDriver4.1; D:\Programme exe\adm\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-08-06] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-08-06] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-08-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-08-06] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt - )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [432512 2006-06-06] (VM)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-30 20:48 - 2015-07-30 20:48 - 00001460 ____C C:\Users\Sb\Desktop\JRT.txt
2015-07-30 20:44 - 2015-07-30 20:44 - 01798176 ____C (Malwarebytes Corporation) C:\Users\Sb\Desktop\JRT.exe
2015-07-30 20:41 - 2015-07-30 20:41 - 00212152 ____C C:\Users\Sb\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-30 20:40 - 2015-07-30 20:40 - 05318416 ____C C:\Windows\system32\FNTCACHE.DAT
2015-07-30 20:40 - 2015-07-30 20:40 - 00082094 ____C C:\Windows\PFRO.log
2015-07-30 20:40 - 2015-07-30 20:40 - 00000168 ____C C:\Windows\setupact.log
2015-07-30 20:40 - 2015-07-30 20:40 - 00000000 ____C C:\Windows\setuperr.log
2015-07-30 20:37 - 2015-07-30 20:38 - 00000000 ___DC C:\AdwCleaner
2015-07-30 20:36 - 2015-07-30 20:37 - 02248704 ____C C:\Users\Sb\Desktop\AdwCleaner_4.208.exe
2015-07-30 20:35 - 2015-07-30 20:35 - 00002638 ____C C:\Users\Sb\Desktop\mbam.txt
2015-07-30 19:52 - 2015-07-30 19:53 - 00113880 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 19:52 - 2015-07-30 19:52 - 00001112 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-30 19:52 - 2015-07-30 19:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-30 19:52 - 2015-07-30 19:52 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-30 19:52 - 2015-06-18 08:41 - 00109272 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-30 19:52 - 2015-06-18 08:41 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 19:52 - 2015-06-18 08:41 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-30 19:51 - 2015-07-30 19:51 - 21546080 ____C (Malwarebytes Corporation ) C:\Users\Sb\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-30 10:46 - 2015-07-30 13:46 - 00000000 ___DC C:\ComboFix
2015-07-30 10:46 - 2011-06-26 08:45 - 00256000 ____C C:\Windows\PEV.exe
2015-07-30 10:46 - 2010-11-07 19:20 - 00208896 ____C C:\Windows\MBR.exe
2015-07-30 10:46 - 2009-04-20 06:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00098816 ____C C:\Windows\sed.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00080412 ____C C:\Windows\grep.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00068096 ____C C:\Windows\zip.exe
2015-07-30 10:45 - 2015-07-30 11:56 - 00000000 ___DC C:\Windows\erdnt
2015-07-30 10:45 - 2015-07-30 10:53 - 00000000 ___DC C:\Qoobox
2015-07-30 10:44 - 2015-07-30 10:44 - 05633622 ___RC (Swearware) C:\Users\Sb\Desktop\ComboFix.exe
2015-07-29 20:05 - 2015-07-29 20:15 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-29 20:03 - 2015-07-29 20:03 - 04404952 ____C (Kaspersky Lab ZAO) C:\Users\Sb\Desktop\tdsskiller.exe
2015-07-29 20:02 - 2015-07-29 20:15 - 00000000 ___DC C:\Users\Sb\Desktop\mbar
2015-07-29 20:02 - 2015-07-29 20:02 - 16502728 ____C (Malwarebytes Corp.) C:\Users\Sb\Desktop\mbar-1.09.1.1004.exe
2015-07-29 09:18 - 2015-07-30 20:50 - 00000000 ___DC C:\FRST
2015-07-28 19:36 - 2015-07-28 19:36 - 00000000 ___DC C:\ProgramData\Licenses
2015-07-28 15:51 - 2015-07-28 15:54 - 00000000 ___DC C:\ProgramData\SystemExplorer
2015-07-28 15:51 - 2015-07-28 15:51 - 00000670 ____C C:\Users\Public\Desktop\Trojan Remover.lnk
2015-07-28 15:51 - 2015-07-28 15:51 - 00000603 ____C C:\Users\Public\Desktop\System Explorer.lnk
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\Users\Sb\Documents\Simply Super Software
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Simply Super Software
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Simply Super Software
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-07-28 08:45 - 2015-07-28 08:45 - 00000000 ____C C:\autoexec.bat
2015-07-28 08:44 - 2015-07-28 08:44 - 00022704 ____C C:\Windows\system32\Drivers\EsgScanner.sys
2015-07-28 08:44 - 2015-07-28 08:44 - 00003308 ____C C:\Windows\System32\Tasks\SpyHunter4Startup
2015-07-28 08:44 - 2015-07-28 08:44 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Enigma Software Group
2015-07-28 07:18 - 2015-07-28 07:18 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-28 07:05 - 2015-07-28 07:05 - 00000848 ____C C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-28 07:05 - 2015-07-28 07:05 - 00000848 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-28 07:05 - 2015-07-28 07:05 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-28 07:05 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-28 07:04 - 2015-07-28 07:04 - 00000000 ___DC C:\Users\Sb\Desktop\backups
2015-07-28 07:02 - 2015-07-28 07:02 - 00010991 ____C C:\Users\Public\Documents\hijackthis.log
2015-07-28 06:57 - 2015-07-28 06:57 - 00000000 ___DC C:\Program Files\Western Digital
2015-07-27 18:19 - 2015-07-27 18:19 - 00014634 _____ C:\Users\Public\Documents\Schadensmeldung UWS Technologie.xlsx
2015-07-23 13:07 - 2015-07-23 13:07 - 00000000 ___DC C:\Users\Sb\Documents\Neuer Ordner
2015-07-09 11:52 - 2015-07-09 12:12 - 00039600 _____ C:\Users\Public\Documents\Nathan Netto.xlsx
2015-07-08 15:56 - 2015-07-08 15:56 - 00000263 ____C C:\Users\Public\Documents\UWS Katalog 2015-Auszug Complete.log
2015-07-03 08:04 - 2015-06-17 11:10 - 42729104 ____C C:\Windows\system32\nvcompiler.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 37748880 ____C C:\Windows\SysWOW64\nvcompiler.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 30481552 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 22947144 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 16145200 ____C (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 15866992 ____C (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 15224784 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 14497520 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 13263056 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 11831856 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 11011216 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-03 08:04 - 2015-06-17 11:10 - 02997544 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 02932368 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 02599752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01898128 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01567576 ____C (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01557832 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01099992 ____C (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01060168 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01050768 ____C (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00982672 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00975176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00938752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00503408 ____C (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00408392 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00407296 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00364176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00204648 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-03 08:04 - 2015-06-17 11:10 - 00176904 ____C (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00155280 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00150832 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00128696 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00040280 ____C (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-03 07:28 - 2015-07-11 23:31 - 00104758 _____ C:\Users\Public\Documents\Mappe1.xlsx
2015-07-03 07:28 - 2015-07-03 07:28 - 00019790 _____ C:\Users\Public\Documents\Mappe2.xlsx
2015-07-02 08:23 - 2015-07-02 08:23 - 00000432 ____C C:\Users\Sb\Desktop\Any Video Converter.lnk
2015-07-02 08:23 - 2015-07-02 08:23 - 00000000 ___DC C:\Users\Sb\Documents\Any Video Converter

