| |
| |||||||
Log-Analyse und Auswertung: [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus VenezuelaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.05.2015, 14:46
| #1 |
| | ![[Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela - Standard](images/icons/icon1.gif){kind=icon} [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela Hallo zusammen, seit kurzem plagen mich unnatürlich hohe Pings beim Zocken, sowie Fremdzugriffsbenachrichtigungen von Steam, Facebook und web.de, meinem E-Mail-Anbieter. Dementsprechend wende ich mich nun an euch, da mir auch diverse Maßnahmen nicht helfen konnten. Problem: - Mein Ping ingame (normalerweise um die 41) springt etwa alle 2 Minuten auf über 600 - Bekam vor gut einer Woche Nachrichten von Facebook, Steam und meinem Email-Postfach, dass seltsame Aktivitäten auftraten, unter anderem eine Anmeldung aus Venezuela - in Verbindung damit traten die hohen Netzwerkauslastungen auf Bisherige Maßnahmen: - Hijackthis-Scan (wie empfohlen hier nicht zur Verfügung gestellt) und daraus folgend einige manuelle Löschungen von Dateien --> auch Proxy-Adresse gefunden - diverse AVG-Scans und TuneUps Folgen dieser Maßnahmen: - Keine Benachrichtigungen von Steam, Facebook oder web.de mehr (allerdings habe ich auch neue, bessere Passwörter gewählt) - keine Verbesserung hinsichtlich Netzwerkauslastung System: - Windows 8.1 64-bit, vorher Windows 8 - ab und zu hohe Temperaturen, sonst alles okay - AVG Anti-Virus Free Edition 2015 Mögliche Ideen: - Habe etwa in dem Zeitraum eine Kopie von Microsoft Office von einem Freund bekommen, aber ich denke nicht, dass dies etwas damit zu tun haben könnte - Hatte ein Adobe Flash Player Update, allerdings schien dies vertrauenswürdig zu sein Bilder von Task-Manager und Co.:   FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Paul (administrator) on PAULS-PC on 01-05-2015 15:18:36
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available profiles: Paul)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Spotify Ltd) C:\Users\Paul\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
( Taleworlds Entertainment) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [655256 2012-08-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Run: [Spotify Web Helper] => C:\Users\Paul\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-30] (Spotify Ltd)
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\MountPoints2: {764629b4-9b58-11e3-be73-20689d450d1d} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\MountPoints2: {904d65e9-aa16-11e4-bfaf-20689d450d1d} - "E:\SETUP.EXE"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE [241280 2014-09-17] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-03]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-296916632-418451122-4117134758-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={9BDE6AFE-4F8D-48D8-B6DA-1102E0430A86}&mid=2100209d491147d29cbef121dba1e4ee-52766c9e507bb65887cb3c0118479689d79d65e2&lang=de&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-11-06 23:16:03&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-296916632-418451122-4117134758-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-296916632-418451122-4117134758-1002 -> {A1CE32C2-25BF-4592-AB76-84E43FCB0F85} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-296916632-418451122-4117134758-1002 -> {C5FA9621-F9C8-48F6-AA02-D58224CB1A74} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-09] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-09] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-09] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2014-06-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-296916632-418451122-4117134758-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-296916632-418451122-4117134758-1002: electronicarts.com/GameFacePlugin -> C:\Users\Paul\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-20]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-20]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-12-27]
CHR Extension: (Adblock Plus) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-18]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-20]
CHR Extension: (BetaFish Adblocker) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-20]
CHR Extension: (Bookmark Manager) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-02-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-20]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-27] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-17] (Dritek System INC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-02-26] ()
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-05-18] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-15] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-02-01] (DT Soft Ltd)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-05-18] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-17] (Dritek System Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)
S3 uisp; C:\Windows\System32\Drivers\mtdfu.sys [17936 2014-02-26] (Logitech, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 X6va022; \??\C:\WINDOWS\SysWOW64\Drivers\X6va022 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 15:18 - 2015-05-01 15:18 - 00380416 _____ () C:\Users\Paul\Downloads\g2xl7bim.exe
2015-05-01 15:15 - 2015-05-01 15:15 - 00000540 _____ () C:\Users\Paul\Downloads\defogger_disable.log
2015-05-01 15:15 - 2015-05-01 15:15 - 00000168 _____ () C:\Users\Paul\defogger_reenable
2015-05-01 15:10 - 2015-05-01 15:12 - 00064590 _____ () C:\Users\Paul\Desktop\Addition.txt
2015-05-01 15:08 - 2015-05-01 15:18 - 00025466 _____ () C:\Users\Paul\Desktop\FRST.txt
2015-05-01 14:53 - 2015-05-01 14:53 - 00005735 _____ () C:\Users\Paul\Desktop\AdwCleaner[S0].txt
2015-05-01 14:48 - 2015-05-01 15:18 - 00000000 ____D () C:\FRST
2015-05-01 14:40 - 2015-05-01 14:40 - 02101248 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2015-05-01 14:40 - 2015-05-01 14:40 - 00050477 _____ () C:\Users\Paul\Downloads\Defogger.exe
2015-05-01 14:35 - 2015-05-01 14:49 - 00000000 ____D () C:\AdwCleaner
2015-05-01 14:31 - 2015-05-01 14:35 - 02204160 _____ () C:\Users\Paul\Downloads\adwcleaner_4.203.exe
2015-04-25 16:15 - 2015-04-26 19:08 - 00000324 _____ () C:\Users\Paul\Desktop\Abiball-Songs.txt
2015-04-22 22:07 - 2015-04-22 22:07 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-22 22:06 - 2015-04-22 22:08 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Dropbox
2015-04-22 22:04 - 2015-04-22 22:04 - 00356280 _____ (Dropbox, Inc.) C:\Users\Paul\Downloads\DropboxInstaller.exe
2015-04-20 22:01 - 2015-04-20 22:01 - 01203488 _____ () C:\Users\Paul\Downloads\Vollversion Ashampoo Burning Studio 2015 - CHIP-Installer.exe
2015-04-20 22:01 - 2015-04-20 22:01 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-04-20 22:01 - 2015-04-20 22:01 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Canneverbe Limited
2015-04-20 22:01 - 2015-04-20 22:01 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-04-20 21:58 - 2015-04-20 21:58 - 05409016 _____ (Canneverbe Limited ) C:\Users\Paul\Downloads\cdbxp_setup_4.5.4.5306_minimal.exe
2015-04-20 21:58 - 2015-04-20 21:58 - 05409016 _____ (Canneverbe Limited ) C:\Users\Paul\Downloads\cdbxp_setup_4.5.4.5306_minimal (1).exe
2015-04-20 21:20 - 2015-04-20 21:23 - 260635800 _____ (Nero AG) C:\Users\Paul\Downloads\Nero2015_setup-16.0.04000_3p_trial.exe
2015-04-20 21:01 - 2015-04-20 21:02 - 28305301 _____ () C:\Users\Paul\Downloads\PAUL-RAR.rar
2015-04-20 18:16 - 2015-04-20 18:16 - 00002762 _____ () C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-04-20 14:19 - 2015-04-20 14:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-19 20:22 - 2015-04-19 20:22 - 00000456 _____ () C:\Users\Paul\Downloads\ddos.zip
2015-04-19 20:22 - 2015-04-19 20:22 - 00000456 _____ () C:\Users\Paul\Desktop\ddos.zip
2015-04-19 18:47 - 2015-04-19 18:47 - 01203488 _____ () C:\Users\Paul\Downloads\HijackThis - CHIP-Installer.exe
2015-04-19 18:37 - 2015-04-19 18:37 - 00002193 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-04-19 18:37 - 2015-02-25 09:25 - 00041784 _____ (AVG Technologies) C:\WINDOWS\system32\TURegOpt.exe
2015-04-19 18:37 - 2015-02-25 09:24 - 00030520 _____ (AVG Technologies) C:\WINDOWS\system32\authuitu.dll
2015-04-19 18:37 - 2015-02-25 09:24 - 00025912 _____ (AVG Technologies) C:\WINDOWS\SysWOW64\authuitu.dll
2015-04-19 18:36 - 2015-04-19 18:36 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVG
2015-04-19 18:33 - 2015-04-19 18:33 - 00000000 ____D () C:\Users\Paul\AppData\Local\Avg
2015-04-19 18:32 - 2015-04-19 18:37 - 00000000 ____D () C:\ProgramData\AVG
2015-04-19 18:30 - 2015-04-19 18:31 - 113398072 _____ (AVG Technologies) C:\Users\Paul\Downloads\avg_tuh_stf_all_2015_403_24c28.exe
2015-04-19 16:57 - 2015-04-19 16:57 - 00000000 ____D () C:\ProgramData\Max Secure
2015-04-19 15:45 - 2015-04-19 15:45 - 00523720 _____ (Max Secure Software) C:\Users\Paul\Downloads\maxspywaredetectordm.exe
2015-04-19 15:27 - 2015-04-19 15:27 - 03494303 _____ () C:\Users\Paul\Downloads\facebook-paulwinkler982.zip
2015-04-19 14:20 - 2015-04-19 14:21 - 39608031 _____ () C:\Users\Paul\Downloads\PsiKotics Necromancy Mod-16394-0-838.zip
2015-04-18 12:37 - 2015-04-18 12:37 - 00180837 _____ () C:\Users\Paul\Downloads\Stealth Skills Rebalanced_COMPLETE_FULL-28418-1-4.zip
2015-04-18 01:14 - 2015-04-18 01:23 - 194097145 _____ () C:\Users\Paul\Downloads\Pixelmon-1.7.10-3.4.0-universal.jar
2015-04-16 22:19 - 2015-05-01 14:41 - 00007607 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2015-04-15 17:41 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 17:41 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 17:41 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 17:41 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 17:41 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 17:41 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 17:41 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 17:41 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 17:41 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 17:41 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 17:41 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 17:41 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 17:40 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 17:40 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 17:40 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 17:40 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 17:40 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 17:40 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 17:40 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 17:40 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 17:40 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 17:40 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 17:40 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 17:40 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 17:40 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 17:40 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 17:40 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 17:40 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 17:40 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 17:40 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 17:40 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 17:40 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 17:40 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 17:40 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 17:40 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 17:40 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 17:40 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 17:40 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 17:40 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 17:40 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 17:40 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 17:40 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 17:40 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 17:40 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 17:40 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 17:40 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 17:40 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 17:40 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 17:40 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 17:40 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 17:40 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 17:40 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 17:40 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 17:40 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 17:40 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 17:40 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 17:40 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 17:40 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 17:40 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 17:40 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 17:40 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 17:40 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 17:40 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 17:40 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-11 15:41 - 2015-04-11 15:44 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-11 15:41 - 2015-04-11 15:41 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-09 22:10 - 2015-04-09 22:10 - 00025270 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2015-04-06 21:20 - 2015-04-06 21:20 - 00001850 _____ () C:\Users\Paul\Desktop\Spotify.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 15:19 - 2014-02-20 17:05 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 15:15 - 2014-02-24 16:59 - 00000000 ____D () C:\Users\Paul
2015-05-01 15:09 - 2014-02-24 16:53 - 01643130 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-01 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-01 14:59 - 2014-09-03 23:27 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B36ED933-45B3-4AFF-B675-FDC4DD7CBDDC}
2015-05-01 14:56 - 2014-02-20 17:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-01 14:56 - 2014-02-20 07:26 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-1002
2015-05-01 14:52 - 2014-02-24 20:10 - 00000000 __RDO () C:\Users\Paul\SkyDrive
2015-05-01 14:52 - 2014-02-20 17:05 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 14:51 - 2013-08-22 16:46 - 00398064 _____ () C:\WINDOWS\setupact.log
2015-05-01 14:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-01 14:50 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-01 14:36 - 2014-02-20 09:25 - 01240064 ___SH () C:\Users\Paul\Desktop\Thumbs.db
2015-05-01 11:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-01 10:59 - 2014-10-19 00:06 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-01 10:57 - 2014-02-20 17:33 - 00000000 ____D () C:\Users\Paul\AppData\Local\LogMeIn Hamachi
2015-05-01 05:04 - 2014-04-22 14:45 - 00008858 _____ () C:\Users\Paul\Desktop\Neues Textdokument.txt
2015-05-01 03:40 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-30 22:50 - 2014-11-09 19:11 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Spotify
2015-04-30 16:00 - 2014-11-09 19:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\Spotify
2015-04-30 14:03 - 2015-03-31 20:52 - 00000000 ____D () C:\Users\Paul\Desktop\Abi
2015-04-30 13:26 - 2014-02-24 22:25 - 00000000 ____D () C:\Users\Paul\AppData\Local\Deployment
2015-04-26 13:10 - 2013-11-14 00:18 - 00043138 _____ () C:\WINDOWS\PFRO.log
2015-04-21 16:21 - 2014-08-12 19:01 - 00000000 ____D () C:\Users\Paul\Desktop\Musik
2015-04-21 00:09 - 2014-02-20 07:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\VirtualStore
2015-04-20 22:07 - 2014-02-20 17:34 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TS3Client
2015-04-20 21:37 - 2014-08-02 00:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 14:19 - 2013-08-22 16:44 - 00494432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-19 19:18 - 2014-05-28 23:25 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-19 19:18 - 2014-03-08 19:07 - 00000000 ____D () C:\Users\Paul\.thumbnails
2015-04-19 19:18 - 2014-02-20 19:52 - 00000000 ____D () C:\Users\Paul\AppData\Local\Microsoft Help
2015-04-19 19:18 - 2014-02-20 17:33 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2015-04-19 19:18 - 2014-02-20 17:20 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-04-19 19:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-19 19:18 - 2012-09-03 08:49 - 00000000 ____D () C:\ProgramData\Temp
2015-04-19 19:17 - 2014-02-20 16:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-19 19:17 - 2012-09-03 08:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-19 18:35 - 2014-10-19 00:12 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-19 17:16 - 2014-02-20 07:35 - 00000000 ____D () C:\Users\Paul\Downloads\General Setups
2015-04-19 15:11 - 2014-08-09 14:12 - 00000000 ____D () C:\Program Files (x86)\Dead Island Riptide
2015-04-18 16:43 - 2014-02-20 17:18 - 00000000 ____D () C:\ProgramData\Origin
2015-04-18 12:45 - 2015-03-25 16:28 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN
2015-04-18 12:45 - 2014-02-22 00:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\Skyrim
2015-04-18 01:12 - 2014-03-26 15:45 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\.minecraft
2015-04-18 00:55 - 2014-04-19 13:36 - 00000000 ____D () C:\Users\Paul\Documents\FIFA 14
2015-04-17 18:57 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 18:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 16:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 22:54 - 2014-02-20 07:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\Packages
2015-04-15 22:47 - 2014-02-21 17:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 22:43 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-15 22:43 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-15 22:43 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-15 22:40 - 2014-02-21 17:53 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 22:32 - 2014-12-13 19:02 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 22:32 - 2014-07-14 15:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 17:39 - 2014-11-13 22:40 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 22:10 - 2014-02-20 09:24 - 00000000 ____D () C:\Users\Paul\Desktop\Schule
2015-04-14 22:09 - 2015-02-01 15:35 - 00000000 ____D () C:\Users\Paul\Downloads\Cracks
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 12:50 - 2014-02-20 09:10 - 00000000 ____D () C:\Users\Paul\Desktop\Handybilder 10.10.13
2015-04-09 22:10 - 2014-04-19 16:55 - 00000000 ____D () C:\Users\Paul\AppData\Local\gtk-2.0
2015-04-09 22:10 - 2014-03-05 13:24 - 00000000 ____D () C:\Users\Paul\.gimp-2.8
2015-04-07 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-04-06 21:20 - 2014-11-09 19:12 - 00001836 _____ () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-05 21:57 - 2014-03-16 23:52 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2015-04-09 22:10 - 2015-04-09 22:10 - 0025270 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2015-04-16 22:19 - 2015-05-01 14:41 - 0007607 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2012-09-17 08:12 - 2012-09-17 08:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3752hb.dll
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe
C:\Users\Paul\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-26 13:28
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Paul at 2015-05-01 15:19:20
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-296916632-418451122-4117134758-500 - Administrator - Disabled)
Gast (S-1-5-21-296916632-418451122-4117134758-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-296916632-418451122-4117134758-1006 - Limited - Enabled)
Paul (S-1-5-21-296916632-418451122-4117134758-1002 - Administrator - Enabled) => C:\Users\Paul
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{755DDD59-9690-4F1A-BE9C-D39BDCFA77C9}) (Version: 12.1.3.153 - Adobe Systems, Inc)
Advanced Archive Password Recovery (HKLM-x32\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
Advanced Tactical Center™ 1.12 (HKLM-x32\...\ATC_is1) (Version: 1.1.2.0 - Foolish Entertainment)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.110 - Alps Electric)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoHotkey 1.1.18.00 (HKLM\...\AutoHotkey) (Version: 1.1.18.00 - Lexikos)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Brick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version: - Exe Games Inc.)