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-30 20:48 - 2012-11-16 15:15 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Skype
2015-07-30 20:45 - 2014-08-06 10:34 - 00008192 ____C C:\Windows\SysWOW64\WDPABKP.dat
2015-07-30 20:45 - 2009-07-14 06:45 - 00021680 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-30 20:45 - 2009-07-14 06:45 - 00021680 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-30 20:43 - 2015-06-14 19:16 - 01208596 ____C C:\Windows\WindowsUpdate.log
2015-07-30 20:42 - 2012-11-15 15:04 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2015-07-30 20:40 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2015-07-30 20:38 - 2012-11-16 12:50 - 00000000 ___DC C:\Users\Sb
2015-07-30 19:54 - 2014-05-16 10:15 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Wise Disk Cleaner
2015-07-30 16:11 - 2014-08-15 11:33 - 00003328 ____C C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3516261958-1870124179-1371758590-1000
2015-07-30 16:11 - 2014-08-15 11:33 - 00003188 ____C C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3516261958-1870124179-1371758590-1000
2015-07-30 16:00 - 2014-11-26 15:05 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\HylaFAX-Client-Pro
2015-07-30 13:46 - 2012-11-16 15:06 - 00000000 __RDC C:\MSOCache
2015-07-30 12:14 - 2012-11-27 10:34 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\TeamViewer
2015-07-30 12:14 - 2012-11-16 15:26 - 00002756 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-30 12:09 - 2011-04-12 09:43 - 00702926 ____C C:\Windows\system32\perfh007.dat
2015-07-30 12:09 - 2011-04-12 09:43 - 00150566 ____C C:\Windows\system32\perfc007.dat
2015-07-30 12:09 - 2009-07-14 07:13 - 01629276 ____C C:\Windows\system32\PerfStringBackup.INI
2015-07-30 11:49 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2015-07-30 11:07 - 2009-07-14 04:34 - 96993280 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 47185920 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 19398656 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-07-30 10:53 - 2014-07-31 09:05 - 00000000 ___DC C:\Users\Sb\AppData\Local\Adobe
2015-07-30 10:49 - 2013-07-18 13:41 - 00000000 ___DC C:\ProgramData\TEMP
2015-07-28 07:47 - 2013-09-27 16:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-28 07:05 - 2013-12-02 23:22 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-07-28 06:58 - 2013-10-30 10:27 - 00000000 ___DC C:\ProgramData\Package Cache
2015-07-28 06:57 - 2014-07-31 10:30 - 00000000 ___DC C:\Program Files\Common Files\Western Digital
2015-07-28 06:57 - 2014-07-31 10:29 - 00000000 ___DC C:\ProgramData\Western Digital
2015-07-28 06:57 - 2014-07-31 10:29 - 00000000 ___DC C:\Program Files (x86)\Western Digital
2015-07-25 18:09 - 2013-10-31 10:29 - 00000000 ___DC C:\ProgramData\Oracle
2015-07-25 18:08 - 2013-06-24 13:19 - 00000709 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-25 18:08 - 2013-03-16 18:25 - 00000000 ___DC C:\Program Files (x86)\Java
2015-07-25 18:08 - 2013-02-18 13:29 - 00000709 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-25 18:07 - 2014-04-01 10:13 - 00097888 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-25 15:21 - 2013-04-17 14:44 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\vlc
2015-07-25 13:50 - 2014-09-28 08:30 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 13:08 - 2015-05-26 20:00 - 00001118 ____C C:\Users\Sb\Desktop\Amazon Music.lnk
2015-07-25 12:31 - 2013-07-08 10:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWKI-Reader
2015-07-19 18:23 - 2013-11-20 15:35 - 00000000 ___DC C:\ProgramData\Skype
2015-07-14 12:52 - 2014-09-28 08:30 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 12:52 - 2012-11-17 22:29 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 12:52 - 2012-11-17 22:29 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 08:54 - 2015-06-16 15:52 - 00001206 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-12 08:54 - 2015-06-16 15:52 - 00001202 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-09 17:29 - 2014-06-30 12:03 - 00000132 ____C C:\Users\Sb\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-07-05 08:36 - 2012-11-16 16:21 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-03 08:28 - 2015-06-16 15:52 - 00004214 ____C C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-03 08:28 - 2015-06-16 15:52 - 00003962 ____C C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-03 08:28 - 2015-05-30 13:43 - 00003888 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-03 08:06 - 2012-11-15 14:20 - 00000000 ___DC C:\ProgramData\NVIDIA Corporation
2015-07-03 08:06 - 2012-11-15 14:20 - 00000000 ___DC C:\ProgramData\NVIDIA
2015-07-03 08:04 - 2015-06-19 20:24 - 00000000 ___DC C:\ProgramData\boost_interprocess
2015-07-03 07:59 - 2013-09-23 09:50 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Dropbox
2015-07-03 07:41 - 2012-11-15 14:20 - 00000000 ___DC C:\temp
2015-07-03 07:25 - 2013-04-29 16:04 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\AnvSoft
2015-07-02 13:18 - 2013-07-18 17:19 - 00000000 ___DC C:\Users\Sb\dwhelper
2015-07-01 19:07 - 2015-02-05 14:49 - 00000000 ___DC C:\Program Files (x86)\TeamViewer

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-22 19:09 - 2014-10-22 19:09 - 0001152 ____C () C:\Users\Sb\AppData\Roaming\ACInitialize.log
2014-06-30 12:03 - 2015-07-09 17:29 - 0000132 ____C () C:\Users\Sb\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2013-04-17 14:40 - 2013-04-25 07:57 - 0000036 ___HC () C:\Users\Sb\AppData\Roaming\swk.ini
2012-12-06 15:05 - 2012-12-06 15:05 - 0094101 ____C () C:\Users\Sb\AppData\Local\8ACB6E5756A44c2bB2219595F7429CB2..DNS
2014-07-30 19:46 - 2014-07-30 19:46 - 0001456 ____C () C:\Users\Sb\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2012-11-23 14:19 - 2014-04-09 10:35 - 0022528 ____C () C:\Users\Sb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-04 12:52 - 2015-01-13 14:58 - 0007605 ____C () C:\Users\Sb\AppData\Local\Resmon.ResmonCfg
2012-11-16 12:51 - 2012-11-16 12:51 - 0017408 ____C () C:\Users\Sb\AppData\Local\WebpageIcons.db
2013-09-23 14:09 - 2013-09-23 14:09 - 0000016 ____C () C:\ProgramData\.7486160831680234
2014-04-28 16:24 - 2014-04-28 16:24 - 0000057 ____C () C:\ProgramData\Ament.ini

Einige Dateien in TEMP:
====================
C:\Users\Sb\AppData\Local\Temp\Quarantine.exe
C:\Users\Sb\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-29 07:48

==================== Ende von log ============================
         

Alt 31.07.2015, 09:48   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.07.2015, 21:04   #11
Snakedoctor
 
Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d57f2947a20f54eb3f075c6cc8225f1
# end=init
# utc_time=2015-07-31 08:57:15
# local_time=2015-07-31 10:57:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25064
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d57f2947a20f54eb3f075c6cc8225f1
# end=updated
# utc_time=2015-07-31 09:00:14
# local_time=2015-07-31 11:00:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2d57f2947a20f54eb3f075c6cc8225f1
# engine=25064
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-31 10:08:48
# local_time=2015-07-31 12:08:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777213 100 99 55685 130586996 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 189967178 0 0
# scanned=305251
# found=17
# cleaned=17
# scan_time=4113
sh=6E701C569650C19831950648A584891AA465FF62 ft=1 fh=9c4a8b4e35f83464 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\123D Catch - CHIP-Installer.exe"
sh=DDD7FD9BFAB97E37E7ABA59FE37B68B2DCA5E9DF ft=1 fh=03e154a257e41b1c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\3DCrafter - CHIP-Installer.exe"
sh=E44E614314C7846BF4A05388D9A75A4343F5ECFE ft=1 fh=13fffafde6ed82cf vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\balabolka_CB-DL-Manager.exe"
sh=8E2A9348FDEE1AEB699F0A2981AAD309FACA5DD6 ft=1 fh=7b1e1fa52dad57a5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Blender 64 Bit - CHIP-Installer.exe"
sh=9DF97B417C53958902D1876867B1B5233E107868 ft=1 fh=b6fea5969f17fc17 vn="Win32/Somoto.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\m4a-to-mp3-81converter.exe"
sh=713050CD153D68394BCFFCBFD5752221E3F47A76 ft=1 fh=560755c65f396fba vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Magix Video Deluxe 2015 64 Bit - CHIP-Installer.exe"
sh=3B58C3A0547D2CBC41121ED1BF33ECAB03EBA0AD ft=1 fh=cf319d3f09c97fde vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Minimal ADB and Fastboot - CHIP-Installer.exe"
sh=D440271830BFBDDC4BD512FB5CE91F4344A5F01C ft=1 fh=75e99a1b0a4a8500 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Smart Defrag - CHIP-Installer.exe"
sh=25BCF2736893BAC3F10C4AF58643515EF6ACA282 ft=1 fh=fe337ec4f3818328 vn="Variante von Win32/InstallCore.AAC evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\USB-Fehlerbehebung.exe"
sh=C657684CFA129CD953439BC048DA8368723A9D3E ft=1 fh=e32b064123157a3e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\XMedia Recode - CHIP-Installer.exe"
sh=A48602FD6FB5006F105C60F15CD7FB36286F6942 ft=1 fh=e7d6a14a710bb04f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Musik\Free WebM Video Converter - CHIP-Installer.exe"
sh=9B3C8CF86940BFEB35A1AC1108D86B43D07C96B2 ft=1 fh=03d13bada5179aeb vn="Variante von Win32/InstallCore.PZ evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Programme\Setup_AKCleaner_CB-DL-Manager.exe"
sh=9DF97B417C53958902D1876867B1B5233E107868 ft=1 fh=b6fea5969f17fc17 vn="Win32/Somoto.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme exe\m4a-to-mp3-81converter.exe"
sh=EDCF4EA293DD0C7475D73797276FBE9E45EBBC29 ft=1 fh=51c8894478037c3d vn="Win32/Somoto.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme exe\m4a-to80-mp3-converter.exe"
sh=A23BA1D44384E08ECA277FA9C6DA596607773FD2 ft=1 fh=df358b5f2acd51ee vn="Win32/Somoto.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme exe\streamtransport1101_setup.exe"
sh=0BFF84AA6CC4CCF580EAE2FBF4C129FA6EA612C4 ft=1 fh=9fe1a4845276fe8f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Programme exe\Unlocker1.9.1-x64.exe"
sh=6B98DF262609184317D5CDED2B7CCC1A96C4F962 ft=1 fh=4caa51c2552e5f01 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\UWS\Heiz\Kunden\Logos\Setup_FreeFlvConverter.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.006  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky PURE 3.0   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Trojan Remover 6.9.2.2938   
 Wise Disk Cleaner 8.41  
 Java 8 Update 51  
 Adobe Flash Player 18.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox (39.0) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky PURE 3.0 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
durchgeführt von Sb (Administrator) auf SB-PC (31-07-2015 12:45:07)
Gestartet von D:\
Geladene Profile: Sb (Verfügbare Profile: Sb)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Mister Group) D:\System Explorer\SystemExplorer.exe
(Mister Group) D:\System Explorer\service\SystemExplorerService64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) D:\Programme\fire\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) D:\office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Western Digital Technologies, Inc.) C:\Program Files\Common Files\Western Digital\WDVSS\WDLockedFiles.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [TkBellExe] => D:\Programme\update\realsched.exe [295512 2014-08-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => D:\System Explorer\SystemExplorer.exe [3391720 2015-07-26] (Mister Group)
HKLM-x32\...\Run: [TrojanScanner] => D:\Trojan Remover\Trjscan.exe [1911712 2015-07-28] (Simply Super Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [Skype] => D:\Programme\skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sb\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [CCleaner Monitoring] => D:\Programme\Cleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-07-31] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-08-06] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-08-06] (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3516261958-1870124179-1371758590-1000 -> {0436B53D-D541-4D72-A231-CC301E4DE575} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-06] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{DA6E5973-6D8B-433D-B264-CDE691F579E3}: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{F31AEACE-C472-426E-A34A-5ADA8AA01123}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default
FF Homepage: https://www.facebook.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> D:\Programme\Netscape6\nppl3260.dll [2014-08-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> D:\Programme\Netscape6\nprpplugin.dll [2014-08-15] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> D:\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF Plugin HKU\S-1-5-21-3516261958-1870124179-1371758590-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Sb\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3516261958-1870124179-1371758590-1000: @phonostar.de/phonostar -> D:\Programme\phonostar-Player\npphonostarDetectNP.dll Keine Datei
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml [2013-08-06]
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\2020Player_IKEA@2020Technologies.com [2015-02-17]
FF Extension: Ghostery - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: BetterPrivacy - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-24]
FF Extension: HTTPS-Everywhere - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2013-12-15]
FF Extension: Cookie Monster - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2013-12-15]
FF Extension: DownloadHelper - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-15]
FF Extension: Kein Name - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-12-10]
FF Extension: NoScript - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-09]
FF Extension: Adblock Plus - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: ProfileSwitcher - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-15]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-05-30]
StartMenuInternet: FIREFOX.EXE - D:\Programme\fire\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - D:\Programme\opera\Opera.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 AdobeActiveFileMonitor12.0; D:\ad\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S2 AMD FUEL Service; D:\Programme exe\adm\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [701824 2014-12-24] ()
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MpsSvc; . [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
S3 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S4 nsmService; D:\NetSetMan\nsmservice.exe [1278632 2015-02-06] (Ilja Herlein)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S4 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [1931632 2015-04-13] (Electronic Arts)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-19] ()
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SDScannerService; D:\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; D:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; D:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; D:\Programme\skype\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R3 SystemExplorerHelpService; D:\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [X]