Brick-Force (HKLM-x32\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 4.4.393.134.20 - Infernum Productions AG)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dead Island Riptide version 5.1 (HKLM-x32\...\{554894C6-A12C-4CE6-8FDC-F1BBEABB69B4}_is1) (Version: 5.1 - Black_Box)
Dead Island version 1.0 (HKLM-x32\...\{3L7IL77L-T4D4-75B1-97C5-18CD6E6334A3}_is1) (Version: 1.0 - Deep Silver)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Druckerdeinstallation für EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FIFA 15 Version 1.4 (HKLM-x32\...\FIFA 15_is1) (Version: 1.4 - RFT)
FontForge Version 03-01-2015 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 03-01-2015 - FontForgeBuilds)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free FLV Converter V 7.6.2 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.2.0 - Koyote Lab Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lazarus 1.2.6 (HKLM\...\lazarus_is1) (Version: 1.2.6 - Lazarus Team)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office Language Pack 2013 - German/Deutsch (HKLM\...\Office15.OMUI.de-de) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - Tale Worlds)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.7 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlanetSide 2 (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Spotify (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Super Giovanni (HKLM-x32\...\Super Giovanni) (Version: 1.0 - Ubersoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria v1.1.2 (HKLM-x32\...\Terraria_is1) (Version: 1.1.2 - OUTLAWS)
The Elder Scrolls V Skyrim Update 13 (1.9.32.0.8) Deutsche Version 1.9.32.0.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Update 13 (1.9.32.0.8) Deutsche Version 1.9.32.0.8) (Version: 1.9.32.0.8 - .x.X.RIDDICK.X.x.)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Typograf 5.2 (HKLM-x32\...\Typograf) (Version: 5.2 - Neuber Software)
Unity Web Player (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
21-04-2015 13:06:58 Geplanter Prüfpunkt
30-04-2015 03:28:52 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {030330C3-3EDB-44FC-B419-955FBD692A39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0B96D948-D337-4AA5-BE6B-7005AD8AEDD1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0E79F8C1-5361-46ED-B5CC-2CB2F1515D4F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {12FD1413-6A2E-4D7D-914B-24B4EFDD6046} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {14238981-97D8-48A3-A470-248B76FCC63A} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {446DCAE7-347F-458F-83BC-0112B0E51013} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {4ABE9688-8EB1-4BF0-B6C2-B794879D0FB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {4CCA8A6C-CFAA-4B21-A0DF-ADD9E15960E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4F2B23CC-1FE7-480A-94AF-ACFB74F08469} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {501D3939-702C-49C6-A4A0-21B6C4F8BA6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {61048B59-E001-487B-A68D-C92358CC7DF4} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-02-25] (AVG Technologies)
Task: {663C69D9-37B0-4ACA-82AB-5E6E7023FCAB} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {7F32F1DC-AF40-4FDA-9BAE-F8E32480CA05} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {7F3747FF-4F3F-43E1-8966-0F972453AD6C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {86A391D6-5267-4462-9F8B-A54E12F23D42} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {A7344468-3B3F-4A1E-A62B-70EBD9143DD3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A9B212E7-8BE4-4321-9E27-063B231CA556} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {AD5FA22B-30EB-49B9-BC26-5BAE9B3BB3B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B75AE49F-3F94-45E5-9D3B-D12B4A24E397} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {D1494A22-1D3A-42D6-A2DE-F5B64C6C1965} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DB945601-EE8E-4E39-A1C4-3715685B94B4} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F264E1AE-6010-4540-9DBB-BAC6CC690260} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-07-26 02:03 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-26 00:16 - 2015-02-26 00:16 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-07-26 02:13 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-27 23:19 - 2014-12-27 23:25 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-02-25 09:25 - 2015-02-25 09:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-25 09:25 - 2015-02-25 09:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2013-01-28 15:45 - 2013-01-28 15:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 15:42 - 2013-01-28 15:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-28 15:47 - 2013-01-28 15:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-22 23:26 - 2012-08-22 23:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-06-28 22:38 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 17:53 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-06-28 22:38 - 2015-04-14 01:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-20 17:53 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 17:53 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-09-01 10:59 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-01 10:59 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-01 10:59 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-01 10:59 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-01 10:59 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-06-28 22:38 - 2015-04-14 01:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-07-26 02:03 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-11-07 00:15 - 2014-11-07 00:15 - 01685528 ____N () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-06-28 22:38 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-09-01 10:59 - 2015-02-25 03:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2012-09-17 08:16 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-06-28 22:38 - 2015-04-14 01:44 - 00363712 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-04-30 12:59 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 12:59 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Paul\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-296916632-418451122-4117134758-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\Pictures\Eigene Bilder\Mein Mädchen\IMG-20141213-WA0018.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "SDAutoScan"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{756CE59E-9A43-48FA-AB7F-A0E3B9D14DCC}C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [TCP Query User{BB49FC14-4F40-4B9E-8E4E-F6755E8A1066}C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [{508BA9C6-2375-47F5-9501-9268747EC0F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7F4950C4-34CF-49EB-A732-B11FAB47897F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{300F8774-F3C2-41F8-9794-60C74B8C5EDC}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{7FC02153-8974-469A-AA8D-F14B68AAB776}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{5304E76E-BBBE-4879-A4C3-BBE589DFC72C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{4F2E2E31-F34E-4383-826C-1C5C913B5D9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E1046C63-2EFB-4297-A5E2-E505D7BC6D55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{73E61590-D820-4F2D-9CB6-75B2851AFF3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{5B9DB2A9-81CB-491E-B36F-2FBA0FD0F379}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{928ACCB2-DA56-4C5D-86E8-4475A8888232}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C243B3EA-D51F-4FA4-8232-2DE607AD736E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{8F3423E6-57A0-4045-9C04-FA6D1F9FC1FC}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{444DEC8C-7C4E-4CF0-A3DB-6BF150292B9D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B3BB87F8-007F-427D-ABB8-8FEBC5E811F3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{25091AD1-E28F-4044-908B-BC39BE201588}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{72447E57-FE50-4556-AF7E-F7A7B5471848}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{AAA490EE-23B4-449B-9509-DBA25D7BB113}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{6470B133-D48B-489E-9B74-72B0E70E3EB6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{C861590C-DDCF-4942-9B6B-565C84405778}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{FEB2A201-A0C2-4399-85C3-CC6B11E75BC7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{FAB8348D-97B4-408E-BD8F-84D10545F8A5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{C44F4001-5117-4E3F-972D-06FD998E2275}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{554A9B34-A045-4F77-8BBF-31B886DF4369}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{22CD2F9A-7FF3-4EDC-9339-DCDB0B172F41}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{97270DF8-DB4F-4C56-BEE6-2F8683CED7B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{856199E8-8DA5-45C4-8729-F7DA1EBA8FF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E37D21BE-B38B-4EB0-BF24-D90BD316095A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5D0CD5B4-AD4E-498C-AA93-BD51C191E9F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FC171C8B-D47D-4A63-9923-CBFC8A30F788}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A301CB0F-C4FB-4643-AAC0-181993CB76F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{502A0072-7AE0-44C6-812A-6144B91C9A99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{ED6ABC67-1715-4737-9167-2A83CC14FA3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{89599D6F-4258-4836-99F5-58D4079A4337}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{715AC500-1E4D-4F30-BBD9-85EB7EFFE0CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{3CE6D93D-0E2F-48A5-9D67-0AD59E7C1F83}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{ABB78719-9CB4-4E40-AE8F-A13F87889ED4}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [{23E0B24D-F533-47D9-B1E4-A0E3024A31B2}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{9D7181A0-E3A8-47A9-B2A1-F8C01F497625}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{BD0A7ED8-80AB-4A34-80D1-0D0638083359}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{8A59F550-D577-4685-890A-04C6FCC6755E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{746B9F7C-D1D7-498D-96D7-6BD878FC477F}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{ABC0F3EF-9B8C-4602-B2F7-1E2764E22868}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{FD23C676-731A-4693-ADE2-F26EF4F86D6C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{1774DC5A-E282-4F13-957C-578C6AB1FE99}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{680AFC4F-7EEE-4F01-97C3-3C331619C97B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{8ADBE6A0-BB21-472C-81B6-6000F201428B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{2C9C0B76-8E2F-453E-9D2E-BA6C5F2D08E2}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{D73661A4-CBBD-4341-BB6C-FB9B8CDBCF2C}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{6EE357FD-EAFC-4CCB-A598-D12713256916}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{E668C4CB-7CC7-4150-A7E7-E7AE3D48416F}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{AF42CCFB-D56F-4624-A692-47A1C4072A6F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [{D5994576-025A-43C5-AFAB-C4C4AA102CBB}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [TCP Query User{200ABC95-81E5-438C-8945-8A0B1B778B3B}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{14578907-09A0-41B9-A3E9-1BAF2C12ED3A}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{ABEE6659-5854-4913-A367-8ACC1C5A5339}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E66B0F9F-911A-474C-A2A2-BAE80FCE177D}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [{51E43A8F-5774-45D0-84AB-7625E0A5950A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{6808E2E2-B541-4095-83B6-0B232AD99D12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{3F6F09B7-F83A-4ECB-AA8D-47BBC0C30828}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{92B1D263-D27D-4E10-9E0A-4F6A223D668A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{313262E4-8958-4760-AC31-7D935D339055}C:\program files (x86)\dead island\deadislandgame.exe] => (Block) C:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{37FEBEE5-4265-42CE-BBF8-60608EE2BAEB}C:\program files (x86)\dead island\deadislandgame.exe] => (Block) C:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [TCP Query User{F1F9C3BE-765C-4BFC-9BC3-43422931BFED}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [UDP Query User{5EB6E980-7DD1-4603-B86B-F9D768373122}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [{BEA0F4E8-2522-4460-9E77-BF459D9A8CB5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB40E79F-6372-4A65-9808-51479C814B3E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F90F83DB-73E4-45D1-8016-52935031A5E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2584AF26-76B3-41A4-BEDC-B4B0F7D3F2E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{3B0F064F-1F42-47D6-A54B-C08D7C21D277}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe] => (Allow) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [UDP Query User{900AA6EE-24BA-4044-8593-BDD9BDD73205}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe] => (Allow) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [{49EBA24D-7DF2-4146-A783-D2AAD423281D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{4FC991DF-062A-4697-9968-BDF21647CFF5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{F322A37A-BE8F-4AE2-AC3B-84107AF0530C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{6D339B46-5AEC-4C0A-BA7C-BF98C4B95F13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{31A7DF62-6A3C-4DF4-B1F4-82C42C3F1B03}] => (Allow) C:\Program Files (x86)\Brick-Force\BfLauncher.exe
FirewallRules: [{4EEA6EFF-3D62-45EF-9A71-339C6B6F8734}] => (Allow) C:\Program Files (x86)\Brick-Force\BrickForce.exe
FirewallRules: [{D763C0A5-400E-4662-A8E1-5E56EB57851F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BB740A96-6E03-4663-A09B-3D4EA2518B84}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F09BCF57-3C68-40D7-94D6-67B7EB753757}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BD420D41-5FED-43D2-84A6-4FE90EAD3E4B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40FEC6E0-9C26-4275-A47B-B01AF54D5368}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{9472EF62-34D3-4824-8382-56EB8E647DB9}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{18F86F92-B0AF-4415-967E-C64739A920B0}] => (Allow) C:\Program Files (x86)\ FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{36A5A491-820B-4D38-80D5-2E604ACE411D}] => (Allow) C:\Program Files (x86)\ FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{BB2D6E7F-309E-4E67-89A5-D59BF97D907C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{CB77B5C3-C839-4D4B-A803-2E9E5662517E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{5FC2D2FC-F78C-4932-AD4D-F285AEFF59BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{42B4E4AE-52DF-4F6E-A5DA-7AFD73141228}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{40423292-35E2-4EEF-A2A8-AA4789BC713B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{81EE2B57-40C9-4B6E-B9A3-82A20D499679}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{570C0211-5653-47B9-A273-9E40F254CEC1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2BC41C10-9E14-4B66-B165-A7662B060220}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E39AD9E1-2BAA-46B3-AA0F-BD9858B2E120}] => (Allow) C:\Program Files\Microsoft Office\Office15\outlook.exe
FirewallRules: [{3CCF7722-5875-4EEE-9957-9BCF4D8DCD9B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{DC8B2B96-1DD9-4A1A-ADB6-FFCFE7ADA01E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{4AD39694-4DE9-4E6E-8B9A-93C0BE9D5D34}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{55A99009-DF01-459C-9A56-69FE139C9C87}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{53221FC6-43CD-436F-A6D1-9E722EC59F76}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{BC710396-5C03-4B49-9A5C-E9AD9608223B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{61F1EF1F-4FAE-4C47-BE34-6D47A89EEF66}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCDE97E8-3092-49B5-A6C5-A164A4632905}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{31B9270D-12CB-48A6-B8B0-02CC98C81B82}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{250C15D5-E235-48EE-890B-B84FD3359DA5}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DCD666AF-AE4C-428B-948E-483846F4AB5B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/30/2015 00:49:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e58
Startzeit: 01d083329035f026
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: 854bfe0b-ef26-11e4-801b-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (04/30/2015 00:49:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1648
Startzeit: 01d08332902ab585
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 8420d4bf-ef26-11e4-801b-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (04/30/2015 00:39:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13fc
Startzeit: 01d0833123b024cc
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 1b6e7d6e-ef25-11e4-801b-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (04/30/2015 05:02:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 2.1.214.0, Zeitstempel: 0x53809acd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x117c
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
Error: (04/30/2015 02:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00b522e3
ID des fehlerhaften Prozesses: 0x1d78
Startzeit der fehlerhaften Anwendung: 0xTESV.exe0
Pfad der fehlerhaften Anwendung: TESV.exe1
Pfad des fehlerhaften Moduls: TESV.exe2
Berichtskennung: TESV.exe3
Vollständiger Name des fehlerhaften Pakets: TESV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TESV.exe5
Error: (04/30/2015 00:43:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00b53759
ID des fehlerhaften Prozesses: 0x143c
Startzeit der fehlerhaften Anwendung: 0xTESV.exe0
Pfad der fehlerhaften Anwendung: TESV.exe1
Pfad des fehlerhaften Moduls: TESV.exe2
Berichtskennung: TESV.exe3
Vollständiger Name des fehlerhaften Pakets: TESV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TESV.exe5
Error: (04/30/2015 00:32:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00b522e3
ID des fehlerhaften Prozesses: 0x1be8
Startzeit der fehlerhaften Anwendung: 0xTESV.exe0
Pfad der fehlerhaften Anwendung: TESV.exe1
Pfad des fehlerhaften Moduls: TESV.exe2
Berichtskennung: TESV.exe3
Vollständiger Name des fehlerhaften Pakets: TESV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TESV.exe5
Error: (04/28/2015 08:41:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a0c
Startzeit: 01d081e2317834e1
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: 28b7d6a7-edd6-11e4-8019-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (04/28/2015 07:24:51 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (04/28/2015 05:26:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 157c
Startzeit: 01d081c6ee26ccf1
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: e0db903e-edba-11e4-8019-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
System errors:
=============
Error: (05/01/2015 02:51:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/01/2015 02:49:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (05/01/2015 02:49:58 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (05/01/2015 02:49:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1069
Error: (05/01/2015 02:49:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (05/01/2015 02:49:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (05/01/2015 02:49:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (05/01/2015 02:49:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (05/01/2015 02:49:46 PM) (Source: DCOM) (EventID: 10010) (User: PAULS-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (05/01/2015 02:49:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (04/30/2015 00:49:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415e5801d083329035f0264294967295C:\WINDOWS\syswow64\wwahost.exe854bfe0b-ef26-11e4-801b-20689d450d1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (04/30/2015 00:49:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689164801d08332902ab5854294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe8420d4bf-ef26-11e4-801b-20689d450d1dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (04/30/2015 00:39:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068913fc01d0833123b024cc4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe1b6e7d6e-ef25-11e4-801b-20689d450d1dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (04/30/2015 05:02:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe2.1.214.053809acdKERNELBASE.dll6.3.9600.17736550f4336c000014200000000000ec180117c01d082f220f3cdceC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll5ec41e75-eee5-11e4-801a-20689d450d1d
Error: (04/30/2015 02:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TESV.exe1.9.32.051437ce5TESV.exe1.9.32.051437ce5c000041700b522e31d7801d082cde79ed451C:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exeC:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exeb8a16f3e-eed1-11e4-801a-20689d450d1d
Error: (04/30/2015 00:43:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TESV.exe1.9.32.051437ce5TESV.exe1.9.32.051437ce5c000041700b53759143c01d082cdbf78831eC:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exeC:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exe1bd4b1c5-eec1-11e4-801a-20689d450d1d
Error: (04/30/2015 00:32:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TESV.exe1.9.32.051437ce5TESV.exe1.9.32.051437ce5c000041700b522e31be801d082b53ab51614C:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exeC:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exe90d4cd75-eebf-11e4-801a-20689d450d1d
Error: (04/28/2015 08:41:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174151a0c01d081e2317834e14294967295C:\WINDOWS\syswow64\wwahost.exe28b7d6a7-edd6-11e4-8019-20689d450d1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (04/28/2015 07:24:51 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (04/28/2015 05:26:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415157c01d081c6ee26ccf14294967295C:\WINDOWS\syswow64\wwahost.exee0db903e-edba-11e4-8019-20689d450d1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
CodeIntegrity Errors:
===================================
Date: 2014-10-17 17:32:48.668
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-12 15:10:11.273
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 23:00:13.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-08 18:29:35.406
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-07 21:05:27.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-07 20:38:18.654
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-05 13:33:04.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-27 16:17:02.982
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-21 21:28:12.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-21 21:28:11.934
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 8074.27 MB
Available physical RAM: 4822.18 MB
Total Pagefile: 9354.27 MB
Available Pagefile: 5575.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:680.48 GB) (Free:154.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: DB699A5A)
Partition: GPT Partition Type.