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AODDriver4.1; D:\Programme exe\adm\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-08-06] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-08-06] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-08-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-08-06] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt - )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [432512 2006-06-06] (VM)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-31 12:33 - 2015-07-31 12:33 - 00577452 ____C C:\Users\Public\Documents\tour7737.kml
2015-07-31 10:56 - 2015-07-31 10:56 - 02870984 ____C (ESET) C:\Users\Sb\Desktop\esetsmartinstaller_deu.exe
2015-07-31 10:56 - 2015-07-31 10:56 - 00852684 ____C C:\Users\Sb\Desktop\SecurityCheck.exe
2015-07-30 20:48 - 2015-07-30 20:48 - 00001460 ____C C:\Users\Sb\Desktop\JRT.txt
2015-07-30 20:44 - 2015-07-30 20:44 - 01798176 ____C (Malwarebytes Corporation) C:\Users\Sb\Desktop\JRT.exe
2015-07-30 20:41 - 2015-07-30 20:41 - 00212152 ____C C:\Users\Sb\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-30 20:40 - 2015-07-30 20:40 - 05318416 ____C C:\Windows\system32\FNTCACHE.DAT
2015-07-30 20:40 - 2015-07-30 20:40 - 00082094 ____C C:\Windows\PFRO.log
2015-07-30 20:40 - 2015-07-30 20:40 - 00000168 ____C C:\Windows\setupact.log
2015-07-30 20:40 - 2015-07-30 20:40 - 00000000 ____C C:\Windows\setuperr.log
2015-07-30 20:37 - 2015-07-30 20:38 - 00000000 ___DC C:\AdwCleaner
2015-07-30 20:36 - 2015-07-30 20:37 - 02248704 ____C C:\Users\Sb\Desktop\AdwCleaner_4.208.exe
2015-07-30 20:35 - 2015-07-30 20:35 - 00002638 ____C C:\Users\Sb\Desktop\mbam.txt
2015-07-30 19:52 - 2015-07-30 19:53 - 00113880 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 19:52 - 2015-07-30 19:52 - 00001112 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-30 19:52 - 2015-07-30 19:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-30 19:52 - 2015-07-30 19:52 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-30 19:52 - 2015-06-18 08:41 - 00109272 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-30 19:52 - 2015-06-18 08:41 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 19:52 - 2015-06-18 08:41 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-30 19:51 - 2015-07-30 19:51 - 21546080 ____C (Malwarebytes Corporation ) C:\Users\Sb\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-30 10:46 - 2015-07-30 13:46 - 00000000 ___DC C:\ComboFix
2015-07-30 10:46 - 2011-06-26 08:45 - 00256000 ____C C:\Windows\PEV.exe
2015-07-30 10:46 - 2010-11-07 19:20 - 00208896 ____C C:\Windows\MBR.exe
2015-07-30 10:46 - 2009-04-20 06:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00098816 ____C C:\Windows\sed.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00080412 ____C C:\Windows\grep.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00068096 ____C C:\Windows\zip.exe
2015-07-30 10:45 - 2015-07-30 11:56 - 00000000 ___DC C:\Windows\erdnt
2015-07-30 10:45 - 2015-07-30 10:53 - 00000000 ___DC C:\Qoobox
2015-07-30 10:44 - 2015-07-30 10:44 - 05633622 ___RC (Swearware) C:\Users\Sb\Desktop\ComboFix.exe
2015-07-29 20:05 - 2015-07-29 20:15 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-29 20:03 - 2015-07-29 20:03 - 04404952 ____C (Kaspersky Lab ZAO) C:\Users\Sb\Desktop\tdsskiller.exe
2015-07-29 20:02 - 2015-07-29 20:15 - 00000000 ___DC C:\Users\Sb\Desktop\mbar
2015-07-29 20:02 - 2015-07-29 20:02 - 16502728 ____C (Malwarebytes Corp.) C:\Users\Sb\Desktop\mbar-1.09.1.1004.exe
2015-07-29 09:18 - 2015-07-31 12:45 - 00000000 ___DC C:\FRST
2015-07-28 19:36 - 2015-07-28 19:36 - 00000000 ___DC C:\ProgramData\Licenses
2015-07-28 15:51 - 2015-07-28 15:54 - 00000000 ___DC C:\ProgramData\SystemExplorer
2015-07-28 15:51 - 2015-07-28 15:51 - 00000670 ____C C:\Users\Public\Desktop\Trojan Remover.lnk
2015-07-28 15:51 - 2015-07-28 15:51 - 00000603 ____C C:\Users\Public\Desktop\System Explorer.lnk
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\Users\Sb\Documents\Simply Super Software
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Simply Super Software
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Simply Super Software
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-07-28 08:45 - 2015-07-28 08:45 - 00000000 ____C C:\autoexec.bat
2015-07-28 08:44 - 2015-07-28 08:44 - 00022704 ____C C:\Windows\system32\Drivers\EsgScanner.sys
2015-07-28 08:44 - 2015-07-28 08:44 - 00003308 ____C C:\Windows\System32\Tasks\SpyHunter4Startup
2015-07-28 08:44 - 2015-07-28 08:44 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Enigma Software Group
2015-07-28 07:18 - 2015-07-28 07:18 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-28 07:05 - 2015-07-28 07:05 - 00000848 ____C C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-28 07:05 - 2015-07-28 07:05 - 00000848 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-28 07:05 - 2015-07-28 07:05 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-28 07:05 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-28 07:04 - 2015-07-28 07:04 - 00000000 ___DC C:\Users\Sb\Desktop\backups
2015-07-28 07:02 - 2015-07-28 07:02 - 00010991 ____C C:\Users\Public\Documents\hijackthis.log
2015-07-28 06:57 - 2015-07-28 06:57 - 00000000 ___DC C:\Program Files\Western Digital
2015-07-27 18:19 - 2015-07-27 18:19 - 00014634 _____ C:\Users\Public\Documents\Schadensmeldung UWS Technologie.xlsx
2015-07-23 13:07 - 2015-07-23 13:07 - 00000000 ___DC C:\Users\Sb\Documents\Neuer Ordner
2015-07-09 11:52 - 2015-07-09 12:12 - 00039600 _____ C:\Users\Public\Documents\Nathan Netto.xlsx
2015-07-08 15:56 - 2015-07-08 15:56 - 00000263 ____C C:\Users\Public\Documents\UWS Katalog 2015-Auszug Complete.log
2015-07-03 08:04 - 2015-06-17 11:10 - 42729104 ____C C:\Windows\system32\nvcompiler.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 37748880 ____C C:\Windows\SysWOW64\nvcompiler.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 30481552 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 22947144 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 16145200 ____C (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 15866992 ____C (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 15224784 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 14497520 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 13263056 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 11831856 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 11011216 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-03 08:04 - 2015-06-17 11:10 - 02997544 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 02932368 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 02599752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01898128 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01567576 ____C (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01557832 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01099992 ____C (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01060168 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01050768 ____C (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00982672 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00975176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00938752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00503408 ____C (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00408392 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00407296 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00364176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00204648 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-03 08:04 - 2015-06-17 11:10 - 00176904 ____C (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00155280 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00150832 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00128696 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 00040280 ____C (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-03 07:28 - 2015-07-11 23:31 - 00104758 _____ C:\Users\Public\Documents\Mappe1.xlsx
2015-07-03 07:28 - 2015-07-03 07:28 - 00019790 _____ C:\Users\Public\Documents\Mappe2.xlsx
2015-07-02 08:23 - 2015-07-02 08:23 - 00000432 ____C C:\Users\Sb\Desktop\Any Video Converter.lnk
2015-07-02 08:23 - 2015-07-02 08:23 - 00000000 ___DC C:\Users\Sb\Documents\Any Video Converter