==================== End Of Log ============================
Geändert von Noxtravibur (01.05.2015 um 14:53 Uhr) |
|
01.05.2015, 14:47
| #2 |
| | Logs Gmer Gmer.txt
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-01 15:24:55
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 TOSHIBA_MQ01ABD075 rev.AX003J 698,64GB
Running: g2xl7bim.exe; Driver: C:\Users\Paul\AppData\Local\Temp\fwlcapod.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcded33e10 7 bytes JMP 00007ffddc4d0260
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcded33e20 7 bytes JMP 00007ffddc4d0298
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffcdede39b0 7 bytes JMP 00007ffddc4d0340
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcdede3ef0 7 bytes JMP 00007ffddc4d02d0
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffcdede3fe0 7 bytes JMP 00007ffddc4d0308
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcdee106c0 7 bytes JMP 00007ffddc4d01f0
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcdee10730 7 bytes JMP 00007ffddc4d0228
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffcdc4e21d0 5 bytes JMP 00007ffddc4d0180
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcdc4e29d0 7 bytes JMP 00007ffddc4d00d8
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcdc4e4310 5 bytes JMP 00007ffddc4d0110
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcdc4e8d80 5 bytes JMP 00007ffddc4d0148
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcdc55f0b0 5 bytes JMP 00007ffddc4d01b8
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffcde7e6d90 1 byte JMP 00007ffddc4d0420
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffcde7e6d92 8 bytes {JMP 0xfffffffffdce9690}
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffcde7f74a0 5 bytes JMP 00007ffddc4d03e8
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcde7f7560 9 bytes JMP 00007ffddc4d0378
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcde7f7730 5 bytes JMP 00007ffddc4d0458
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffcde806b10 5 bytes JMP 00007ffddc4d03b0
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcdca21500 1 byte JMP 00007ffddc4d0490
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcdca21502 6 bytes {JMP 0xffffffffffaaef90}
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcdca21750 8 bytes JMP 00007ffddc4d04c8
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ffcda317750 5 bytes JMP 00007ffdda1c00d8
.text C:\WINDOWS\system32\dwm.exe[1116] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ffcda318ee0 5 bytes JMP 00007ffdda1c0110
.text C:\WINDOWS\system32\svchost.exe[3540] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1540] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\system32\conhost.exe[4152] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4524] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\System32\svchost.exe[4796] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4808] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\system32\conhost.exe[4816] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\system32\SearchIndexer.exe[5484] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Windows\System32\skydrive.exe[5748] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[6080] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Apoint2K\Apoint.exe[6096] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Windows\System32\igfxtray.exe[6104] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Windows\System32\hkcmd.exe[6136] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Windows\System32\igfxpers.exe[5956] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\system32\igfxsrvc.exe[5976] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6036] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[1404] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Windows\System32\SettingSyncHost.exe[6468] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\system32\DllHost.exe[6532] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Logitech Gaming Software\LCore.exe[6676] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[6684] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Apoint2K\Apntex.exe[6716] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Apoint2K\HidFind.exe[6724] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\system32\conhost.exe[6768] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[6784] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Dolby PCEE4\pcee4.exe[6956] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3164] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6256] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\system32\igfxext.exe[6332] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1252] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4052] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
.text C:\WINDOWS\System32\svchost.exe[6336] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffcdc4fef70 5 bytes JMP 00007ffdd8911270
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [308:3212] fffff960009c62d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
01.05.2015, 15:12
| #3 |
| /// the machine /// TB-Ausbilder    | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
01.05.2015, 16:21
| #4 |
| | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela Danke für die schnelle Antwort  Hier die beiden Scans. Gab ein Ergebnis, was ich jedoch für eine Fehlmeldung halte (habe die Datei schon seit mehr als einem Jahr und aus vertraulichen Quellen). Habe außerdem kurz nach dem Lesen der Antwort einen Bluescreen erhalten (Critical Structure Corruption). Halte es zwar für nicht wesentlich, aber sicher ist sicher. Und anbei noch die Information, dass man diese Steammeldung meines Wissens nach nur erhält, wenn der auf den Account zugreifende das Passwort richtig eingegeben hat. Das bedeutet, dass er, womöglich mit einem Keylogger, mein Passwort geknackt hat. Hier die Logs Malwarebytes Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.01.03
rootkit: v2015.04.21.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17728
Paul :: PAULS-PC [administrator]
01.05.2015 16:24:33
mbar-log-2015-05-01 (16-24-33).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 383904
Time elapsed: 34 minute(s), 42 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files (x86)\FIFA Manager 14\rld.dll (VirTool.Obfuscator) -> Delete on reboot. [eb8c8fff7f0b320445d82a535da46c94]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 17:12:35.0815 0x19a0 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:12:35.0815 0x19a0 UEFI system
17:12:41.0218 0x19a0 ============================================================
17:12:41.0219 0x19a0 Current date / time: 2015/05/01 17:12:41.0218
17:12:41.0219 0x19a0 SystemInfo:
17:12:41.0219 0x19a0
17:12:41.0219 0x19a0 OS Version: 6.3.9600 ServicePack: 0.0
17:12:41.0219 0x19a0 Product type: Workstation
17:12:41.0219 0x19a0 ComputerName: PAULS-PC
17:12:41.0219 0x19a0 UserName: Paul
17:12:41.0219 0x19a0 Windows directory: C:\WINDOWS
17:12:41.0219 0x19a0 System windows directory: C:\WINDOWS
17:12:41.0219 0x19a0 Running under WOW64
17:12:41.0219 0x19a0 Processor architecture: Intel x64
17:12:41.0219 0x19a0 Number of processors: 4
17:12:41.0219 0x19a0 Page size: 0x1000
17:12:41.0219 0x19a0 Boot type: Normal boot
17:12:41.0219 0x19a0 ============================================================
17:12:46.0841 0x19a0 KLMD registered as C:\WINDOWS\system32\drivers\09575943.sys
17:12:50.0545 0x19a0 System UUID: {39FD47E9-9F9E-F92A-F36C-9A4A41B1BEB5}
17:12:53.0232 0x19a0 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:12:53.0322 0x19a0 ============================================================
17:12:53.0323 0x19a0 \Device\Harddisk0\DR0:
17:12:53.0475 0x19a0 GPT partitions:
17:12:53.0647 0x19a0 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0FF4FFB3-61FB-4981-8307-9253656B6667}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
17:12:53.0647 0x19a0 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1B016FBC-1F16-4B6E-BFF7-9A1B3629824B}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
17:12:53.0647 0x19a0 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A63BD998-ACCC-4086-8ED5-7ABD69CBE252}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
17:12:53.0647 0x19a0 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {10E0C19C-064A-4FD2-865D-A0A51907746A}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x550F8000
17:12:53.0647 0x19a0 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6C77960E-DECC-4458-AC8F-267857DAEB77}, Name: , StartLBA 0x55296800, BlocksNum 0xAF000
17:12:53.0647 0x19a0 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5021B4D0-43D0-4D96-B4BE-78F948557008}, Name: Basic data partition, StartLBA 0x55345800, BlocksNum 0x2200800
17:12:53.0647 0x19a0 MBR partitions:
17:12:53.0647 0x19a0 ============================================================
17:12:54.0057 0x19a0 C: <-> \Device\Harddisk0\DR0\Partition4
17:12:54.0057 0x19a0 ============================================================
17:12:54.0057 0x19a0 Initialize success
17:12:54.0057 0x19a0 ============================================================
17:14:05.0612 0x0df4 ============================================================
17:14:05.0612 0x0df4 Scan started
17:14:05.0612 0x0df4 Mode: Manual; SigCheck; TDLFS;
17:14:05.0612 0x0df4 ============================================================
17:14:05.0612 0x0df4 KSN ping started
17:14:08.0062 0x0df4 KSN ping finished: true
17:14:09.0380 0x0df4 ================ Scan system memory ========================
17:14:09.0380 0x0df4 System memory - ok
17:14:09.0380 0x0df4 ================ Scan services =============================
17:14:09.0764 0x0df4 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
17:14:09.0889 0x0df4 1394ohci - ok
17:14:09.0936 0x0df4 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
17:14:09.0936 0x0df4 3ware - ok
17:14:09.0998 0x0df4 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
17:14:10.0014 0x0df4 ACPI - ok
17:14:10.0030 0x0df4 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
17:14:10.0045 0x0df4 acpiex - ok
17:14:10.0061 0x0df4 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
17:14:10.0108 0x0df4 acpipagr - ok
17:14:10.0155 0x0df4 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
17:14:10.0233 0x0df4 AcpiPmi - ok
17:14:10.0248 0x0df4 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
17:14:10.0295 0x0df4 acpitime - ok
17:14:10.0358 0x0df4 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
17:14:10.0420 0x0df4 ADP80XX - ok
17:14:10.0483 0x0df4 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
17:14:10.0576 0x0df4 AeLookupSvc - ok
17:14:10.0639 0x0df4 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
17:14:11.0045 0x0df4 AFD - ok
17:14:11.0092 0x0df4 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
17:14:11.0108 0x0df4 agp440 - ok
17:14:11.0123 0x0df4 [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
17:14:11.0217 0x0df4 ahcache - ok
17:14:11.0264 0x0df4 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
17:14:11.0342 0x0df4 ALG - ok
17:14:11.0358 0x0df4 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
17:14:11.0451 0x0df4 AmdK8 - ok
17:14:11.0467 0x0df4 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
17:14:11.0498 0x0df4 AmdPPM - ok
17:14:11.0545 0x0df4 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
17:14:11.0545 0x0df4 amdsata - ok
17:14:11.0576 0x0df4 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
17:14:11.0592 0x0df4 amdsbs - ok
17:14:11.0608 0x0df4 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
17:14:11.0623 0x0df4 amdxata - ok
17:14:11.0670 0x0df4 [ 690E9CFCB6EA1E21BE32D88420B44943, F6DDDAA243943EB65F2BE56FD03C5D15705CED599B03E531B8050CC035B55587 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:14:11.0686 0x0df4 ApfiltrService - ok
17:14:11.0733 0x0df4 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
17:14:11.0826 0x0df4 AppID - ok
17:14:11.0858 0x0df4 [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
17:14:11.0905 0x0df4 AppIDSvc - ok
17:14:11.0936 0x0df4 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
17:14:11.0998 0x0df4 Appinfo - ok
17:14:12.0030 0x0df4 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
17:14:12.0373 0x0df4 AppReadiness - ok
17:14:12.0514 0x0df4 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
17:14:12.0748 0x0df4 AppXSvc - ok
17:14:12.0780 0x0df4 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
17:14:12.0795 0x0df4 arcsas - ok
17:14:12.0873 0x0df4 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:14:12.0952 0x0df4 AsyncMac - ok
17:14:12.0967 0x0df4 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
17:14:12.0983 0x0df4 atapi - ok
17:14:13.0030 0x0df4 [ 62A40F3DFF2B40915A1981285B14EFD4, 02F19978D153E816A6A879F6D0D67B2AB89F5964B86953F11B82D9970C3ED963 ] AthBTPort C:\WINDOWS\system32\DRIVERS\btath_flt.sys
17:14:13.0045 0x0df4 AthBTPort - ok
17:14:13.0202 0x0df4 [ 69BF08F9B599117694600021AE1D6A59, 0CB72D0520DBD9EF3F477B73E6641F7CABDD24DBFC4FA95605A3AA15A53CBECC ] AtherosSvc C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
17:14:13.0233 0x0df4 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
17:14:15.0764 0x0df4 Detect skipped due to KSN trusted
17:14:15.0764 0x0df4 AtherosSvc - ok
17:14:15.0999 0x0df4 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr C:\WINDOWS\system32\DRIVERS\athw8x.sys
17:14:16.0186 0x0df4 athr - ok
17:14:16.0249 0x0df4 [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:14:16.0264 0x0df4 atksgt - ok
17:14:16.0295 0x0df4 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
17:14:16.0374 0x0df4 AudioEndpointBuilder - ok
17:14:16.0420 0x0df4 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
17:14:16.0499 0x0df4 Audiosrv - ok
17:14:16.0561 0x0df4 [ 4EB2E8EE8BA47B58E08B67139C31CB41, 196F759A2BC3E978C3FDB1E37E0D40D56D43CB0004D5333E787CD4727A46F06C ] Avgboota C:\WINDOWS\system32\DRIVERS\avgboota.sys
17:14:16.0561 0x0df4 Avgboota - ok
17:14:16.0608 0x0df4 [ 54FE1CAFA3B3029B282E6A05EA672031, E972B8A22322FF06903A1E3AB20585E02A21C3A6EA9A75C172231494A08D14D1 ] Avgdiska C:\WINDOWS\system32\DRIVERS\avgdiska.sys
17:14:16.0624 0x0df4 Avgdiska - ok
17:14:16.0920 0x0df4 [ E2FDE8691C03525F095C8D01F005FA97, B234D8642F528550FB246127CBA24A2A115F8EAF8ED1BC8FD37562AFEBEF4978 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
17:14:16.0983 0x0df4 AVGIDSAgent - ok
17:14:17.0108 0x0df4 [ 079F75EE36CD275620298DA7D7636006, 323BA7B327BBE1FBEED3D16D83C2CF0DE5D0D0B9F38A86E3B93E40547FA742B7 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys
17:14:17.0327 0x0df4 AVGIDSDriver - ok
17:14:17.0358 0x0df4 [ 68070AEEE757ACC6EC5BC291B1E8EA1A, 8A4902CE6F4696F33CD6CF98F96FDA7895B99A676916F3137CF34192AF3C25A4 ] AVGIDSHA C:\WINDOWS\system32\DRIVERS\avgidsha.sys
17:14:17.0358 0x0df4 AVGIDSHA - ok
17:14:17.0374 0x0df4 [ 7C9E8FD2BFCE60BDF9B5944C0BE47C87, 0F51507BAECDEF7B6F553066621A03832FF070EC6837A8E304AABA1227F779BF ] Avgldx64 C:\WINDOWS\system32\DRIVERS\avgldx64.sys
17:14:17.0389 0x0df4 Avgldx64 - ok
17:14:17.0436 0x0df4 [ 179835151F9B3FCC2FCB5E633D4F1A2B, 0520CF4C897BD74601CB887E583A7F45AC78B8420293CDE0F8107FB05CD2AA70 ] Avgloga C:\WINDOWS\system32\DRIVERS\avgloga.sys
17:14:17.0452 0x0df4 Avgloga - ok
17:14:17.0499 0x0df4 [ 66B7273493BF49EE6BDECB574BC5B877, 59779808E57DCC3DF70DEC9779D09B7D62137DBBE2B535C51A08BD7A5DF8EA99 ] Avgmfx64 C:\WINDOWS\system32\DRIVERS\avgmfx64.sys
17:14:17.0514 0x0df4 Avgmfx64 - ok
17:14:17.0608 0x0df4 [ 3CE824D46BA1871713ABF147E6BAD556, B4D8AFC388BE06D6E3C5CDC865F80FF101E731E1D2B221FFC6C1E28487E1B3CD ] Avgrkx64 C:\WINDOWS\system32\DRIVERS\avgrkx64.sys
17:14:17.0608 0x0df4 Avgrkx64 - ok
17:14:17.0686 0x0df4 [ DCF350D917112A03D3CDC33C8ADEA87A, 78E7B8E6575EEB07C993EA71D699443C428B3258A748236264F75571FE23D796 ] avgwd C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
17:14:17.0686 0x0df4 avgwd - ok
17:14:17.0796 0x0df4 [ 2329F4A717F6BDD27EF484AD22AE5A88, C08B0613C54BBB35BD58051371591741C688111D823818618F51B2C01A8D8F8B ] Avgwfpa C:\WINDOWS\system32\DRIVERS\avgwfpa.sys
17:14:17.0796 0x0df4 Avgwfpa - ok
17:14:17.0842 0x0df4 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
17:14:17.0999 0x0df4 AxInstSV - ok
17:14:18.0046 0x0df4 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
17:14:18.0124 0x0df4 b06bdrv - ok
17:14:18.0139 0x0df4 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
17:14:18.0249 0x0df4 BasicDisplay - ok
17:14:18.0296 0x0df4 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
17:14:18.0483 0x0df4 BasicRender - ok
17:14:18.0530 0x0df4 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
17:14:18.0530 0x0df4 bcmfn2 - ok
17:14:18.0577 0x0df4 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
17:14:18.0639 0x0df4 BDESVC - ok
17:14:18.0686 0x0df4 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:14:19.0014 0x0df4 Beep - ok
17:14:19.0124 0x0df4 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\WINDOWS\System32\bfe.dll
17:14:19.0217 0x0df4 BFE - ok
17:14:19.0327 0x0df4 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
17:14:19.0436 0x0df4 BITS - ok
17:14:19.0468 0x0df4 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
17:14:19.0546 0x0df4 bowser - ok
17:14:19.0593 0x0df4 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
17:14:19.0686 0x0df4 BrokerInfrastructure - ok
17:14:19.0718 0x0df4 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
17:14:19.0811 0x0df4 Browser - ok
17:14:19.0874 0x0df4 [ 6BF12F3F3A5D3F2866E69B8B463BC0CD, E6D3358ABCF16ED2E68A93171C5E84D797137898BB2231E26FF0E4A07B8ADB22 ] BTATH_A2DP C:\WINDOWS\system32\drivers\btath_a2dp.sys
17:14:19.0874 0x0df4 BTATH_A2DP - ok
17:14:20.0014 0x0df4 [ DC7038090A369FE866B76DB18E356558, 6782DBDDA352FBF8C2F5F6A90591794B569F2897AA5BD901AF062E774E734E48 ] btath_avdt C:\WINDOWS\system32\drivers\btath_avdt.sys
17:14:20.0014 0x0df4 btath_avdt - ok
17:14:20.0046 0x0df4 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\WINDOWS\System32\drivers\btath_hcrp.sys
17:14:20.0061 0x0df4 BTATH_HCRP - ok
17:14:20.0093 0x0df4 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
17:14:20.0108 0x0df4 BTATH_LWFLT - ok
17:14:20.0139 0x0df4 [ A6019537D6125099363F90D0C6D181F9, CA0C46AABBF71E2A29C93A477A06D33E3CACC84978DD9D729BEFB339E50D7055 ] BTATH_RCP C:\WINDOWS\System32\drivers\btath_rcp.sys
17:14:20.0139 0x0df4 BTATH_RCP - ok
17:14:20.0171 0x0df4 [ 7A38787D2CF43FA2812E2BF86F636BB9, 1A22D38B8CA091E8E8D794FC316DE52E949102EB779A38A1FAE2F72DD3DD5945 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
17:14:20.0202 0x0df4 BtFilter - ok
17:14:20.0249 0x0df4 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
17:14:20.0280 0x0df4 BthAvrcpTg - ok
17:14:20.0343 0x0df4 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
17:14:20.0452 0x0df4 BthEnum - ok
17:14:20.0483 0x0df4 [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
17:14:20.0561 0x0df4 BthHFEnum - ok
17:14:20.0608 0x0df4 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
17:14:20.0639 0x0df4 bthhfhid - ok
17:14:20.0686 0x0df4 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
17:14:20.0733 0x0df4 BthHFSrv - ok
17:14:20.0796 0x0df4 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys
17:14:20.0905 0x0df4 BthLEEnum - ok
17:14:20.0905 0x0df4 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
17:14:20.0936 0x0df4 BTHMODEM - ok
17:14:20.0968 0x0df4 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
17:14:21.0124 0x0df4 BthPan - ok
17:14:21.0264 0x0df4 [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
17:14:21.0514 0x0df4 BTHPORT - ok
17:14:21.0546 0x0df4 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
17:14:21.0624 0x0df4 bthserv - ok
17:14:21.0671 0x0df4 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
17:14:21.0702 0x0df4 BTHUSB - ok
17:14:21.0905 0x0df4 [ CFA963D67CF8791B2145ED9E2B89ED95, 8A325E8257C3D948C4571B4386282C0A7102235C1202BED1654AE037BEAD0B49 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
17:14:21.0936 0x0df4 CCDMonitorService - ok
17:14:21.0999 0x0df4 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
17:14:22.0077 0x0df4 cdfs - ok
17:14:22.0108 0x0df4 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
17:14:22.0124 0x0df4 cdrom - ok
17:14:22.0218 0x0df4 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
17:14:22.0280 0x0df4 CertPropSvc - ok
17:14:22.0311 0x0df4 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
17:14:22.0327 0x0df4 circlass - ok
17:14:22.0374 0x0df4 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
17:14:22.0390 0x0df4 CLFS - ok
17:14:22.0577 0x0df4 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
17:14:22.0655 0x0df4 CmBatt - ok
17:14:22.0702 0x0df4 [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
17:14:22.0718 0x0df4 CNG - ok
17:14:22.0733 0x0df4 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
17:14:22.0765 0x0df4 CompositeBus - ok
17:14:22.0765 0x0df4 COMSysApp - ok
17:14:22.0796 0x0df4 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
17:14:22.0890 0x0df4 condrv - ok
17:14:23.0171 0x0df4 [ D5F868A46AED8E7CAD6C30E0599DD100, F016C3BAC207B5A513CB28E78F93D1347398B9BEEF8D1A32339D034AFB74CF6C ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
17:14:23.0202 0x0df4 cphs - ok
17:14:23.0233 0x0df4 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
17:14:23.0374 0x0df4 CryptSvc - ok
17:14:23.0405 0x0df4 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
17:14:23.0421 0x0df4 dam - ok
17:14:23.0515 0x0df4 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:14:23.0796 0x0df4 DcomLaunch - ok
17:14:23.0827 0x0df4 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
17:14:23.0952 0x0df4 defragsvc - ok
17:14:23.0999 0x0df4 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
17:14:24.0030 0x0df4 DeviceAssociationService - ok
17:14:24.0171 0x0df4 [ 91E80E3783883DA59A065E16AC031C3B, 4889980BE707C3C595F241411BD3E670517A50A33AECECEC471636969AFBA20E ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
17:14:24.0186 0x0df4 DeviceFastLaneService - ok
17:14:24.0249 0x0df4 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
17:14:24.0296 0x0df4 DeviceInstall - ok
17:14:24.0358 0x0df4 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
17:14:24.0483 0x0df4 Dfsc - ok
17:14:24.0546 0x0df4 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
17:14:24.0655 0x0df4 Dhcp - ok
17:14:24.0702 0x0df4 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
17:14:24.0718 0x0df4 disk - ok
17:14:24.0733 0x0df4 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
17:14:24.0827 0x0df4 dmvsc - ok
17:14:24.0905 0x0df4 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:14:24.0921 0x0df4 Dnscache - ok
17:14:24.0999 0x0df4 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
17:14:25.0077 0x0df4 dot3svc - ok
17:14:25.0124 0x0df4 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
17:14:25.0155 0x0df4 DPS - ok
17:14:25.0218 0x0df4 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:14:25.0233 0x0df4 drmkaud - ok
17:14:25.0280 0x0df4 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
17:14:25.0312 0x0df4 DsmSvc - ok
17:14:25.0358 0x0df4 [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
17:14:25.0374 0x0df4 dtsoftbus01 - ok
17:14:25.0562 0x0df4 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
17:14:25.0608 0x0df4 DXGKrnl - ok
17:14:25.0608 0x0df4 EagleX64 - ok
17:14:25.0671 0x0df4 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
17:14:25.0796 0x0df4 Eaphost - ok
17:14:26.0093 0x0df4 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
17:14:26.0218 0x0df4 ebdrv - ok
17:14:26.0265 0x0df4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
17:14:26.0296 0x0df4 EFS - ok
17:14:26.0358 0x0df4 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
17:14:26.0358 0x0df4 EhStorClass - ok
17:14:26.0437 0x0df4 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
17:14:26.0452 0x0df4 EhStorTcgDrv - ok
17:14:26.0515 0x0df4 [ 3D897AAAAC4BC8D6F069DA3BB65D136D, 65FAD19C638AE65FB29587EF980FB6EF12B528274469403281A5DCDD1E46C1DB ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
17:14:26.0577 0x0df4 ePowerSvc - ok
17:14:26.0608 0x0df4 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
17:14:26.0608 0x0df4 ErrDev - ok
17:14:26.0687 0x0df4 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
17:14:26.0812 0x0df4 EventSystem - ok
17:14:26.0843 0x0df4 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
17:14:26.0968 0x0df4 exfat - ok
17:14:27.0015 0x0df4 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
17:14:27.0015 0x0df4 fastfat - ok
17:14:27.0140 0x0df4 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
17:14:27.0234 0x0df4 Fax - ok
17:14:27.0234 0x0df4 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
17:14:27.0265 0x0df4 fdc - ok
17:14:27.0312 0x0df4 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
17:14:27.0374 0x0df4 fdPHost - ok
17:14:27.0421 0x0df4 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
17:14:27.0468 0x0df4 FDResPub - ok
17:14:27.0515 0x0df4 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
17:14:27.0687 0x0df4 fhsvc - ok
17:14:27.0812 0x0df4 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
17:14:27.0827 0x0df4 FileInfo - ok
17:14:27.0937 0x0df4 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
17:14:27.0984 0x0df4 Filetrace - ok
17:14:28.0248 0x0df4 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:14:28.0264 0x0df4 FLEXnet Licensing Service - ok
17:14:28.0279 0x0df4 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
17:14:28.0310 0x0df4 flpydisk - ok
17:14:28.0361 0x0df4 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:14:28.0376 0x0df4 FltMgr - ok
17:14:28.0503 0x0df4 [ 7269C9013FCFA3C6E70F03E2630DBFC3, AAB282B4444CC17D197974D05063C7C97E5202E604681DD2DC3BCF0AE77D6057 ] FontCache C:\WINDOWS\system32\FntCache.dll
17:14:28.0612 0x0df4 FontCache - ok
17:14:28.0800 0x0df4 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:14:28.0831 0x0df4 FontCache3.0.0.0 - ok
17:14:28.0878 0x0df4 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
17:14:28.0878 0x0df4 FsDepends - ok
17:14:28.0940 0x0df4 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:14:28.0940 0x0df4 Fs_Rec - ok
17:14:29.0050 0x0df4 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
17:14:29.0065 0x0df4 fvevol - ok
17:14:29.0112 0x0df4 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
17:14:29.0144 0x0df4 FxPPM - ok
17:14:29.0175 0x0df4 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
17:14:29.0175 0x0df4 gagp30kx - ok
17:14:29.0206 0x0df4 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
17:14:29.0237 0x0df4 gencounter - ok
17:14:29.0331 0x0df4 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
17:14:29.0378 0x0df4 GPIOClx0101 - ok
17:14:29.0534 0x0df4 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
17:14:29.0597 0x0df4 gpsvc - ok
17:14:29.0690 0x0df4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:14:29.0690 0x0df4 gupdate - ok
17:14:29.0706 0x0df4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:14:29.0722 0x0df4 gupdatem - ok
17:14:29.0769 0x0df4 [ 7797D1580D933056023B822BB5CD0FE2, 24585AAFB43862AE4B9228B513658D906550EC8A475C67182933FB233621A85D ] hamachi C:\WINDOWS\system32\DRIVERS\Hamdrv.sys
17:14:29.0784 0x0df4 hamachi - ok
17:14:29.0847 0x0df4 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
17:14:29.0956 0x0df4 HDAudBus - ok
17:14:30.0003 0x0df4 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
17:14:30.0034 0x0df4 HidBatt - ok
17:14:30.0097 0x0df4 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
17:14:30.0097 0x0df4 HidBth - ok
17:14:30.0128 0x0df4 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
17:14:30.0159 0x0df4 hidi2c - ok
17:14:30.0206 0x0df4 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
17:14:30.0222 0x0df4 HidIr - ok
17:14:30.0269 0x0df4 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
17:14:30.0351 0x0df4 hidserv - ok
17:14:30.0393 0x0df4 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
17:14:30.0549 0x0df4 HidUsb - ok
17:14:30.0596 0x0df4 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
17:14:30.0658 0x0df4 hkmsvc - ok
17:14:30.0752 0x0df4 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
17:14:30.0814 0x0df4 HomeGroupListener - ok
17:14:30.0877 0x0df4 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
17:14:30.0908 0x0df4 HomeGroupProvider - ok
17:14:30.0939 0x0df4 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
17:14:30.0971 0x0df4 HpSAMD - ok
17:14:31.0064 0x0df4 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
17:14:31.0115 0x0df4 HTTP - ok
17:14:31.0160 0x0df4 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
17:14:31.0176 0x0df4 hwpolicy - ok
17:14:31.0207 0x0df4 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
17:14:31.0245 0x0df4 hyperkbd - ok
17:14:31.0307 0x0df4 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
17:14:31.0338 0x0df4 HyperVideo - ok
17:14:31.0370 0x0df4 [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
17:14:31.0497 0x0df4 i8042prt - ok
17:14:31.0560 0x0df4 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
17:14:31.0560 0x0df4 iaLPSSi_GPIO - ok
17:14:31.0591 0x0df4 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
17:14:31.0606 0x0df4 iaLPSSi_I2C - ok
17:14:31.0751 0x0df4 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
17:14:31.0789 0x0df4 iaStorA - ok
17:14:31.0938 0x0df4 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
17:14:31.0959 0x0df4 iaStorAV - ok
17:14:31.0996 0x0df4 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
17:14:32.0014 0x0df4 iaStorV - ok
17:14:32.0299 0x0df4 [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
17:14:32.0409 0x0df4 IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
17:14:34.0943 0x0df4 Detect skipped due to KSN trusted
17:14:34.0943 0x0df4 IconMan_R - ok
17:14:34.0943 0x0df4 IEEtwCollectorService - ok
17:14:35.0178 0x0df4 [ 4F6363C26B4A3DDBC9FAFCBA68602B01, 0920551F9312D967AAA68003BD8C4A312AA8F1E8B826DDE8BF59B9B639AB5F3B ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
17:14:35.0396 0x0df4 igfx - ok
17:14:35.0506 0x0df4 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
17:14:35.0537 0x0df4 IKEEXT - ok
17:14:35.0740 0x0df4 [ DDC860724AEF8F8E42AC61E6585769C6, 62AD5772E8097B03E161E6F14582E2A4BBA0DFA1A1E7F664D881D464E136DBD2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
17:14:35.0881 0x0df4 IntcAzAudAddService - ok
17:14:35.0959 0x0df4 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
17:14:36.0021 0x0df4 IntcDAud - ok
17:14:36.0162 0x0df4 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:14:36.0209 0x0df4 Intel(R) Capability Licensing Service Interface - ok
17:14:36.0240 0x0df4 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
17:14:36.0240 0x0df4 intelide - ok
17:14:36.0287 0x0df4 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
17:14:36.0309 0x0df4 intelpep - ok
17:14:36.0366 0x0df4 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
17:14:36.0404 0x0df4 intelppm - ok
17:14:36.0451 0x0df4 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:14:36.0482 0x0df4 IpFilterDriver - ok
17:14:36.0574 0x0df4 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
17:14:36.0623 0x0df4 iphlpsvc - ok
17:14:36.0654 0x0df4 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
17:14:36.0858 0x0df4 IPMIDRV - ok
17:14:36.0904 0x0df4 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
17:14:37.0045 0x0df4 IPNAT - ok
17:14:37.0154 0x0df4 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
17:14:37.0201 0x0df4 IRENUM - ok
17:14:37.0233 0x0df4 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
17:14:37.0248 0x0df4 isapnp - ok
17:14:37.0271 0x0df4 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
17:14:37.0287 0x0df4 iScsiPrt - ok
17:14:37.0332 0x0df4 [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
17:14:37.0340 0x0df4 iwdbus - ok
17:14:37.0463 0x0df4 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:14:37.0479 0x0df4 jhi_service - ok
17:14:37.0526 0x0df4 [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
17:14:37.0541 0x0df4 kbdclass - ok
17:14:37.0588 0x0df4 [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
17:14:37.0620 0x0df4 kbdhid - ok
17:14:37.0664 0x0df4 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
17:14:37.0749 0x0df4 kdnic - ok
17:14:37.0764 0x0df4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
17:14:37.0785 0x0df4 KeyIso - ok
17:14:37.0814 0x0df4 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
17:14:37.0838 0x0df4 KSecDD - ok
17:14:37.0897 0x0df4 [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
17:14:37.0913 0x0df4 KSecPkg - ok
17:14:37.0967 0x0df4 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
17:14:37.0977 0x0df4 ksthunk - ok
17:14:38.0006 0x0df4 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
17:14:38.0024 0x0df4 KtmRm - ok
17:14:38.0060 0x0df4 [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
17:14:38.0069 0x0df4 L1C - ok
17:14:38.0172 0x0df4 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
17:14:38.0234 0x0df4 LanmanServer - ok
17:14:38.0312 0x0df4 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
17:14:38.0421 0x0df4 LanmanWorkstation - ok
17:14:38.0480 0x0df4 [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
17:14:38.0595 0x0df4 lfsvc - ok
17:14:38.0626 0x0df4 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys
17:14:38.0626 0x0df4 LGBusEnum - ok
17:14:38.0673 0x0df4 [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys
17:14:38.0673 0x0df4 LGSHidFilt - ok
17:14:38.0704 0x0df4 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys
17:14:38.0704 0x0df4 LGVirHid - ok
17:14:38.0736 0x0df4 [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:14:38.0743 0x0df4 lirsgt - ok
17:14:38.0787 0x0df4 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
17:14:38.0828 0x0df4 lltdio - ok
17:14:38.0899 0x0df4 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
17:14:38.0943 0x0df4 lltdsvc - ok
17:14:38.0977 0x0df4 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
17:14:39.0047 0x0df4 lmhosts - ok
17:14:39.0054 0x0df4 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:14:39.0070 0x0df4 LMS - ok
17:14:39.0117 0x0df4 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
17:14:39.0148 0x0df4 LSI_SAS - ok
17:14:39.0179 0x0df4 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
17:14:39.0179 0x0df4 LSI_SAS2 - ok
17:14:39.0211 0x0df4 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
17:14:39.0211 0x0df4 LSI_SAS3 - ok
17:14:39.0226 0x0df4 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
17:14:39.0242 0x0df4 LSI_SSS - ok
17:14:39.0320 0x0df4 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
17:14:39.0461 0x0df4 LSM - ok
17:14:39.0508 0x0df4 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
17:14:39.0617 0x0df4 luafv - ok
17:14:39.0664 0x0df4 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
17:14:39.0679 0x0df4 megasas - ok
17:14:39.0711 0x0df4 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
17:14:39.0758 0x0df4 megasr - ok
17:14:39.0789 0x0df4 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
17:14:39.0804 0x0df4 MEIx64 - ok
17:14:39.0945 0x0df4 Microsoft SharePoint Workspace Audit Service - ok
17:14:39.0992 0x0df4 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
17:14:40.0054 0x0df4 MMCSS - ok
17:14:40.0101 0x0df4 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
17:14:40.0148 0x0df4 Modem - ok
17:14:40.0179 0x0df4 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
17:14:40.0258 0x0df4 monitor - ok
17:14:40.0304 0x0df4 [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
17:14:40.0320 0x0df4 mouclass - ok
17:14:40.0367 0x0df4 [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
17:14:40.0414 0x0df4 mouhid - ok
17:14:40.0476 0x0df4 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
17:14:40.0476 0x0df4 mountmgr - ok
17:14:40.0508 0x0df4 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
17:14:40.0570 0x0df4 mpsdrv - ok
17:14:40.0633 0x0df4 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
17:14:40.0679 0x0df4 MpsSvc - ok
17:14:40.0726 0x0df4 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
17:14:40.0820 0x0df4 MRxDAV - ok
17:14:40.0867 0x0df4 [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:14:40.0961 0x0df4 mrxsmb - ok
17:14:41.0054 0x0df4 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
17:14:41.0117 0x0df4 mrxsmb10 - ok
17:14:41.0179 0x0df4 [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
17:14:41.0258 0x0df4 mrxsmb20 - ok
17:14:41.0304 0x0df4 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
17:14:41.0336 0x0df4 MsBridge - ok
17:14:41.0383 0x0df4 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:14:41.0383 0x0df4 MSDTC - ok
17:14:41.0414 0x0df4 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:14:41.0445 0x0df4 Msfs - ok
17:14:41.0523 0x0df4 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
17:14:41.0539 0x0df4 msgpiowin32 - ok
17:14:41.0555 0x0df4 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
17:14:41.0570 0x0df4 mshidkmdf - ok
17:14:41.0601 0x0df4 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
17:14:41.0617 0x0df4 mshidumdf - ok
17:14:41.0648 0x0df4 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
17:14:41.0648 0x0df4 msisadrv - ok
17:14:41.0726 0x0df4 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
17:14:41.0758 0x0df4 MSiSCSI - ok
17:14:41.0758 0x0df4 msiserver - ok
17:14:41.0805 0x0df4 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:14:41.0851 0x0df4 MSKSSRV - ok
17:14:41.0883 0x0df4 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
17:14:41.0945 0x0df4 MsLldp - ok
17:14:41.0945 0x0df4 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:14:41.0961 0x0df4 MSPCLOCK - ok
17:14:41.0961 0x0df4 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:14:42.0008 0x0df4 MSPQM - ok
17:14:42.0055 0x0df4 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
17:14:42.0070 0x0df4 MsRPC - ok
17:14:42.0101 0x0df4 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
17:14:42.0117 0x0df4 mssmbios - ok
17:14:42.0117 0x0df4 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:14:42.0148 0x0df4 MSTEE - ok
17:14:42.0164 0x0df4 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
17:14:42.0195 0x0df4 MTConfig - ok
17:14:42.0226 0x0df4 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
17:14:42.0226 0x0df4 Mup - ok
17:14:42.0273 0x0df4 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
17:14:42.0289 0x0df4 mvumis - ok
17:14:42.0351 0x0df4 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
17:14:42.0367 0x0df4 napagent - ok
17:14:42.0430 0x0df4 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
17:14:42.0492 0x0df4 NativeWifiP - ok
17:14:42.0555 0x0df4 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
17:14:42.0617 0x0df4 NcaSvc - ok
17:14:42.0680 0x0df4 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
17:14:42.0851 0x0df4 NcbService - ok
17:14:42.0883 0x0df4 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
17:14:43.0008 0x0df4 NcdAutoSetup - ok