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-31 12:44 - 2012-11-16 12:50 - 00000000 ___DC C:\Users\Sb
2015-07-31 12:36 - 2014-08-06 10:34 - 00008192 ____C C:\Windows\SysWOW64\WDPABKP.dat
2015-07-31 12:35 - 2012-11-16 15:15 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Skype
2015-07-31 11:41 - 2012-11-15 15:04 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2015-07-31 10:55 - 2011-04-12 09:43 - 00702926 ____C C:\Windows\system32\perfh007.dat
2015-07-31 10:55 - 2011-04-12 09:43 - 00150566 ____C C:\Windows\system32\perfc007.dat
2015-07-31 10:55 - 2009-07-14 07:13 - 01629276 ____C C:\Windows\system32\PerfStringBackup.INI
2015-07-31 08:26 - 2015-06-14 19:16 - 01215120 ____C C:\Windows\WindowsUpdate.log
2015-07-30 20:52 - 2009-07-14 06:45 - 00021680 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-30 20:52 - 2009-07-14 06:45 - 00021680 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-30 20:40 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2015-07-30 19:54 - 2014-05-16 10:15 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Wise Disk Cleaner
2015-07-30 16:11 - 2014-08-15 11:33 - 00003328 ____C C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3516261958-1870124179-1371758590-1000
2015-07-30 16:11 - 2014-08-15 11:33 - 00003188 ____C C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3516261958-1870124179-1371758590-1000
2015-07-30 16:00 - 2014-11-26 15:05 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\HylaFAX-Client-Pro
2015-07-30 13:46 - 2012-11-16 15:06 - 00000000 __RDC C:\MSOCache
2015-07-30 12:14 - 2012-11-27 10:34 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\TeamViewer
2015-07-30 12:14 - 2012-11-16 15:26 - 00002756 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-30 11:49 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2015-07-30 11:07 - 2009-07-14 04:34 - 96993280 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 47185920 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 19398656 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-07-30 10:53 - 2014-07-31 09:05 - 00000000 ___DC C:\Users\Sb\AppData\Local\Adobe
2015-07-30 10:49 - 2013-07-18 13:41 - 00000000 ___DC C:\ProgramData\TEMP
2015-07-28 07:47 - 2013-09-27 16:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-28 07:05 - 2013-12-02 23:22 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-07-28 06:58 - 2013-10-30 10:27 - 00000000 ___DC C:\ProgramData\Package Cache
2015-07-28 06:57 - 2014-07-31 10:30 - 00000000 ___DC C:\Program Files\Common Files\Western Digital
2015-07-28 06:57 - 2014-07-31 10:29 - 00000000 ___DC C:\ProgramData\Western Digital
2015-07-28 06:57 - 2014-07-31 10:29 - 00000000 ___DC C:\Program Files (x86)\Western Digital
2015-07-25 18:09 - 2013-10-31 10:29 - 00000000 ___DC C:\ProgramData\Oracle
2015-07-25 18:08 - 2013-06-24 13:19 - 00000709 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-25 18:08 - 2013-03-16 18:25 - 00000000 ___DC C:\Program Files (x86)\Java
2015-07-25 18:08 - 2013-02-18 13:29 - 00000709 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-25 18:07 - 2014-04-01 10:13 - 00097888 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-25 15:21 - 2013-04-17 14:44 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\vlc
2015-07-25 13:50 - 2014-09-28 08:30 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 13:08 - 2015-05-26 20:00 - 00001118 ____C C:\Users\Sb\Desktop\Amazon Music.lnk
2015-07-25 12:31 - 2013-07-08 10:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWKI-Reader
2015-07-19 18:23 - 2013-11-20 15:35 - 00000000 ___DC C:\ProgramData\Skype
2015-07-14 12:52 - 2014-09-28 08:30 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 12:52 - 2012-11-17 22:29 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 12:52 - 2012-11-17 22:29 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 08:54 - 2015-06-16 15:52 - 00001206 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-12 08:54 - 2015-06-16 15:52 - 00001202 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-09 17:29 - 2014-06-30 12:03 - 00000132 ____C C:\Users\Sb\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-07-05 08:36 - 2012-11-16 16:21 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-03 08:28 - 2015-06-16 15:52 - 00004214 ____C C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-03 08:28 - 2015-06-16 15:52 - 00003962 ____C C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-03 08:28 - 2015-05-30 13:43 - 00003888 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-03 08:06 - 2012-11-15 14:20 - 00000000 ___DC C:\ProgramData\NVIDIA Corporation
2015-07-03 08:06 - 2012-11-15 14:20 - 00000000 ___DC C:\ProgramData\NVIDIA
2015-07-03 08:04 - 2015-06-19 20:24 - 00000000 ___DC C:\ProgramData\boost_interprocess
2015-07-03 07:59 - 2013-09-23 09:50 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Dropbox
2015-07-03 07:41 - 2012-11-15 14:20 - 00000000 ___DC C:\temp
2015-07-03 07:25 - 2013-04-29 16:04 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\AnvSoft
2015-07-02 13:18 - 2013-07-18 17:19 - 00000000 ___DC C:\Users\Sb\dwhelper
2015-07-01 19:07 - 2015-02-05 14:49 - 00000000 ___DC C:\Program Files (x86)\TeamViewer

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-22 19:09 - 2014-10-22 19:09 - 0001152 ____C () C:\Users\Sb\AppData\Roaming\ACInitialize.log
2014-06-30 12:03 - 2015-07-09 17:29 - 0000132 ____C () C:\Users\Sb\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2013-04-17 14:40 - 2013-04-25 07:57 - 0000036 ___HC () C:\Users\Sb\AppData\Roaming\swk.ini
2012-12-06 15:05 - 2012-12-06 15:05 - 0094101 ____C () C:\Users\Sb\AppData\Local\8ACB6E5756A44c2bB2219595F7429CB2..DNS
2014-07-30 19:46 - 2014-07-30 19:46 - 0001456 ____C () C:\Users\Sb\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2012-11-23 14:19 - 2014-04-09 10:35 - 0022528 ____C () C:\Users\Sb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-04 12:52 - 2015-01-13 14:58 - 0007605 ____C () C:\Users\Sb\AppData\Local\Resmon.ResmonCfg
2012-11-16 12:51 - 2012-11-16 12:51 - 0017408 ____C () C:\Users\Sb\AppData\Local\WebpageIcons.db
2013-09-23 14:09 - 2013-09-23 14:09 - 0000016 ____C () C:\ProgramData\.7486160831680234
2014-04-28 16:24 - 2014-04-28 16:24 - 0000057 ____C () C:\ProgramData\Ament.ini

Einige Dateien in TEMP:
====================
C:\Users\Sb\AppData\Local\Temp\Quarantine.exe
C:\Users\Sb\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-30 21:34

==================== Ende von log ============================
         
ALso das mit WD Smart geht schonmal wieder :-). Auch allgemein besser. EInzigstes ist das mit Version Firefox. da werd ich denke ich komplett deinstallieren und Neuinstallieren. Lesezeichen kann man ja speichern :-)

War was drauf?

HI

mein Kaspersky sagt jetzt

Maleware gefunden

FRST.EXE

UDSangerousObject.Multi.Generic

Kannst du mir das erklären?

Danke
Gruss

Alt 01.08.2015, 14:18   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



Fehlalarm von Kaspersky

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
D:\123D Catch - CHIP-Installer.exe

D:\3DCrafter - CHIP-Installer.exe

D:\balabolka_CB-DL-Manager.exe

D:\Blender 64 Bit - CHIP-Installer.exe

D:\m4a-to-mp3-81converter.exe

D:\Magix Video Deluxe 2015 64 Bit - CHIP-Installer.exe

D:\Minimal ADB and Fastboot - CHIP-Installer.exe

D:\Smart Defrag - CHIP-Installer.exe

D:\USB-Fehlerbehebung.exe

D:\XMedia Recode - CHIP-Installer.exe

D:\Musik\Free WebM Video Converter - CHIP-Installer.exe

D:\Programme\Setup_AKCleaner_CB-DL-Manager.exe

D:\Programme exe\m4a-to-mp3-81converter.exe

D:\Programme exe\m4a-to80-mp3-converter.exe

D:\Programme exe\streamtransport1101_setup.exe

D:\Programme exe\Unlocker1.9.1-x64.exe

D:\UWS\Heiz\Kunden\Logos\Setup_FreeFlvConverter.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{DA6E5973-6D8B-433D-B264-CDE691F579E3}: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{F31AEACE-C472-426E-A34A-5ADA8AA01123}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte. Und:

Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.08.2015, 21:28   #13
Snakedoctor
 
Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-07-2015
durchgeführt von Sb (2015-08-01 22:22:10) Run:1
Gestartet von C:\Users\Sb\Desktop
Geladene Profile: Sb (Verfügbare Profile: Sb)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
D:\123D Catch - CHIP-Installer.exe

D:\3DCrafter - CHIP-Installer.exe

D:\balabolka_CB-DL-Manager.exe

D:\Blender 64 Bit - CHIP-Installer.exe

D:\m4a-to-mp3-81converter.exe

D:\Magix Video Deluxe 2015 64 Bit - CHIP-Installer.exe

D:\Minimal ADB and Fastboot - CHIP-Installer.exe

D:\Smart Defrag - CHIP-Installer.exe

D:\USB-Fehlerbehebung.exe

D:\XMedia Recode - CHIP-Installer.exe

D:\Musik\Free WebM Video Converter - CHIP-Installer.exe

D:\Programme\Setup_AKCleaner_CB-DL-Manager.exe

D:\Programme exe\m4a-to-mp3-81converter.exe

D:\Programme exe\m4a-to80-mp3-converter.exe

D:\Programme exe\streamtransport1101_setup.exe

D:\Programme exe\Unlocker1.9.1-x64.exe

D:\UWS\Heiz\Kunden\Logos\Setup_FreeFlvConverter.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{DA6E5973-6D8B-433D-B264-CDE691F579E3}: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{F31AEACE-C472-426E-A34A-5ADA8AA01123}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Emptytemp:
*****************