17:14:43.0101 0x0df4 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
17:14:43.0148 0x0df4 NDIS - ok
17:14:43.0195 0x0df4 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
17:14:43.0242 0x0df4 NdisCap - ok
17:14:43.0273 0x0df4 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
17:14:43.0336 0x0df4 NdisImPlatform - ok
17:14:43.0367 0x0df4 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:14:43.0445 0x0df4 NdisTapi - ok
17:14:43.0492 0x0df4 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:14:43.0555 0x0df4 Ndisuio - ok
17:14:43.0570 0x0df4 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
17:14:43.0601 0x0df4 NdisVirtualBus - ok
17:14:43.0664 0x0df4 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:14:43.0695 0x0df4 NdisWan - ok
17:14:43.0695 0x0df4 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:14:43.0711 0x0df4 NdisWanLegacy - ok
17:14:43.0789 0x0df4 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:14:43.0789 0x0df4 NDProxy - ok
17:14:43.0852 0x0df4 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
17:14:44.0025 0x0df4 Ndu - ok
17:14:44.0088 0x0df4 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:14:44.0119 0x0df4 NetBIOS - ok
17:14:44.0181 0x0df4 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:14:44.0244 0x0df4 NetBT - ok
17:14:44.0260 0x0df4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
17:14:44.0260 0x0df4 Netlogon - ok
17:14:44.0338 0x0df4 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
17:14:44.0369 0x0df4 Netman - ok
17:14:44.0447 0x0df4 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
17:14:44.0510 0x0df4 netprofm - ok
17:14:44.0603 0x0df4 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:14:44.0713 0x0df4 NetTcpPortSharing - ok
17:14:44.0775 0x0df4 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
17:14:44.0853 0x0df4 netvsc - ok
17:14:44.0885 0x0df4 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
17:14:44.0963 0x0df4 NlaSvc - ok
17:14:45.0010 0x0df4 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:14:45.0041 0x0df4 Npfs - ok
17:14:45.0088 0x0df4 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
17:14:45.0166 0x0df4 npsvctrig - ok
17:14:45.0197 0x0df4 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
17:14:45.0291 0x0df4 nsi - ok
17:14:45.0338 0x0df4 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
17:14:45.0369 0x0df4 nsiproxy - ok
17:14:45.0525 0x0df4 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:14:45.0603 0x0df4 Ntfs - ok
17:14:45.0744 0x0df4 [ 24802A206925A340DBA52ABF83C21315, 39E6FD63C7C93A833E3D5CC928AFF9286059538798DBF77C16ADDE64112E2661 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
17:14:45.0744 0x0df4 NTI IScheduleSvc - ok
17:14:45.0775 0x0df4 [ 710263B44C1D1AEE07525A53401FBE48, 9E30D956099F42A7F8125664E671AEE49A6EDE0C2B717EC9B4488556A386FA21 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
17:14:45.0775 0x0df4 NTIDrvr - ok
17:14:45.0822 0x0df4 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
17:14:45.0869 0x0df4 Null - ok
17:14:46.0447 0x0df4 [ 0AC797F70F2F3E5B69A34FF2F63496F3, 80A811F8234BA00779BA76AAF41E830FB6CED03667E6E8F430C14DEBF2E45DD9 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
17:14:46.0822 0x0df4 nvlddmkm - ok
17:14:47.0010 0x0df4 [ 048C6FACA905A7DF0A86D3CC31D7E6AE, 7222B301DBBDFF15B038E13FEA076759D8AC392F5145ECD60A640BDA6CFABE8C ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
17:14:47.0041 0x0df4 NvNetworkService - ok
17:14:47.0103 0x0df4 [ C045199456CE8B823AD85CB9507DEA3C, 9C070B7463AB22D1AFC116E89C690FD552ED68D138F9DD3BA9FAD9BB652DC940 ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
17:14:47.0119 0x0df4 nvpciflt - ok
17:14:47.0213 0x0df4 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
17:14:47.0213 0x0df4 nvraid - ok
17:14:47.0275 0x0df4 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
17:14:47.0291 0x0df4 nvstor - ok
17:14:47.0557 0x0df4 [ 3ABCD8F8853FEB12B961E9A48FC12133, 58255D53E810EE0D89FA2F1DC9D6208BF44F3C0FDE74A9264FB740024F1EDD44 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
17:14:47.0572 0x0df4 NvStreamKms - ok
17:14:47.0572 0x0df4 NvStreamSvc - ok
17:14:47.0760 0x0df4 [ C135A25E8CF21EB631AB041ABB1F73EA, D0A3DC0411E888D0934B7579EEB980FA7824E3F22F70819A33411D8B8BC9EE42 ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
17:14:47.0791 0x0df4 nvsvc - ok
17:14:47.0822 0x0df4 [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
17:14:47.0822 0x0df4 nvvad_WaveExtensible - ok
17:14:47.0869 0x0df4 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
17:14:47.0869 0x0df4 nv_agp - ok
17:14:48.0041 0x0df4 [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
17:14:48.0119 0x0df4 Origin Client Service - ok
17:14:48.0244 0x0df4 [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:48.0244 0x0df4 ose64 - ok
17:14:48.0510 0x0df4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:14:48.0650 0x0df4 osppsvc - ok
17:14:48.0744 0x0df4 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
17:14:48.0854 0x0df4 p2pimsvc - ok
17:14:48.0900 0x0df4 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
17:14:48.0979 0x0df4 p2psvc - ok
17:14:49.0041 0x0df4 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
17:14:49.0135 0x0df4 Parport - ok
17:14:49.0182 0x0df4 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
17:14:49.0197 0x0df4 partmgr - ok
17:14:49.0275 0x0df4 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
17:14:49.0291 0x0df4 PcaSvc - ok
17:14:49.0432 0x0df4 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
17:14:49.0447 0x0df4 pci - ok
17:14:49.0494 0x0df4 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
17:14:49.0510 0x0df4 pciide - ok
17:14:49.0525 0x0df4 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
17:14:49.0525 0x0df4 pcmcia - ok
17:14:49.0541 0x0df4 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
17:14:49.0557 0x0df4 pcw - ok
17:14:49.0572 0x0df4 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
17:14:49.0572 0x0df4 pdc - ok
17:14:49.0619 0x0df4 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
17:14:49.0744 0x0df4 PEAUTH - ok
17:14:49.0979 0x0df4 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
17:14:50.0072 0x0df4 PerfHost - ok
17:14:50.0213 0x0df4 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
17:14:50.0275 0x0df4 pla - ok
17:14:50.0307 0x0df4 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
17:14:50.0322 0x0df4 PlugPlay - ok
17:14:50.0322 0x0df4 PnkBstrA - ok
17:14:50.0401 0x0df4 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
17:14:50.0463 0x0df4 PNRPAutoReg - ok
17:14:50.0510 0x0df4 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
17:14:50.0526 0x0df4 PNRPsvc - ok
17:14:50.0619 0x0df4 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
17:14:50.0651 0x0df4 PolicyAgent - ok
17:14:50.0697 0x0df4 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
17:14:50.0822 0x0df4 Power - ok
17:14:50.0869 0x0df4 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:14:50.0916 0x0df4 PptpMiniport - ok
17:14:51.0119 0x0df4 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:14:51.0322 0x0df4 PrintNotify - ok
17:14:51.0375 0x0df4 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
17:14:51.0407 0x0df4 Processor - ok
17:14:51.0483 0x0df4 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
17:14:51.0574 0x0df4 ProfSvc - ok
17:14:51.0621 0x0df4 [ AF038FA3D3748B7595FE7096AD803696, 55263B2424BE1F59F16050C8A0A3B16B2A3A4C212051170DE8A49AC387BE1386 ] Ps2Kb2Hid C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys
17:14:51.0637 0x0df4 Ps2Kb2Hid - ok
17:14:51.0668 0x0df4 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
17:14:51.0684 0x0df4 Psched - ok
17:14:51.0762 0x0df4 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
17:14:51.0841 0x0df4 QWAVE - ok
17:14:51.0903 0x0df4 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
17:14:51.0919 0x0df4 QWAVEdrv - ok
17:14:51.0950 0x0df4 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:14:51.0982 0x0df4 RasAcd - ok
17:14:52.0013 0x0df4 [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
17:14:52.0038 0x0df4 RasAgileVpn - ok
17:14:52.0102 0x0df4 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:14:52.0131 0x0df4 RasAuto - ok
17:14:52.0170 0x0df4 [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:14:52.0205 0x0df4 Rasl2tp - ok
17:14:52.0248 0x0df4 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:14:52.0320 0x0df4 RasMan - ok
17:14:52.0356 0x0df4 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:14:52.0395 0x0df4 RasPppoe - ok
17:14:52.0466 0x0df4 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
17:14:52.0497 0x0df4 RasSstp - ok
17:14:52.0538 0x0df4 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:14:52.0773 0x0df4 rdbss - ok
17:14:52.0814 0x0df4 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
17:14:52.0876 0x0df4 rdpbus - ok
17:14:52.0923 0x0df4 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
17:14:53.0015 0x0df4 RDPDR - ok
17:14:53.0061 0x0df4 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
17:14:53.0061 0x0df4 RdpVideoMiniport - ok
17:14:53.0124 0x0df4 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
17:14:53.0140 0x0df4 rdyboost - ok
17:14:53.0171 0x0df4 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
17:14:53.0218 0x0df4 ReFS - ok
17:14:53.0265 0x0df4 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:14:53.0281 0x0df4 RemoteAccess - ok
17:14:53.0359 0x0df4 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:14:53.0421 0x0df4 RemoteRegistry - ok
17:14:53.0456 0x0df4 [ CF59781FCB68F859EB6C835ED285211D, E979014C07BF45F4F27E4433ED6B8FA618E4416CB01075FBF52CB2536EC63984 ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
17:14:53.0463 0x0df4 RfButtonDriverService - ok
17:14:53.0524 0x0df4 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
17:14:53.0537 0x0df4 RFCOMM - ok
17:14:53.0566 0x0df4 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
17:14:53.0599 0x0df4 RpcEptMapper - ok
17:14:53.0658 0x0df4 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
17:14:53.0744 0x0df4 RpcLocator - ok
17:14:53.0803 0x0df4 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:14:53.0819 0x0df4 RpcSs - ok
17:14:53.0897 0x0df4 [ 7BFDFD1D2244B444D7BBC55087426518, 06DF03A734A8A1956C842E30B4A1F143CD59B2DD09E0F8F01E6B4CE2A3D1D418 ] RSPCIESTOR C:\WINDOWS\system32\DRIVERS\RtsPStor.sys
17:14:53.0913 0x0df4 RSPCIESTOR - ok
17:14:53.0960 0x0df4 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:14:53.0991 0x0df4 rspndr - ok
17:14:54.0022 0x0df4 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
17:14:54.0053 0x0df4 s3cap - ok
17:14:54.0085 0x0df4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
17:14:54.0116 0x0df4 SamSs - ok
17:14:54.0178 0x0df4 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
17:14:54.0178 0x0df4 sbp2port - ok
17:14:54.0225 0x0df4 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
17:14:54.0257 0x0df4 SCardSvr - ok
17:14:54.0288 0x0df4 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
17:14:54.0319 0x0df4 ScDeviceEnum - ok
17:14:54.0366 0x0df4 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
17:14:54.0382 0x0df4 scfilter - ok
17:14:54.0475 0x0df4 [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:14:54.0538 0x0df4 Schedule - ok
17:14:54.0585 0x0df4 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
17:14:54.0585 0x0df4 SCPolicySvc - ok
17:14:54.0725 0x0df4 [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
17:14:54.0804 0x0df4 sdbus - ok
17:14:54.0913 0x0df4 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
17:14:54.0929 0x0df4 sdstor - ok
17:14:54.0975 0x0df4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
17:14:54.0975 0x0df4 secdrv - ok
17:14:55.0022 0x0df4 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
17:14:55.0054 0x0df4 seclogon - ok
17:14:55.0085 0x0df4 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
17:14:55.0100 0x0df4 SENS - ok
17:14:55.0163 0x0df4 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
17:14:55.0241 0x0df4 SensrSvc - ok
17:14:55.0288 0x0df4 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
17:14:55.0288 0x0df4 SerCx - ok
17:14:55.0335 0x0df4 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
17:14:55.0350 0x0df4 SerCx2 - ok
17:14:55.0366 0x0df4 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
17:14:55.0382 0x0df4 Serenum - ok
17:14:55.0413 0x0df4 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
17:14:55.0429 0x0df4 Serial - ok
17:14:55.0491 0x0df4 [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
17:14:55.0491 0x0df4 sermouse - ok
17:14:55.0554 0x0df4 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
17:14:55.0632 0x0df4 SessionEnv - ok
17:14:55.0679 0x0df4 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
17:14:55.0694 0x0df4 sfloppy - ok
17:14:55.0772 0x0df4 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:14:55.0788 0x0df4 SharedAccess - ok
17:14:55.0850 0x0df4 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:14:55.0897 0x0df4 ShellHWDetection - ok
17:14:55.0913 0x0df4 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
17:14:55.0929 0x0df4 SiSRaid2 - ok
17:14:55.0991 0x0df4 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
17:14:55.0991 0x0df4 SiSRaid4 - ok
17:14:56.0163 0x0df4 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:14:56.0179 0x0df4 SkypeUpdate - ok
17:14:56.0241 0x0df4 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
17:14:56.0288 0x0df4 smphost - ok
17:14:56.0335 0x0df4 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
17:14:56.0366 0x0df4 SNMPTRAP - ok
17:14:56.0444 0x0df4 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
17:14:56.0460 0x0df4 spaceport - ok
17:14:56.0522 0x0df4 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
17:14:56.0538 0x0df4 SpbCx - ok
17:14:56.0600 0x0df4 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
17:14:56.0679 0x0df4 Spooler - ok
17:14:57.0054 0x0df4 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
17:14:57.0272 0x0df4 sppsvc - ok
17:14:57.0366 0x0df4 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:14:57.0585 0x0df4 srv - ok
17:14:57.0647 0x0df4 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
17:14:57.0710 0x0df4 srv2 - ok
17:14:57.0772 0x0df4 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
17:14:57.0897 0x0df4 srvnet - ok
17:14:57.0944 0x0df4 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:14:57.0991 0x0df4 SSDPSRV - ok
17:14:58.0054 0x0df4 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
17:14:58.0085 0x0df4 SstpSvc - ok
17:14:58.0147 0x0df4 [ EBAA82F7C9B97C0E450449178E007340, D470927CC216C4E3EA23236E6C6464187CD3A49C3A4A456F488FEC8E713EA31B ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:14:58.0213 0x0df4 Steam Client Service - ok
17:14:58.0269 0x0df4 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
17:14:58.0269 0x0df4 stexstor - ok
17:14:58.0332 0x0df4 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
17:14:58.0410 0x0df4 stisvc - ok
17:14:58.0426 0x0df4 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
17:14:58.0457 0x0df4 storahci - ok
17:14:58.0519 0x0df4 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
17:14:58.0519 0x0df4 storflt - ok
17:14:58.0566 0x0df4 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
17:14:58.0566 0x0df4 stornvme - ok
17:14:58.0613 0x0df4 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
17:14:58.0676 0x0df4 StorSvc - ok
17:14:58.0722 0x0df4 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
17:14:58.0722 0x0df4 storvsc - ok
17:14:58.0785 0x0df4 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
17:14:58.0910 0x0df4 svsvc - ok
17:14:58.0957 0x0df4 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
17:14:58.0957 0x0df4 swenum - ok
17:14:59.0019 0x0df4 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
17:14:59.0113 0x0df4 swprv - ok
17:14:59.0160 0x0df4 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\WINDOWS\system32\sysmain.dll
17:14:59.0238 0x0df4 SysMain - ok
17:14:59.0332 0x0df4 [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
17:14:59.0394 0x0df4 SystemEventsBroker - ok
17:14:59.0441 0x0df4 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
17:14:59.0519 0x0df4 TabletInputService - ok
17:14:59.0598 0x0df4 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:14:59.0691 0x0df4 TapiSrv - ok
17:14:59.0926 0x0df4 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
17:14:59.0988 0x0df4 Tcpip - ok
17:15:00.0113 0x0df4 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:15:00.0176 0x0df4 TCPIP6 - ok
17:15:00.0223 0x0df4 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
17:15:00.0363 0x0df4 tcpipreg - ok
17:15:00.0410 0x0df4 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
17:15:00.0410 0x0df4 tdx - ok
17:15:00.0457 0x0df4 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
17:15:00.0473 0x0df4 terminpt - ok
17:15:00.0598 0x0df4 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
17:15:00.0644 0x0df4 TermService - ok
17:15:00.0691 0x0df4 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
17:15:00.0691 0x0df4 Themes - ok
17:15:00.0738 0x0df4 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
17:15:00.0754 0x0df4 THREADORDER - ok
17:15:00.0816 0x0df4 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
17:15:00.0926 0x0df4 TimeBroker - ok
17:15:00.0957 0x0df4 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
17:15:00.0973 0x0df4 TPM - ok
17:15:01.0004 0x0df4 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
17:15:01.0019 0x0df4 TrkWks - ok
17:15:01.0145 0x0df4 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
17:15:01.0207 0x0df4 TrustedInstaller - ok
17:15:01.0223 0x0df4 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
17:15:01.0301 0x0df4 TsUsbFlt - ok
17:15:01.0363 0x0df4 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
17:15:01.0441 0x0df4 TsUsbGD - ok
17:15:01.0488 0x0df4 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
17:15:01.0520 0x0df4 tunnel - ok
17:15:01.0551 0x0df4 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
17:15:01.0566 0x0df4 uagp35 - ok
17:15:01.0629 0x0df4 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
17:15:01.0645 0x0df4 UASPStor - ok
17:15:01.0660 0x0df4 [ 69CC6087483FCE6AEBF1DF5AE791044F, 64A2699447049F77A4A5469537F81124114978BF356C079B123B79782EDC760A ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
17:15:01.0676 0x0df4 UBHelper - ok
17:15:01.0738 0x0df4 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
17:15:01.0754 0x0df4 UCX01000 - ok
17:15:01.0770 0x0df4 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
17:15:01.0785 0x0df4 udfs - ok
17:15:01.0832 0x0df4 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
17:15:01.0848 0x0df4 UEFI - ok
17:15:01.0895 0x0df4 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
17:15:01.0957 0x0df4 UI0Detect - ok
17:15:01.0988 0x0df4 [ 5B56D479F2E12F63F8E41E930F0DCCE6, 36FA93F14313BED14C08520E5BA9FF8689C138E30AF603D02D10F30ECFC54E61 ] uisp C:\WINDOWS\System32\Drivers\mtdfu.sys
17:15:02.0004 0x0df4 uisp - ok
17:15:02.0020 0x0df4 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
17:15:02.0020 0x0df4 uliagpkx - ok
17:15:02.0035 0x0df4 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
17:15:02.0051 0x0df4 umbus - ok
17:15:02.0098 0x0df4 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
17:15:02.0113 0x0df4 UmPass - ok
17:15:02.0191 0x0df4 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
17:15:02.0270 0x0df4 UmRdpService - ok
17:15:02.0450 0x0df4 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:15:02.0465 0x0df4 UNS - ok