"D:\123D Catch - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
"D:\3DCrafter - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
"D:\balabolka_CB-DL-Manager.exe" => Datei/Ordner nicht gefunden.
"D:\Blender 64 Bit - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
"D:\m4a-to-mp3-81converter.exe" => Datei/Ordner nicht gefunden.
"D:\Magix Video Deluxe 2015 64 Bit - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
"D:\Minimal ADB and Fastboot - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
"D:\Smart Defrag - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
"D:\USB-Fehlerbehebung.exe" => Datei/Ordner nicht gefunden.
"D:\XMedia Recode - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
"D:\Musik\Free WebM Video Converter - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
"D:\Programme\Setup_AKCleaner_CB-DL-Manager.exe" => Datei/Ordner nicht gefunden.
"D:\Programme exe\m4a-to-mp3-81converter.exe" => Datei/Ordner nicht gefunden.
"D:\Programme exe\m4a-to80-mp3-converter.exe" => Datei/Ordner nicht gefunden.
"D:\Programme exe\streamtransport1101_setup.exe" => Datei/Ordner nicht gefunden.
"D:\Programme exe\Unlocker1.9.1-x64.exe" => Datei/Ordner nicht gefunden.
"D:\UWS\Heiz\Kunden\Logos\Setup_FreeFlvConverter.exe" => Datei/Ordner nicht gefunden.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DA6E5973-6D8B-433D-B264-CDE691F579E3}\\DhcpNameServer => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F31AEACE-C472-426E-A34A-5ADA8AA01123}\\NameServer => Wert erfolgreich entfernt
EmptyTemp: => 142.8 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.. 

==== Ende von Fixlog 22:22:15 ====
         
Werd ich machen :-)
Wenn wir soweit fertig sind, hätte ich noch die Frage ob ich bestimmt Programme auch löschen muss oder ist das dann damit erledigt?
Gruss

Alt 02.08.2015, 11:37   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



Unsre Tools entfernen wir am Schluss. Das frische FRST log fehlt noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.08.2015, 14:41   #15
Snakedoctor
 