17:15:02.0573 0x0df4 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:15:02.0604 0x0df4 upnphost - ok
17:15:02.0666 0x0df4 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
17:15:02.0666 0x0df4 usbccgp - ok
17:15:02.0682 0x0df4 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
17:15:02.0698 0x0df4 usbcir - ok
17:15:02.0713 0x0df4 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
17:15:02.0729 0x0df4 usbehci - ok
17:15:02.0838 0x0df4 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
17:15:02.0853 0x0df4 usbhub - ok
17:15:02.0931 0x0df4 [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
17:15:02.0947 0x0df4 USBHUB3 - ok
17:15:03.0010 0x0df4 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
17:15:03.0195 0x0df4 usbohci - ok
17:15:03.0230 0x0df4 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
17:15:03.0257 0x0df4 usbprint - ok
17:15:03.0351 0x0df4 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
17:15:03.0363 0x0df4 USBSTOR - ok
17:15:03.0407 0x0df4 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
17:15:03.0454 0x0df4 usbuhci - ok
17:15:03.0500 0x0df4 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
17:15:03.0532 0x0df4 usbvideo - ok
17:15:03.0625 0x0df4 [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
17:15:03.0641 0x0df4 USBXHCI - ok
17:15:03.0657 0x0df4 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
17:15:03.0688 0x0df4 VaultSvc - ok
17:15:03.0750 0x0df4 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
17:15:03.0766 0x0df4 vdrvroot - ok
17:15:03.0985 0x0df4 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
17:15:04.0047 0x0df4 vds - ok
17:15:04.0094 0x0df4 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
17:15:04.0110 0x0df4 VerifierExt - ok
17:15:04.0204 0x0df4 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
17:15:04.0219 0x0df4 vhdmp - ok
17:15:04.0282 0x0df4 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
17:15:04.0282 0x0df4 viaide - ok
17:15:04.0344 0x0df4 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
17:15:04.0344 0x0df4 vmbus - ok
17:15:04.0360 0x0df4 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
17:15:04.0375 0x0df4 VMBusHID - ok
17:15:04.0454 0x0df4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
17:15:04.0469 0x0df4 vmicguestinterface - ok
17:15:04.0485 0x0df4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
17:15:04.0501 0x0df4 vmicheartbeat - ok
17:15:04.0516 0x0df4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
17:15:04.0532 0x0df4 vmickvpexchange - ok
17:15:04.0579 0x0df4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
17:15:04.0594 0x0df4 vmicrdv - ok
17:15:04.0626 0x0df4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
17:15:04.0657 0x0df4 vmicshutdown - ok
17:15:04.0688 0x0df4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
17:15:04.0704 0x0df4 vmictimesync - ok
17:15:04.0719 0x0df4 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
17:15:04.0735 0x0df4 vmicvss - ok
17:15:04.0782 0x0df4 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
17:15:04.0782 0x0df4 volmgr - ok
17:15:04.0813 0x0df4 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
17:15:04.0829 0x0df4 volmgrx - ok
17:15:04.0860 0x0df4 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
17:15:04.0891 0x0df4 volsnap - ok
17:15:04.0969 0x0df4 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
17:15:04.0985 0x0df4 vpci - ok
17:15:05.0094 0x0df4 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
17:15:05.0126 0x0df4 vsmraid - ok
17:15:05.0297 0x0df4 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
17:15:05.0391 0x0df4 VSS - ok
17:15:05.0422 0x0df4 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
17:15:05.0438 0x0df4 VSTXRAID - ok
17:15:05.0438 0x0df4 vToolbarUpdater18.4.0 - ok
17:15:05.0501 0x0df4 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
17:15:05.0672 0x0df4 vwifibus - ok
17:15:05.0688 0x0df4 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
17:15:05.0735 0x0df4 vwififlt - ok
17:15:05.0751 0x0df4 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
17:15:05.0797 0x0df4 vwifimp - ok
17:15:05.0829 0x0df4 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
17:15:05.0922 0x0df4 W32Time - ok
17:15:05.0954 0x0df4 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
17:15:06.0001 0x0df4 WacomPen - ok
17:15:06.0079 0x0df4 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:15:06.0110 0x0df4 Wanarp - ok
17:15:06.0126 0x0df4 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:15:06.0126 0x0df4 Wanarpv6 - ok
17:15:06.0282 0x0df4 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
17:15:06.0376 0x0df4 wbengine - ok
17:15:06.0422 0x0df4 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
17:15:06.0485 0x0df4 WbioSrvc - ok
17:15:06.0532 0x0df4 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
17:15:06.0563 0x0df4 Wcmsvc - ok
17:15:06.0594 0x0df4 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
17:15:06.0610 0x0df4 wcncsvc - ok
17:15:06.0657 0x0df4 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
17:15:06.0782 0x0df4 WcsPlugInService - ok
17:15:06.0829 0x0df4 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
17:15:06.0829 0x0df4 WdBoot - ok
17:15:06.0923 0x0df4 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
17:15:06.0938 0x0df4 Wdf01000 - ok
17:15:07.0032 0x0df4 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
17:15:07.0048 0x0df4 WdFilter - ok
17:15:07.0110 0x0df4 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
17:15:07.0141 0x0df4 WdiServiceHost - ok
17:15:07.0141 0x0df4 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
17:15:07.0157 0x0df4 WdiSystemHost - ok
17:15:07.0188 0x0df4 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
17:15:07.0204 0x0df4 WdNisDrv - ok
17:15:07.0235 0x0df4 WdNisSvc - ok
17:15:07.0282 0x0df4 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:15:07.0360 0x0df4 WebClient - ok
17:15:07.0407 0x0df4 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
17:15:07.0438 0x0df4 Wecsvc - ok
17:15:07.0469 0x0df4 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
17:15:07.0501 0x0df4 WEPHOSTSVC - ok
17:15:07.0532 0x0df4 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
17:15:07.0610 0x0df4 wercplsupport - ok
17:15:07.0657 0x0df4 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
17:15:07.0704 0x0df4 WerSvc - ok
17:15:07.0735 0x0df4 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
17:15:07.0751 0x0df4 WFPLWFS - ok
17:15:07.0766 0x0df4 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
17:15:07.0782 0x0df4 WiaRpc - ok
17:15:07.0829 0x0df4 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
17:15:07.0829 0x0df4 WIMMount - ok
17:15:07.0829 0x0df4 WinDefend - ok
17:15:07.0860 0x0df4 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
17:15:07.0923 0x0df4 WinHttpAutoProxySvc - ok
17:15:08.0032 0x0df4 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:15:08.0126 0x0df4 Winmgmt - ok
17:15:08.0454 0x0df4 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
17:15:08.0579 0x0df4 WinRM - ok
17:15:08.0626 0x0df4 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUSB C:\WINDOWS\System32\drivers\WinUSB.sys
17:15:08.0657 0x0df4 WinUSB - ok
17:15:08.0719 0x0df4 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
17:15:08.0751 0x0df4 WlanSvc - ok
17:15:08.0860 0x0df4 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
17:15:08.0938 0x0df4 wlidsvc - ok
17:15:08.0985 0x0df4 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
17:15:09.0001 0x0df4 WmiAcpi - ok
17:15:09.0032 0x0df4 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
17:15:09.0048 0x0df4 wmiApSrv - ok
17:15:09.0095 0x0df4 WMPNetworkSvc - ok
17:15:09.0157 0x0df4 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
17:15:09.0204 0x0df4 Wof - ok
17:15:09.0407 0x0df4 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
17:15:09.0516 0x0df4 workfolderssvc - ok
17:15:09.0563 0x0df4 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
17:15:09.0579 0x0df4 wpcfltr - ok
17:15:09.0610 0x0df4 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
17:15:09.0673 0x0df4 WPCSvc - ok
17:15:09.0720 0x0df4 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
17:15:09.0798 0x0df4 WPDBusEnum - ok
17:15:09.0845 0x0df4 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
17:15:09.0860 0x0df4 WpdUpFltr - ok
17:15:09.0907 0x0df4 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
17:15:09.0938 0x0df4 ws2ifsl - ok
17:15:09.0970 0x0df4 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
17:15:10.0048 0x0df4 wscsvc - ok
17:15:10.0079 0x0df4 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
17:15:10.0110 0x0df4 WSDPrintDevice - ok
17:15:10.0173 0x0df4 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\System32\drivers\WSDScan.sys
17:15:10.0173 0x0df4 WSDScan - ok
17:15:10.0173 0x0df4 WSearch - ok
17:15:10.0423 0x0df4 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
17:15:10.0610 0x0df4 WSService - ok
17:15:10.0704 0x0df4 [ FFD80DC0CDA145C3376A5076360162C8, 2DA34929DC416164A001B7C711D7CF1046FAE53F8B31697F3EC4AF75C45163E5 ] WtuSystemSupport C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
17:15:10.0720 0x0df4 WtuSystemSupport - ok
17:15:11.0016 0x0df4 [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
17:15:11.0204 0x0df4 wuauserv - ok
17:15:11.0266 0x0df4 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
17:15:11.0329 0x0df4 WudfPf - ok
17:15:11.0376 0x0df4 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
17:15:11.0407 0x0df4 WUDFRd - ok
17:15:11.0423 0x0df4 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\System32\drivers\WUDFRd.sys
17:15:11.0423 0x0df4 WUDFSensorLP - ok
17:15:11.0470 0x0df4 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
17:15:11.0516 0x0df4 wudfsvc - ok
17:15:11.0516 0x0df4 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
17:15:11.0532 0x0df4 WUDFWpdFs - ok
17:15:11.0610 0x0df4 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
17:15:11.0665 0x0df4 WwanSvc - ok
17:15:11.0755 0x0df4 X6va022 - ok
17:15:11.0795 0x0df4 [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22 C:\WINDOWS\System32\drivers\xusb22.sys
17:15:11.0856 0x0df4 xusb22 - ok
17:15:11.0872 0x0df4 ================ Scan global ===============================
17:15:11.0981 0x0df4 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
17:15:12.0056 0x0df4 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
17:15:12.0136 0x0df4 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
17:15:12.0246 0x0df4 [ 5BF02EBEFEDC706318C96E2E60EDCB91, DC866C5BC3A887CAAA7169AB9BB2992F6F877B3EA04B62B4F95B6BD54943155F ] C:\WINDOWS\system32\services.exe
17:15:12.0261 0x0df4 [ Global ] - ok
17:15:12.0261 0x0df4 ================ Scan MBR ==================================
17:15:12.0277 0x0df4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:15:12.0925 0x0df4 \Device\Harddisk0\DR0 - ok
17:15:12.0925 0x0df4 ================ Scan VBR ==================================
17:15:12.0956 0x0df4 [ C96AFCFB2330D15D8C2180472C50375B ] \Device\Harddisk0\DR0\Partition1
17:15:13.0003 0x0df4 \Device\Harddisk0\DR0\Partition1 - ok
17:15:13.0050 0x0df4 [ 9D6CE423195EFAE68F2EF36D0F5EC3BA ] \Device\Harddisk0\DR0\Partition2
17:15:13.0097 0x0df4 \Device\Harddisk0\DR0\Partition2 - ok
17:15:13.0128 0x0df4 [ FFAD4BA8A844DD0E08C3E63F592A565A ] \Device\Harddisk0\DR0\Partition3
17:15:13.0128 0x0df4 \Device\Harddisk0\DR0\Partition3 - ok
17:15:13.0128 0x0df4 [ 40738CD1634DA11F4924808161E6B2EE ] \Device\Harddisk0\DR0\Partition4
17:15:13.0175 0x0df4 \Device\Harddisk0\DR0\Partition4 - ok
17:15:13.0206 0x0df4 [ 1ADDE4CB100D9152BC9477471A549869 ] \Device\Harddisk0\DR0\Partition5
17:15:13.0284 0x0df4 \Device\Harddisk0\DR0\Partition5 - ok
17:15:13.0347 0x0df4 [ 237C94E1D3CEAFB6FAC26BDD1E72F654 ] \Device\Harddisk0\DR0\Partition6
17:15:13.0425 0x0df4 \Device\Harddisk0\DR0\Partition6 - ok
17:15:13.0425 0x0df4 ================ Scan generic autorun ======================
17:15:13.0675 0x0df4 [ 1E2A1B886B7804FE9CC0D6E6F16A70E8, 6056FF391870CAF422E47CB4F16B43C5F4C58EEE29E769242C211C334ECFB104 ] C:\Program Files\Apoint2K\Apoint.exe
17:15:13.0691 0x0df4 Apoint - ok
17:15:13.0753 0x0df4 [ 2FA26C993349B4D2016CBE21A49E5432, 9AD05224E1E2306271D1E2D74B63253F3807D4C60F8B94B661527B311D7E892A ] C:\WINDOWS\system32\igfxtray.exe
17:15:13.0769 0x0df4 IgfxTray - ok
17:15:13.0800 0x0df4 [ A608F8BDF259CB3C323247CC1A533A10, 82126BA52DBF2C97884BAFD5E5A74ABDCA3E092DACB8A4CADFF2851520727E5B ] C:\WINDOWS\system32\hkcmd.exe
17:15:13.0831 0x0df4 HotKeysCmds - ok
17:15:13.0847 0x0df4 [ 47189B3FB35A23FD5A491A79EDBEDA0D, 04986B81A450F65E16A974AA7F2987273887A0F9FFEE2D904D0FC64E8D3CDE22 ] C:\WINDOWS\system32\igfxpers.exe
17:15:13.0878 0x0df4 Persistence - ok
17:15:14.0499 0x0df4 [ B0666DF6D554879AE8A7C91E26A5972F, 81112CFA81E26C388D36F0472A4983728AFE4C4C04910849AF22C191E206CF39 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:15:14.0921 0x0df4 RtHDVCpl - ok
17:15:15.0077 0x0df4 [ 5E53A66C680A06E26B1234CB0C3CD99B, D782E724FF487459704BFA2BC5BA5E6E7E85BC9D71ECF68BE78F9C74449EB207 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:15:15.0124 0x0df4 RtHDVBg_Dolby - ok
17:15:15.0296 0x0df4 [ 1FAD6ACA65366E1AFF10EC6B02F47A84, 2DA16D06F553FC081E374F1699EC240D7FFFDD39D42774F044AE3DE09F2C8619 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
17:15:15.0311 0x0df4 BCSSync - ok
17:15:15.0592 0x0df4 [ 436A83E5555A8449B9BFBE1AAB314654, DE956310B2EF80B43399E63E309E659018879942EBBA5063B9A366C2314E8158 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
17:15:15.0671 0x0df4 NvBackend - ok
17:15:15.0702 0x0df4 [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\WINDOWS\system32\rundll32.exe
17:15:15.0811 0x0df4 ShadowPlay - ok
17:15:16.0077 0x0df4 [ 1539331FFDB2D977BFF14F5737F5063E, 29C6CDEDA01D406BEE2B6E06CC42491A9EA89E45751D92DB4A2E9C017527B44A ] C:\Program Files\Logitech Gaming Software\LCore.exe
17:15:16.0217 0x0df4 Launch LCore - ok
17:15:16.0374 0x0df4 [ 50D1476C84446135A990F4939DC2DC1D, D062F92863E32EC075BD672F3C185CE8C9329F8B679D5508C396131B1DB30EF7 ] C:\Dolby PCEE4\pcee4.exe
17:15:16.0421 0x0df4 Dolby Home Theater v4 - ok
17:15:17.0566 0x0df4 [ 9F22AF691BB098BA98951BC3DFDD779A, E52F319D82A40A3A016C9A3624B940B97FF15C6A26229B69645C279704DDD0C9 ] C:\Program Files (x86)\AVG\AVG2015\avgui.exe
17:15:17.0639 0x0df4 AVG_UI - ok
17:15:17.0712 0x0df4 [ 7F51DBFE58B4DDB465D9FCEF8EA67C51, 18B36EE038EF52CCF4145EA61E8532CCB9D2FCD3D20E42876549122FB78AEA6A ] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
17:15:17.0932 0x0df4 OfficeSyncProcess - ok
17:15:18.0307 0x0df4 [ 9F047EAEC4E5259CFA27A36EE604E9CA, 043ADD1D8AFF8BC84834621FE9C82E8F05370D1D39E71E99B90D271CAD726131 ] C:\Users\Paul\AppData\Roaming\Spotify\SpotifyWebHelper.exe
17:15:18.0401 0x0df4 Spotify Web Helper - ok
17:15:18.0401 0x0df4 Waiting for KSN requests completion. In queue: 167
17:15:19.0417 0x0df4 Waiting for KSN requests completion. In queue: 167
17:15:20.0432 0x0df4 Waiting for KSN requests completion. In queue: 167
17:15:21.0487 0x0df4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
17:15:21.0502 0x0df4 AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5863 ), 0x41000 ( enabled : updated )
17:15:21.0534 0x0df4 Win FW state via NFP2: enabled
17:15:23.0948 0x0df4 ============================================================
17:15:23.0948 0x0df4 Scan finished
17:15:23.0948 0x0df4 ============================================================
17:15:23.0948 0x1a28 Detected object count: 0
17:15:23.0948 0x1a28 Actual detected object count: 0
|
|
02.05.2015, 13:55
| #5 |
| /// the machine /// TB-Ausbilder | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.05.2015, 15:22
| #6 |
| | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela AdwCleaner: Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 02/05/2015 um 15:57:22
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-02.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Paul - PAULS-PC
# Gestarted von : C:\Users\Paul\Desktop\adwcleaner_4.203.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dbpebffoameokfhnaaedmefjncfboino
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v42.0.2311.135
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [5959 Bytes] - [01/05/2015 14:35:42]
AdwCleaner[R1].txt - [1035 Bytes] - [02/05/2015 15:53:01]
AdwCleaner[S0].txt - [5735 Bytes] - [01/05/2015 14:49:25]
AdwCleaner[S1].txt - [957 Bytes] - [02/05/2015 15:57:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1015 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 8.1 x64
Ran by Paul on 02.05.2015 at 16:07:50,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-1002
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-500
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-296916632-418451122-4117134758-1002\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.05.2015 at 16:12:33,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Paul (administrator) on PAULS-PC on 02-05-2015 16:19:37
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available profiles: Paul)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [655256 2012-08-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Run: [Spotify Web Helper] => C:\Users\Paul\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-30] (Spotify Ltd)
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\MountPoints2: {764629b4-9b58-11e3-be73-20689d450d1d} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\MountPoints2: {904d65e9-aa16-11e4-bfaf-20689d450d1d} - "E:\SETUP.EXE"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE [241280 2014-09-17] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-03]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-296916632-418451122-4117134758-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-296916632-418451122-4117134758-1002 -> {A1CE32C2-25BF-4592-AB76-84E43FCB0F85} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-296916632-418451122-4117134758-1002 -> {C5FA9621-F9C8-48F6-AA02-D58224CB1A74} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-09] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-09] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-09] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2014-06-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-296916632-418451122-4117134758-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-296916632-418451122-4117134758-1002: electronicarts.com/GameFacePlugin -> C:\Users\Paul\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-20]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-20]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-12-27]
CHR Extension: (Adblock Plus) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-18]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-20]
CHR Extension: (BetaFish Adblocker) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-20]
CHR Extension: (Bookmark Manager) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-02-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-20]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-27] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-17] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-02-26] ()
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-05-18] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-15] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-02-01] (DT Soft Ltd)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-05-18] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-17] (Dritek System Inc.)