Trojaner eingefangen? Trojan Z-000 - Standard

Trojaner eingefangen? Trojan Z-000



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015
durchgeführt von Sb (Administrator) auf SB-PC (02-08-2015 15:40:59)
Gestartet von C:\Users\Sb\Desktop
Geladene Profile: Sb (Verfügbare Profile: Sb)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) D:\Programme exe\adm\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) D:\Programme\RPDS\Bin\rpdsvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Sb\AppData\Local\Akamai\netsession_win.exe
(RealNetworks, Inc.) D:\Programme\RPDS\Bin\rpsystray.exe
(Akamai Technologies, Inc.) C:\Users\Sb\AppData\Local\Akamai\netsession_win.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Mister Group) D:\System Explorer\SystemExplorer.exe
(RealNetworks, Inc.) D:\Programme\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Mister Group) D:\System Explorer\service\SystemExplorerService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) D:\Programme\fire\firefox.exe
(Piriform Ltd) D:\Programme\Cleaner\CCleaner64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) D:\office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => D:\System Explorer\SystemExplorer.exe [3391720 2015-07-26] (Mister Group)
HKLM-x32\...\Run: [TkBellExe] => d:\programme\Update\realsched.exe [286784 2015-08-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [Skype] => D:\Programme\skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sb\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\...\Run: [CCleaner Monitoring] => D:\Programme\Cleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-08-01]
ShortcutTarget: RealTimes.lnk -> D:\Programme\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-07-31] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-08-06] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-08-06] (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3516261958-1870124179-1371758590-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3516261958-1870124179-1371758590-1000 -> {0436B53D-D541-4D72-A231-CC301E4DE575} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-08-06] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-08-06] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.254 192.168.0.1
Tcpip\..\Interfaces\{DA6E5973-6D8B-433D-B264-CDE691F579E3}: [DhcpNameServer] 192.168.3.254 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default
FF Homepage: https://www.facebook.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> d:\programme\Netscape6\nppl3260.dll [2015-08-01] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> d:\programme\Netscape6\nprpplugin.dll [2015-08-01] (RealTimes)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> D:\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
FF Plugin HKU\S-1-5-21-3516261958-1870124179-1371758590-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Sb\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-3516261958-1870124179-1371758590-1000: @phonostar.de/phonostar -> D:\Programme\phonostar-Player\npphonostarDetectNP.dll Keine Datei
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml [2013-08-06]
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\2020Player_IKEA@2020Technologies.com [2015-02-17]
FF Extension: Ghostery - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: BetterPrivacy - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\3h05lir7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-24]
FF Extension: HTTPS-Everywhere - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2013-12-15]
FF Extension: Cookie Monster - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2013-12-15]
FF Extension: DownloadHelper - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-12-15]
FF Extension: Kein Name - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-12-10]
FF Extension: NoScript - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-09]
FF Extension: Adblock Plus - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: ProfileSwitcher - C:\Users\Sb\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-08-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-05-30]
StartMenuInternet: FIREFOX.EXE - D:\Programme\fire\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - D:\Programme\opera\Opera.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 AdobeActiveFileMonitor12.0; D:\ad\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AMD FUEL Service; D:\Programme exe\adm\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [701824 2014-12-24] ()
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MpsSvc; . [0 2015-08-02] () <==== ACHTUNG (Null Byte Datei/Ordner)
S3 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S4 nsmService; D:\NetSetMan\nsmservice.exe [1278632 2015-02-06] (Ilja Herlein)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S4 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [1931632 2015-04-13] (Electronic Arts)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-19] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()
R2 RealTimes Desktop Service; d:\programme\RPDS\Bin\rpdsvc.exe [1115736 2015-08-01] (RealNetworks, Inc.)
S3 SDScannerService; D:\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; D:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; D:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; D:\Programme\skype\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R3 SystemExplorerHelpService; D:\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AODDriver4.1; D:\Programme exe\adm\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-08-06] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-08-06] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-08-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-08-06] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt - )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [432512 2006-06-06] (VM)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-02 15:40 - 2015-08-02 15:40 - 02168832 ____C (Farbar) C:\Users\Sb\Desktop\FRST64.exe
2015-08-02 15:40 - 2015-08-02 15:40 - 00028433 ____C C:\Users\Sb\Desktop\FRST.txt
2015-08-01 22:24 - 2015-08-01 22:24 - 05318416 ____C C:\Windows\system32\FNTCACHE.DAT
2015-08-01 22:24 - 2015-08-01 22:24 - 00212152 ____C C:\Users\Sb\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-01 22:24 - 2015-08-01 22:24 - 00167190 ____C C:\Windows\PFRO.log
2015-08-01 22:24 - 2015-08-01 22:24 - 00000168 ____C C:\Windows\setupact.log
2015-08-01 22:24 - 2015-08-01 22:24 - 00000000 ____C C:\Windows\setuperr.log
2015-08-01 11:47 - 2015-08-01 11:47 - 00003370 ____C C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3516261958-1870124179-1371758590-1000
2015-08-01 11:44 - 2015-08-01 11:44 - 00278592 ____C (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2015-08-01 11:44 - 2015-08-01 11:44 - 00200768 ____C (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2015-08-01 11:44 - 2015-08-01 11:44 - 00003412 ____C C:\Windows\System32\Tasks\RealDownloader Update Check
2015-08-01 11:44 - 2015-08-01 11:44 - 00000559 ____C C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk
2015-08-01 11:44 - 2015-08-01 11:44 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\RealNetworks
2015-08-01 11:44 - 2015-08-01 11:44 - 00000000 ___DC C:\Users\Sb\AppData\Local\Real
2015-08-01 11:44 - 2015-08-01 11:44 - 00000000 ___DC C:\ProgramData\RealNetworks
2015-08-01 11:44 - 2015-08-01 11:44 - 00000000 ___DC C:\Program Files (x86)\RealNetworks
2015-08-01 11:38 - 2015-07-23 06:06 - 42730128 ____C C:\Windows\system32\nvcompiler.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 37748880 ____C C:\Windows\SysWOW64\nvcompiler.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 30487880 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 22950544 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 17615408 ____C (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 16151688 ____C (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 15892200 ____C (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 15129192 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 14503880 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 13268712 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 12876336 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 11836680 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 11055248 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-01 11:38 - 2015-07-23 06:06 - 03407144 ____C (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 03008880 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 02933576 ____C (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 02600592 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 01898128 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 01557648 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 01101856 ____C (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 01061008 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 01053000 ____C (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00983368 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00976528 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00940104 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00503592 ____C (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00408208 ____C (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00407296 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00364176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00176904 ____C (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00155280 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00150832 ____C (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-08-01 11:38 - 2015-07-23 06:06 - 00128512 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-08-01 11:22 - 2015-07-03 06:28 - 00065896 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-08-01 11:22 - 2015-07-03 06:28 - 00047976 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-31 21:56 - 2015-07-31 21:56 - 00262144 _____ C:\Windows\system32\config\elam
2015-07-31 13:43 - 2015-07-31 13:43 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\pdfforge
2015-07-30 20:37 - 2015-07-30 20:38 - 00000000 ___DC C:\AdwCleaner
2015-07-30 19:52 - 2015-07-30 19:53 - 00113880 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 19:52 - 2015-07-30 19:52 - 00001112 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-30 19:52 - 2015-07-30 19:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-30 19:52 - 2015-07-30 19:52 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-30 19:52 - 2015-06-18 08:41 - 00109272 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-30 19:52 - 2015-06-18 08:41 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 19:52 - 2015-06-18 08:41 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-30 10:46 - 2015-07-30 13:46 - 00000000 ___DC C:\ComboFix
2015-07-30 10:46 - 2011-06-26 08:45 - 00256000 ____C C:\Windows\PEV.exe
2015-07-30 10:46 - 2010-11-07 19:20 - 00208896 ____C C:\Windows\MBR.exe
2015-07-30 10:46 - 2009-04-20 06:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00098816 ____C C:\Windows\sed.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00080412 ____C C:\Windows\grep.exe
2015-07-30 10:46 - 2000-08-31 02:00 - 00068096 ____C C:\Windows\zip.exe
2015-07-30 10:45 - 2015-07-30 11:56 - 00000000 ___DC C:\Windows\erdnt
2015-07-30 10:45 - 2015-07-30 10:53 - 00000000 ___DC C:\Qoobox
2015-07-29 20:05 - 2015-07-29 20:15 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-29 20:02 - 2015-07-29 20:15 - 00000000 ___DC C:\Users\Sb\Desktop\mbar
2015-07-29 09:18 - 2015-08-02 15:41 - 00000000 ___DC C:\FRST
2015-07-28 19:36 - 2015-07-28 19:36 - 00000000 ___DC C:\ProgramData\Licenses
2015-07-28 15:51 - 2015-07-28 15:54 - 00000000 ___DC C:\ProgramData\SystemExplorer
2015-07-28 15:51 - 2015-07-28 15:51 - 00000603 ____C C:\Users\Public\Desktop\System Explorer.lnk
2015-07-28 15:51 - 2015-07-28 15:51 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-07-28 08:45 - 2015-07-28 08:45 - 00000000 ____C C:\autoexec.bat
2015-07-28 08:44 - 2015-07-28 08:44 - 00022704 ____C C:\Windows\system32\Drivers\EsgScanner.sys
2015-07-28 08:44 - 2015-07-28 08:44 - 00003308 ____C C:\Windows\System32\Tasks\SpyHunter4Startup
2015-07-28 08:44 - 2015-07-28 08:44 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Enigma Software Group
2015-07-28 07:18 - 2015-07-28 07:18 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-28 07:05 - 2015-07-28 07:05 - 00000848 ____C C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-28 07:05 - 2015-07-28 07:05 - 00000848 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-28 07:05 - 2015-07-28 07:05 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-28 07:05 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-28 07:04 - 2015-07-28 07:04 - 00000000 ___DC C:\Users\Sb\Desktop\backups
2015-07-28 06:57 - 2015-07-28 06:57 - 00000000 ___DC C:\Program Files\Western Digital
2015-07-23 13:07 - 2015-07-23 13:07 - 00000000 ___DC C:\Users\Sb\Documents\Neuer Ordner
2015-07-03 08:04 - 2015-06-17 11:10 - 01898128 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-03 08:04 - 2015-06-17 11:10 - 01557832 ____C (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-02 15:40 - 2012-11-16 12:50 - 00000000 ___DC C:\Users\Sb
2015-08-02 15:31 - 2012-11-16 15:15 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Skype
2015-08-02 15:04 - 2012-11-15 15:04 - 00000000 ___DC C:\ProgramData\Kaspersky Lab
2015-08-02 09:35 - 2015-06-14 19:16 - 02008331 ____C C:\Windows\WindowsUpdate.log
2015-08-01 22:32 - 2009-07-14 06:45 - 00021680 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-01 22:32 - 2009-07-14 06:45 - 00021680 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-01 22:30 - 2011-04-12 09:43 - 00702926 ____C C:\Windows\system32\perfh007.dat
2015-08-01 22:30 - 2011-04-12 09:43 - 00150566 ____C C:\Windows\system32\perfc007.dat
2015-08-01 22:30 - 2009-07-14 07:13 - 01629276 ____C C:\Windows\system32\PerfStringBackup.INI
2015-08-01 22:24 - 2014-08-06 10:34 - 00008192 ____C C:\Windows\SysWOW64\WDPABKP.dat
2015-08-01 22:24 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2015-08-01 12:32 - 2014-05-16 10:15 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Wise Disk Cleaner
2015-08-01 12:32 - 2012-11-15 14:20 - 00000000 ___DC C:\ProgramData\NVIDIA
2015-08-01 11:52 - 2012-11-21 11:47 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Real
2015-08-01 11:44 - 2015-02-09 13:04 - 00505408 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2015-08-01 11:44 - 2015-02-09 13:04 - 00353856 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-08-01 11:44 - 2014-12-13 18:59 - 00003350 ____C C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3516261958-1870124179-1371758590-1000
2015-08-01 11:44 - 2014-12-13 18:59 - 00003210 ____C C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3516261958-1870124179-1371758590-1000
2015-08-01 11:44 - 2014-08-15 23:07 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-08-01 11:44 - 2013-10-30 10:27 - 00000000 ___DC C:\ProgramData\Package Cache
2015-08-01 11:44 - 2012-11-21 11:48 - 00000000 ___DC C:\ProgramData\Real
2015-08-01 11:44 - 2012-11-21 11:48 - 00000000 ___DC C:\Program Files (x86)\Real
2015-08-01 11:39 - 2012-11-15 14:20 - 00000000 ___DC C:\ProgramData\NVIDIA Corporation
2015-07-30 16:00 - 2014-11-26 15:05 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\HylaFAX-Client-Pro
2015-07-30 13:46 - 2012-11-16 15:06 - 00000000 __RDC C:\MSOCache
2015-07-30 12:14 - 2012-11-27 10:34 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\TeamViewer
2015-07-30 12:14 - 2012-11-16 15:26 - 00002756 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-30 11:49 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2015-07-30 11:07 - 2009-07-14 04:34 - 96993280 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 47185920 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 19398656 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-30 11:07 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-07-30 10:53 - 2014-07-31 09:05 - 00000000 ___DC C:\Users\Sb\AppData\Local\Adobe
2015-07-30 10:49 - 2013-07-18 13:41 - 00000000 ___DC C:\ProgramData\TEMP
2015-07-28 07:47 - 2013-09-27 16:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-28 07:05 - 2013-12-02 23:22 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-07-28 06:57 - 2014-07-31 10:30 - 00000000 ___DC C:\Program Files\Common Files\Western Digital
2015-07-28 06:57 - 2014-07-31 10:29 - 00000000 ___DC C:\ProgramData\Western Digital
2015-07-28 06:57 - 2014-07-31 10:29 - 00000000 ___DC C:\Program Files (x86)\Western Digital
2015-07-25 18:09 - 2013-10-31 10:29 - 00000000 ___DC C:\ProgramData\Oracle
2015-07-25 18:08 - 2013-06-24 13:19 - 00000709 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-25 18:08 - 2013-03-16 18:25 - 00000000 ___DC C:\Program Files (x86)\Java
2015-07-25 18:08 - 2013-02-18 13:29 - 00000709 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-25 18:07 - 2014-04-01 10:13 - 00097888 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-25 15:21 - 2013-04-17 14:44 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\vlc
2015-07-25 13:50 - 2014-09-28 08:30 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 13:08 - 2015-05-26 20:00 - 00001118 ____C C:\Users\Sb\Desktop\Amazon Music.lnk
2015-07-25 12:31 - 2013-07-08 10:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWKI-Reader
2015-07-24 06:21 - 2014-06-03 07:15 - 01756608 ____C (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-07-24 06:21 - 2014-06-03 07:15 - 01316000 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-07-24 06:21 - 2013-10-31 10:24 - 01710568 ____C (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-07-24 06:21 - 2013-10-31 10:24 - 01423304 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-07-23 06:06 - 2012-10-02 11:12 - 00030966 ____C C:\Windows\system32\nvinfo.pb
2015-07-23 03:31 - 2012-11-15 14:20 - 06873744 ____C (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-07-23 03:31 - 2012-11-15 14:20 - 03493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-07-23 03:31 - 2012-11-15 14:20 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-07-23 03:31 - 2012-11-15 14:20 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-07-23 03:31 - 2012-11-15 14:20 - 00385168 ____C (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-07-23 03:31 - 2012-11-15 14:20 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-07-20 16:16 - 2012-11-15 14:20 - 05121613 ____C C:\Windows\system32\nvcoproc.bin
2015-07-19 18:23 - 2013-11-20 15:35 - 00000000 ___DC C:\ProgramData\Skype
2015-07-14 12:52 - 2014-09-28 08:30 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 12:52 - 2012-11-17 22:29 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 12:52 - 2012-11-17 22:29 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 08:54 - 2015-06-16 15:52 - 00001206 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-12 08:54 - 2015-06-16 15:52 - 00001202 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-09 17:29 - 2014-06-30 12:03 - 00000132 ____C C:\Users\Sb\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-07-05 08:36 - 2012-11-16 16:21 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-03 08:28 - 2015-06-16 15:52 - 00004214 ____C C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-03 08:28 - 2015-06-16 15:52 - 00003962 ____C C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-03 08:28 - 2015-05-30 13:43 - 00003888 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-03 08:04 - 2015-06-19 20:24 - 00000000 ___DC C:\ProgramData\boost_interprocess
2015-07-03 07:59 - 2013-09-23 09:50 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\Dropbox
2015-07-03 07:41 - 2012-11-15 14:20 - 00000000 ___DC C:\temp
2015-07-03 07:25 - 2013-04-29 16:04 - 00000000 ___DC C:\Users\Sb\AppData\Roaming\AnvSoft
2015-07-03 06:28 - 2014-01-27 22:17 - 00069992 ____C (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-22 19:09 - 2014-10-22 19:09 - 0001152 ____C () C:\Users\Sb\AppData\Roaming\ACInitialize.log
2014-06-30 12:03 - 2015-07-09 17:29 - 0000132 ____C () C:\Users\Sb\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2013-04-17 14:40 - 2013-04-25 07:57 - 0000036 ___HC () C:\Users\Sb\AppData\Roaming\swk.ini
2012-12-06 15:05 - 2012-12-06 15:05 - 0094101 ____C () C:\Users\Sb\AppData\Local\8ACB6E5756A44c2bB2219595F7429CB2..DNS
2014-07-30 19:46 - 2014-07-30 19:46 - 0001456 ____C () C:\Users\Sb\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2012-11-23 14:19 - 2014-04-09 10:35 - 0022528 ____C () C:\Users\Sb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-04 12:52 - 2015-01-13 14:58 - 0007605 ____C () C:\Users\Sb\AppData\Local\Resmon.ResmonCfg
2012-11-16 12:51 - 2012-11-16 12:51 - 0017408 ____C () C:\Users\Sb\AppData\Local\WebpageIcons.db
2013-09-23 14:09 - 2013-09-23 14:09 - 0000016 ____C () C:\ProgramData\.7486160831680234
2014-04-28 16:24 - 2014-04-28 16:24 - 0000057 ____C () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-02 00:34

==================== Ende von log ============================
         

Antwort

Themen zu Trojaner eingefangen? Trojan Z-000
100%, datei, email, externe festplatte, festplatte, firefox, hijack, langsam, logfile, logfiles, löschen, nicht mehr, panik, rar datei, rechner, remover, scan, seite, seiten, spybot, systemauslastung, trojan, trojaner, update, voll, öffnen



Ähnliche Themen: Trojaner eingefangen? Trojan Z-000


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  3. GVU Trojan eingefangen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (7)
  4. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  5. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  6. BKA Trojaner - Trojan.Winlock eingefangen
    Plagegeister aller Art und deren Bekämpfung - 15.10.2012 (29)
  7. Trojan.Agent eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (36)
  8. Trojaner eingefangen Trojan:Win32/FakeSysdef
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (1)
  9. Trojaner eingefangen (verm. Trojan:Win32/Qhost.HN)
    Plagegeister aller Art und deren Bekämpfung - 23.08.2011 (5)
  10. Ich fürchte ich habe (einen) Trojaner eingefangen (Trojan-Dropper!IK) + Worm/AutoRun.aaak
    Plagegeister aller Art und deren Bekämpfung - 10.08.2011 (19)
  11. Trojaner eingefangen |TR/Crypt.CFI.Gen' [trojan]| bzw. 'C:\Windows\SysWOW64\winfiles.exe'
    Log-Analyse und Auswertung - 19.11.2010 (7)
  12. Trojaner eingefangen, Trojan.win32.buzus.dajg, Kaspersky kann es nicht beseitigen
    Log-Analyse und Auswertung - 03.10.2010 (1)
  13. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)
  14. Trojan.Renos.PFI und Trojan.DownLoader1.6583 eingefangen ?
    Plagegeister aller Art und deren Bekämpfung - 02.05.2010 (1)
  15. Trojan KillAV eingefangen
    Log-Analyse und Auswertung - 05.04.2009 (65)
  16. Trojan eingefangen
    Log-Analyse und Auswertung - 07.08.2008 (11)
  17. Hab mir nen trojan eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.09.2006 (1)

Zum Thema Trojaner eingefangen? Trojan Z-000 - Hallo zusammen, folgende Problematik liegt bei mir vor (in Klammer wie lange schon): HINWEIS: Rechner wird auch geschäftlich genutzt. (Selbstständig, Privat und Geschäftsnutzung) 1. Firefox langsam / Abstürze (schon länger, - Trojaner eingefangen? Trojan Z-000...
Archiv
Du betrachtest: Trojaner eingefangen? Trojan Z-000 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.