S3 uisp; C:\Windows\System32\Drivers\mtdfu.sys [17936 2014-02-26] (Logitech, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 X6va022; \??\C:\WINDOWS\SysWOW64\Drivers\X6va022 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-02 16:18 - 2015-05-02 16:18 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-1002
2015-05-02 16:12 - 2015-05-02 16:12 - 00001581 _____ () C:\Users\Paul\Desktop\JRT.txt
2015-05-02 16:07 - 2015-05-02 16:07 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-PAULS-PC-Windows-8.1-(64-bit).dat
2015-05-02 16:07 - 2015-05-02 16:07 - 00000000 ____D () C:\RegBackup
2015-05-02 16:06 - 2015-05-02 16:07 - 02716306 _____ (Thisisu) C:\Users\Paul\Desktop\JRT.exe
2015-05-02 16:06 - 2015-05-02 16:06 - 00001095 _____ () C:\Users\Paul\Desktop\AdwCleaner[S1].txt
2015-05-01 16:24 - 2015-05-02 12:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-01 16:24 - 2015-05-01 17:23 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-01 16:24 - 2015-05-01 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-01 16:23 - 2015-05-01 17:22 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-01 16:22 - 2015-05-01 18:34 - 00000000 ____D () C:\Users\Paul\Desktop\mbar
2015-05-01 16:21 - 2015-05-01 16:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Paul\Desktop\mbar-1.09.1.1004.exe
2015-05-01 16:21 - 2015-05-01 16:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Paul\Desktop\tdsskiller.exe
2015-05-01 15:59 - 2015-05-01 16:00 - 00087887 _____ () C:\Users\Paul\Downloads\bluescreenview-x64.zip
2015-05-01 15:59 - 2015-05-01 16:00 - 00001672 _____ () C:\Users\Paul\Downloads\bluescreenview_german.zip
2015-05-01 15:59 - 2015-05-01 16:00 - 00001672 _____ () C:\Users\Paul\Downloads\bluescreenview_german (1).zip
2015-05-01 15:56 - 2015-05-01 15:56 - 638271571 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-01 15:56 - 2015-05-01 15:56 - 00296328 _____ () C:\WINDOWS\Minidump\050115-53015-01.dmp
2015-05-01 15:24 - 2015-05-01 15:24 - 00011718 _____ () C:\Users\Paul\Desktop\Gmer.txt
2015-05-01 15:18 - 2015-05-01 15:18 - 00380416 _____ () C:\Users\Paul\Desktop\g2xl7bim.exe
2015-05-01 15:15 - 2015-05-01 15:15 - 00000540 _____ () C:\Users\Paul\Downloads\defogger_disable.log
2015-05-01 15:15 - 2015-05-01 15:15 - 00000168 _____ () C:\Users\Paul\defogger_reenable
2015-05-01 15:10 - 2015-05-01 15:20 - 00064679 _____ () C:\Users\Paul\Desktop\Addition.txt
2015-05-01 15:08 - 2015-05-02 16:19 - 00021194 _____ () C:\Users\Paul\Desktop\FRST.txt
2015-05-01 14:48 - 2015-05-02 16:19 - 00000000 ____D () C:\FRST
2015-05-01 14:40 - 2015-05-01 14:40 - 02101248 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2015-05-01 14:40 - 2015-05-01 14:40 - 00050477 _____ () C:\Users\Paul\Desktop\Defogger.exe
2015-05-01 14:35 - 2015-05-02 15:57 - 00000000 ____D () C:\AdwCleaner
2015-05-01 14:31 - 2015-05-01 14:35 - 02204160 _____ () C:\Users\Paul\Desktop\adwcleaner_4.203.exe
2015-04-25 16:15 - 2015-04-26 19:08 - 00000324 _____ () C:\Users\Paul\Desktop\Abiball-Songs.txt
2015-04-22 22:07 - 2015-04-22 22:07 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-22 22:06 - 2015-04-22 22:08 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Dropbox
2015-04-22 22:04 - 2015-04-22 22:04 - 00356280 _____ (Dropbox, Inc.) C:\Users\Paul\Downloads\DropboxInstaller.exe
2015-04-20 22:01 - 2015-04-20 22:01 - 01203488 _____ () C:\Users\Paul\Downloads\Vollversion Ashampoo Burning Studio 2015 - CHIP-Installer.exe
2015-04-20 22:01 - 2015-04-20 22:01 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Canneverbe Limited
2015-04-20 21:58 - 2015-04-20 21:58 - 05409016 _____ (Canneverbe Limited ) C:\Users\Paul\Downloads\cdbxp_setup_4.5.4.5306_minimal.exe
2015-04-20 21:58 - 2015-04-20 21:58 - 05409016 _____ (Canneverbe Limited ) C:\Users\Paul\Downloads\cdbxp_setup_4.5.4.5306_minimal (1).exe
2015-04-20 21:20 - 2015-04-20 21:23 - 260635800 _____ (Nero AG) C:\Users\Paul\Downloads\Nero2015_setup-16.0.04000_3p_trial.exe
2015-04-20 21:01 - 2015-04-20 21:02 - 28305301 _____ () C:\Users\Paul\Downloads\PAUL-RAR.rar
2015-04-20 14:19 - 2015-04-20 14:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-19 20:22 - 2015-04-19 20:22 - 00000456 _____ () C:\Users\Paul\Downloads\ddos.zip
2015-04-19 20:22 - 2015-04-19 20:22 - 00000456 _____ () C:\Users\Paul\Desktop\ddos.zip
2015-04-19 18:47 - 2015-04-19 18:47 - 01203488 _____ () C:\Users\Paul\Downloads\HijackThis - CHIP-Installer.exe
2015-04-19 18:36 - 2015-04-19 18:36 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVG
2015-04-19 18:33 - 2015-04-19 18:33 - 00000000 ____D () C:\Users\Paul\AppData\Local\Avg
2015-04-19 18:32 - 2015-04-19 18:37 - 00000000 ____D () C:\ProgramData\AVG
2015-04-19 18:30 - 2015-04-19 18:31 - 113398072 _____ (AVG Technologies) C:\Users\Paul\Downloads\avg_tuh_stf_all_2015_403_24c28.exe
2015-04-19 16:57 - 2015-04-19 16:57 - 00000000 ____D () C:\ProgramData\Max Secure
2015-04-19 15:45 - 2015-04-19 15:45 - 00523720 _____ (Max Secure Software) C:\Users\Paul\Downloads\maxspywaredetectordm.exe
2015-04-19 15:27 - 2015-04-19 15:27 - 03494303 _____ () C:\Users\Paul\Downloads\facebook-paulwinkler982.zip
2015-04-19 14:20 - 2015-04-19 14:21 - 39608031 _____ () C:\Users\Paul\Downloads\PsiKotics Necromancy Mod-16394-0-838.zip
2015-04-18 12:37 - 2015-04-18 12:37 - 00180837 _____ () C:\Users\Paul\Downloads\Stealth Skills Rebalanced_COMPLETE_FULL-28418-1-4.zip
2015-04-18 01:14 - 2015-04-18 01:23 - 194097145 _____ () C:\Users\Paul\Downloads\Pixelmon-1.7.10-3.4.0-universal.jar
2015-04-16 22:19 - 2015-05-01 15:21 - 00007596 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2015-04-15 17:41 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 17:41 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 17:41 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 17:41 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 17:41 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 17:41 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 17:41 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 17:41 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 17:41 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 17:41 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 17:41 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 17:41 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 17:40 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 17:40 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 17:40 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 17:40 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 17:40 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 17:40 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 17:40 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 17:40 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 17:40 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 17:40 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 17:40 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 17:40 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 17:40 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 17:40 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 17:40 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 17:40 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 17:40 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 17:40 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 17:40 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 17:40 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 17:40 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 17:40 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 17:40 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 17:40 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 17:40 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 17:40 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 17:40 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 17:40 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 17:40 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 17:40 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 17:40 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 17:40 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 17:40 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 17:40 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 17:40 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 17:40 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 17:40 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 17:40 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 17:40 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 17:40 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 17:40 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 17:40 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 17:40 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 17:40 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 17:40 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 17:40 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 17:40 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 17:40 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 17:40 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 17:40 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 17:40 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 17:40 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-11 15:41 - 2015-04-11 15:44 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-11 15:41 - 2015-04-11 15:41 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-09 22:10 - 2015-04-09 22:10 - 00025270 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2015-04-06 21:20 - 2015-04-06 21:20 - 00001850 _____ () C:\Users\Paul\Desktop\Spotify.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-02 16:19 - 2014-02-20 17:05 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 16:13 - 2014-02-24 20:10 - 00000000 __RDO () C:\Users\Paul\SkyDrive
2015-05-02 16:13 - 2014-02-24 16:53 - 01968194 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-02 16:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-02 16:02 - 2014-02-20 17:05 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-02 15:59 - 2013-08-22 16:46 - 00399296 _____ () C:\WINDOWS\setupact.log
2015-05-02 15:59 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-02 15:58 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-02 12:29 - 2014-10-19 00:06 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-02 12:29 - 2014-02-20 17:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-02 12:28 - 2014-09-03 23:27 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B36ED933-45B3-4AFF-B675-FDC4DD7CBDDC}
2015-05-02 12:23 - 2013-11-14 00:18 - 00045508 _____ () C:\WINDOWS\PFRO.log
2015-05-01 17:04 - 2014-02-24 16:59 - 00000000 ____D () C:\Users\Paul
2015-05-01 17:01 - 2014-04-18 18:53 - 00000000 ____D () C:\Program Files (x86)\FIFA Manager 14
2015-05-01 16:23 - 2014-02-20 09:25 - 01306624 ___SH () C:\Users\Paul\Desktop\Thumbs.db
2015-05-01 16:12 - 2012-09-03 08:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-01 15:56 - 2014-05-28 23:25 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-01 10:57 - 2014-02-20 17:33 - 00000000 ____D () C:\Users\Paul\AppData\Local\LogMeIn Hamachi
2015-05-01 05:04 - 2014-04-22 14:45 - 00008858 _____ () C:\Users\Paul\Desktop\Neues Textdokument.txt
2015-05-01 03:40 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-30 22:50 - 2014-11-09 19:11 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Spotify
2015-04-30 16:00 - 2014-11-09 19:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\Spotify
2015-04-30 14:03 - 2015-03-31 20:52 - 00000000 ____D () C:\Users\Paul\Desktop\Abi
2015-04-30 13:26 - 2014-02-24 22:25 - 00000000 ____D () C:\Users\Paul\AppData\Local\Deployment
2015-04-21 16:21 - 2014-08-12 19:01 - 00000000 ____D () C:\Users\Paul\Desktop\Musik
2015-04-21 00:09 - 2014-02-20 07:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\VirtualStore
2015-04-20 22:07 - 2014-02-20 17:34 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TS3Client
2015-04-20 21:37 - 2014-08-02 00:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 14:19 - 2013-08-22 16:44 - 00494432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-19 19:18 - 2014-03-08 19:07 - 00000000 ____D () C:\Users\Paul\.thumbnails
2015-04-19 19:18 - 2014-02-20 19:52 - 00000000 ____D () C:\Users\Paul\AppData\Local\Microsoft Help
2015-04-19 19:18 - 2014-02-20 17:33 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2015-04-19 19:18 - 2014-02-20 17:20 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-04-19 19:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-19 19:18 - 2012-09-03 08:49 - 00000000 ____D () C:\ProgramData\Temp
2015-04-19 19:17 - 2014-02-20 16:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-19 19:17 - 2012-09-03 08:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-19 18:35 - 2014-10-19 00:12 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-19 17:16 - 2014-02-20 07:35 - 00000000 ____D () C:\Users\Paul\Downloads\General Setups
2015-04-19 15:11 - 2014-08-09 14:12 - 00000000 ____D () C:\Program Files (x86)\Dead Island Riptide
2015-04-18 16:43 - 2014-02-20 17:18 - 00000000 ____D () C:\ProgramData\Origin
2015-04-18 12:45 - 2015-03-25 16:28 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN
2015-04-18 12:45 - 2014-02-22 00:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\Skyrim
2015-04-18 01:12 - 2014-03-26 15:45 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\.minecraft
2015-04-18 00:55 - 2014-04-19 13:36 - 00000000 ____D () C:\Users\Paul\Documents\FIFA 14
2015-04-17 18:57 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 18:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 16:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 22:54 - 2014-02-20 07:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\Packages
2015-04-15 22:47 - 2014-02-21 17:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 22:43 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-15 22:43 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-15 22:43 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-15 22:40 - 2014-02-21 17:53 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 22:32 - 2014-12-13 19:02 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 22:32 - 2014-07-14 15:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 17:39 - 2014-11-13 22:40 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 22:10 - 2014-02-20 09:24 - 00000000 ____D () C:\Users\Paul\Desktop\Schule
2015-04-14 22:09 - 2015-02-01 15:35 - 00000000 ____D () C:\Users\Paul\Downloads\Cracks
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 12:50 - 2014-02-20 09:10 - 00000000 ____D () C:\Users\Paul\Desktop\Handybilder 10.10.13
2015-04-09 22:10 - 2014-04-19 16:55 - 00000000 ____D () C:\Users\Paul\AppData\Local\gtk-2.0
2015-04-09 22:10 - 2014-03-05 13:24 - 00000000 ____D () C:\Users\Paul\.gimp-2.8
2015-04-07 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-04-06 21:20 - 2014-11-09 19:12 - 00001836 _____ () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-05 21:57 - 2014-03-16 23:52 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2015-04-09 22:10 - 2015-04-09 22:10 - 0025270 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2015-04-16 22:19 - 2015-05-01 15:21 - 0007596 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2012-09-17 08:12 - 2012-09-17 08:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3752hb.dll
C:\Users\Paul\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Paul\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe
C:\Users\Paul\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Paul\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Paul\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-26 13:28
==================== End Of Log ============================
Aktualisierte Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Paul at 2015-05-02 16:20:07
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-296916632-418451122-4117134758-500 - Administrator - Disabled)
Gast (S-1-5-21-296916632-418451122-4117134758-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-296916632-418451122-4117134758-1006 - Limited - Enabled)
Paul (S-1-5-21-296916632-418451122-4117134758-1002 - Administrator - Enabled) => C:\Users\Paul
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{755DDD59-9690-4F1A-BE9C-D39BDCFA77C9}) (Version: 12.1.3.153 - Adobe Systems, Inc)
Advanced Archive Password Recovery (HKLM-x32\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
Advanced Tactical Center™ 1.12 (HKLM-x32\...\ATC_is1) (Version: 1.1.2.0 - Foolish Entertainment)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.110 - Alps Electric)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoHotkey 1.1.18.00 (HKLM\...\AutoHotkey) (Version: 1.1.18.00 - Lexikos)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Brick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version: - Exe Games Inc.)
Brick-Force (HKLM-x32\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 4.4.393.134.20 - Infernum Productions AG)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dead Island Riptide version 5.1 (HKLM-x32\...\{554894C6-A12C-4CE6-8FDC-F1BBEABB69B4}_is1) (Version: 5.1 - Black_Box)
Dead Island version 1.0 (HKLM-x32\...\{3L7IL77L-T4D4-75B1-97C5-18CD6E6334A3}_is1) (Version: 1.0 - Deep Silver)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Druckerdeinstallation für EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FIFA 15 Version 1.4 (HKLM-x32\...\FIFA 15_is1) (Version: 1.4 - RFT)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free FLV Converter V 7.6.2 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.2.0 - Koyote Lab Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lazarus 1.2.6 (HKLM\...\lazarus_is1) (Version: 1.2.6 - Lazarus Team)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office Language Pack 2013 - German/Deutsch (HKLM\...\Office15.OMUI.de-de) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - Tale Worlds)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.7 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlanetSide 2 (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Spotify (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Super Giovanni (HKLM-x32\...\Super Giovanni) (Version: 1.0 - Ubersoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria v1.1.2 (HKLM-x32\...\Terraria_is1) (Version: 1.1.2 - OUTLAWS)
The Elder Scrolls V Skyrim Update 13 (1.9.32.0.8) Deutsche Version 1.9.32.0.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Update 13 (1.9.32.0.8) Deutsche Version 1.9.32.0.8) (Version: 1.9.32.0.8 - .x.X.RIDDICK.X.x.)
Unity Web Player (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
21-04-2015 13:06:58 Geplanter Prüfpunkt
30-04-2015 03:28:52 Geplanter Prüfpunkt
01-05-2015 16:06:21 Removed MyWinLocker Suite
01-05-2015 17:01:26 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {030330C3-3EDB-44FC-B419-955FBD692A39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0B96D948-D337-4AA5-BE6B-7005AD8AEDD1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0E79F8C1-5361-46ED-B5CC-2CB2F1515D4F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {12FD1413-6A2E-4D7D-914B-24B4EFDD6046} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {446DCAE7-347F-458F-83BC-0112B0E51013} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {4787D71A-FB12-485A-8202-4D70640ABB3E} - \Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-500 No Task File <==== ATTENTION
Task: {4ABE9688-8EB1-4BF0-B6C2-B794879D0FB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {4CCA8A6C-CFAA-4B21-A0DF-ADD9E15960E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4F2B23CC-1FE7-480A-94AF-ACFB74F08469} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {501D3939-702C-49C6-A4A0-21B6C4F8BA6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {7F32F1DC-AF40-4FDA-9BAE-F8E32480CA05} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {7F3747FF-4F3F-43E1-8966-0F972453AD6C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {86A391D6-5267-4462-9F8B-A54E12F23D42} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {A7344468-3B3F-4A1E-A62B-70EBD9143DD3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A9B212E7-8BE4-4321-9E27-063B231CA556} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {AD5FA22B-30EB-49B9-BC26-5BAE9B3BB3B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B75AE49F-3F94-45E5-9D3B-D12B4A24E397} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {D1494A22-1D3A-42D6-A2DE-F5B64C6C1965} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DB945601-EE8E-4E39-A1C4-3715685B94B4} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F264E1AE-6010-4540-9DBB-BAC6CC690260} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-07-26 02:03 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-20 16:26 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-11-28 16:29 - 2014-11-28 16:34 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-11-07 00:15 - 2014-11-07 00:15 - 01685528 ____N () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-30 12:59 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 12:59 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2014-07-26 02:03 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Paul\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-296916632-418451122-4117134758-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\Pictures\Eigene Bilder\Mein Mädchen\IMG-20141213-WA0018.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "SDAutoScan"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{756CE59E-9A43-48FA-AB7F-A0E3B9D14DCC}C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [TCP Query User{BB49FC14-4F40-4B9E-8E4E-F6755E8A1066}C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [{508BA9C6-2375-47F5-9501-9268747EC0F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7F4950C4-34CF-49EB-A732-B11FAB47897F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{300F8774-F3C2-41F8-9794-60C74B8C5EDC}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{7FC02153-8974-469A-AA8D-F14B68AAB776}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{5304E76E-BBBE-4879-A4C3-BBE589DFC72C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{4F2E2E31-F34E-4383-826C-1C5C913B5D9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E1046C63-2EFB-4297-A5E2-E505D7BC6D55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{73E61590-D820-4F2D-9CB6-75B2851AFF3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{5B9DB2A9-81CB-491E-B36F-2FBA0FD0F379}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{928ACCB2-DA56-4C5D-86E8-4475A8888232}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C243B3EA-D51F-4FA4-8232-2DE607AD736E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{8F3423E6-57A0-4045-9C04-FA6D1F9FC1FC}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{444DEC8C-7C4E-4CF0-A3DB-6BF150292B9D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B3BB87F8-007F-427D-ABB8-8FEBC5E811F3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{25091AD1-E28F-4044-908B-BC39BE201588}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{72447E57-FE50-4556-AF7E-F7A7B5471848}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{AAA490EE-23B4-449B-9509-DBA25D7BB113}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{6470B133-D48B-489E-9B74-72B0E70E3EB6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{C861590C-DDCF-4942-9B6B-565C84405778}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{FEB2A201-A0C2-4399-85C3-CC6B11E75BC7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{FAB8348D-97B4-408E-BD8F-84D10545F8A5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{C44F4001-5117-4E3F-972D-06FD998E2275}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{554A9B34-A045-4F77-8BBF-31B886DF4369}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{22CD2F9A-7FF3-4EDC-9339-DCDB0B172F41}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{97270DF8-DB4F-4C56-BEE6-2F8683CED7B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{856199E8-8DA5-45C4-8729-F7DA1EBA8FF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E37D21BE-B38B-4EB0-BF24-D90BD316095A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5D0CD5B4-AD4E-498C-AA93-BD51C191E9F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FC171C8B-D47D-4A63-9923-CBFC8A30F788}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A301CB0F-C4FB-4643-AAC0-181993CB76F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{502A0072-7AE0-44C6-812A-6144B91C9A99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{ED6ABC67-1715-4737-9167-2A83CC14FA3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{89599D6F-4258-4836-99F5-58D4079A4337}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{715AC500-1E4D-4F30-BBD9-85EB7EFFE0CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{3CE6D93D-0E2F-48A5-9D67-0AD59E7C1F83}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{ABB78719-9CB4-4E40-AE8F-A13F87889ED4}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [{23E0B24D-F533-47D9-B1E4-A0E3024A31B2}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{9D7181A0-E3A8-47A9-B2A1-F8C01F497625}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{BD0A7ED8-80AB-4A34-80D1-0D0638083359}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{8A59F550-D577-4685-890A-04C6FCC6755E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{746B9F7C-D1D7-498D-96D7-6BD878FC477F}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{ABC0F3EF-9B8C-4602-B2F7-1E2764E22868}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{FD23C676-731A-4693-ADE2-F26EF4F86D6C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{1774DC5A-E282-4F13-957C-578C6AB1FE99}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{680AFC4F-7EEE-4F01-97C3-3C331619C97B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{8ADBE6A0-BB21-472C-81B6-6000F201428B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{2C9C0B76-8E2F-453E-9D2E-BA6C5F2D08E2}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{D73661A4-CBBD-4341-BB6C-FB9B8CDBCF2C}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{6EE357FD-EAFC-4CCB-A598-D12713256916}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{E668C4CB-7CC7-4150-A7E7-E7AE3D48416F}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{AF42CCFB-D56F-4624-A692-47A1C4072A6F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [{D5994576-025A-43C5-AFAB-C4C4AA102CBB}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [TCP Query User{200ABC95-81E5-438C-8945-8A0B1B778B3B}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{14578907-09A0-41B9-A3E9-1BAF2C12ED3A}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{ABEE6659-5854-4913-A367-8ACC1C5A5339}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E66B0F9F-911A-474C-A2A2-BAE80FCE177D}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [{51E43A8F-5774-45D0-84AB-7625E0A5950A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{6808E2E2-B541-4095-83B6-0B232AD99D12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{3F6F09B7-F83A-4ECB-AA8D-47BBC0C30828}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{92B1D263-D27D-4E10-9E0A-4F6A223D668A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{313262E4-8958-4760-AC31-7D935D339055}C:\program files (x86)\dead island\deadislandgame.exe] => (Block) C:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{37FEBEE5-4265-42CE-BBF8-60608EE2BAEB}C:\program files (x86)\dead island\deadislandgame.exe] => (Block) C:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [TCP Query User{F1F9C3BE-765C-4BFC-9BC3-43422931BFED}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [UDP Query User{5EB6E980-7DD1-4603-B86B-F9D768373122}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [{BEA0F4E8-2522-4460-9E77-BF459D9A8CB5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB40E79F-6372-4A65-9808-51479C814B3E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F90F83DB-73E4-45D1-8016-52935031A5E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2584AF26-76B3-41A4-BEDC-B4B0F7D3F2E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{3B0F064F-1F42-47D6-A54B-C08D7C21D277}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe] => (Allow) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [UDP Query User{900AA6EE-24BA-4044-8593-BDD9BDD73205}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe] => (Allow) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [{49EBA24D-7DF2-4146-A783-D2AAD423281D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{4FC991DF-062A-4697-9968-BDF21647CFF5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{F322A37A-BE8F-4AE2-AC3B-84107AF0530C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{6D339B46-5AEC-4C0A-BA7C-BF98C4B95F13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{31A7DF62-6A3C-4DF4-B1F4-82C42C3F1B03}] => (Allow) C:\Program Files (x86)\Brick-Force\BfLauncher.exe
FirewallRules: [{4EEA6EFF-3D62-45EF-9A71-339C6B6F8734}] => (Allow) C:\Program Files (x86)\Brick-Force\BrickForce.exe
FirewallRules: [{D763C0A5-400E-4662-A8E1-5E56EB57851F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BB740A96-6E03-4663-A09B-3D4EA2518B84}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F09BCF57-3C68-40D7-94D6-67B7EB753757}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BD420D41-5FED-43D2-84A6-4FE90EAD3E4B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40FEC6E0-9C26-4275-A47B-B01AF54D5368}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{9472EF62-34D3-4824-8382-56EB8E647DB9}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{18F86F92-B0AF-4415-967E-C64739A920B0}] => (Allow) C:\Program Files (x86)\ FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{36A5A491-820B-4D38-80D5-2E604ACE411D}] => (Allow) C:\Program Files (x86)\ FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{5FC2D2FC-F78C-4932-AD4D-F285AEFF59BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{42B4E4AE-52DF-4F6E-A5DA-7AFD73141228}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{40423292-35E2-4EEF-A2A8-AA4789BC713B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{81EE2B57-40C9-4B6E-B9A3-82A20D499679}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{570C0211-5653-47B9-A273-9E40F254CEC1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2BC41C10-9E14-4B66-B165-A7662B060220}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E39AD9E1-2BAA-46B3-AA0F-BD9858B2E120}] => (Allow) C:\Program Files\Microsoft Office\Office15\outlook.exe
FirewallRules: [{3CCF7722-5875-4EEE-9957-9BCF4D8DCD9B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{DC8B2B96-1DD9-4A1A-ADB6-FFCFE7ADA01E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{4AD39694-4DE9-4E6E-8B9A-93C0BE9D5D34}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{55A99009-DF01-459C-9A56-69FE139C9C87}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{53221FC6-43CD-436F-A6D1-9E722EC59F76}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{BC710396-5C03-4B49-9A5C-E9AD9608223B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{61F1EF1F-4FAE-4C47-BE34-6D47A89EEF66}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCDE97E8-3092-49B5-A6C5-A164A4632905}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{31B9270D-12CB-48A6-B8B0-02CC98C81B82}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{250C15D5-E235-48EE-890B-B84FD3359DA5}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DCD666AF-AE4C-428B-948E-483846F4AB5B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E821BC73-528B-4C2E-B922-0A706B81DC0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{338CD94C-66F4-4A6F-9535-400B80D4037A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/01/2015 05:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 2.1.214.0, Zeitstempel: 0x53809acd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x17fc
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
Error: (05/01/2015 05:01:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary mwlPSDVDisk.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (05/01/2015 05:01:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary mwlPSDNServ.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (04/30/2015 00:49:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e58
Startzeit: 01d083329035f026
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: 854bfe0b-ef26-11e4-801b-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (04/30/2015 00:49:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1648
Startzeit: 01d08332902ab585
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 8420d4bf-ef26-11e4-801b-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (04/30/2015 00:39:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13fc
Startzeit: 01d0833123b024cc
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 1b6e7d6e-ef25-11e4-801b-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (04/30/2015 05:02:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 2.1.214.0, Zeitstempel: 0x53809acd
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x117c
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
Error: (04/30/2015 02:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00b522e3
ID des fehlerhaften Prozesses: 0x1d78
Startzeit der fehlerhaften Anwendung: 0xTESV.exe0
Pfad der fehlerhaften Anwendung: TESV.exe1
Pfad des fehlerhaften Moduls: TESV.exe2
Berichtskennung: TESV.exe3
Vollständiger Name des fehlerhaften Pakets: TESV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TESV.exe5
Error: (04/30/2015 00:43:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00b53759
ID des fehlerhaften Prozesses: 0x143c
Startzeit der fehlerhaften Anwendung: 0xTESV.exe0
Pfad der fehlerhaften Anwendung: TESV.exe1
Pfad des fehlerhaften Moduls: TESV.exe2
Berichtskennung: TESV.exe3
Vollständiger Name des fehlerhaften Pakets: TESV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TESV.exe5
Error: (04/30/2015 00:32:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel: 0x51437ce5
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00b522e3
ID des fehlerhaften Prozesses: 0x1be8
Startzeit der fehlerhaften Anwendung: 0xTESV.exe0
Pfad der fehlerhaften Anwendung: TESV.exe1
Pfad des fehlerhaften Moduls: TESV.exe2
Berichtskennung: TESV.exe3
Vollständiger Name des fehlerhaften Pakets: TESV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TESV.exe5
System errors:
=============
Error: (05/02/2015 04:08:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2015 04:08:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/02/2015 04:08:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2015 04:08:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IconMan_R" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/02/2015 04:08:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dritek RF Button Command Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/02/2015 04:08:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2015 04:08:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2015 04:08:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2015 04:08:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NTI IScheduleSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2015 04:08:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (05/01/2015 05:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe2.1.214.053809acdKERNELBASE.dll6.3.9600.17736550f4336c000014200000000000ec18017fc01d084202ebf487eC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll6c9de66a-f013-11e4-801e-20689d450d1d
Error: (05/01/2015 05:01:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary mwlPSDVDisk.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (05/01/2015 05:01:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary mwlPSDNServ.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (04/30/2015 00:49:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415e5801d083329035f0264294967295C:\WINDOWS\syswow64\wwahost.exe854bfe0b-ef26-11e4-801b-20689d450d1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (04/30/2015 00:49:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689164801d08332902ab5854294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe8420d4bf-ef26-11e4-801b-20689d450d1dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (04/30/2015 00:39:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068913fc01d0833123b024cc4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe1b6e7d6e-ef25-11e4-801b-20689d450d1dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (04/30/2015 05:02:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe2.1.214.053809acdKERNELBASE.dll6.3.9600.17736550f4336c000014200000000000ec180117c01d082f220f3cdceC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll5ec41e75-eee5-11e4-801a-20689d450d1d
Error: (04/30/2015 02:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TESV.exe1.9.32.051437ce5TESV.exe1.9.32.051437ce5c000041700b522e31d7801d082cde79ed451C:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exeC:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exeb8a16f3e-eed1-11e4-801a-20689d450d1d
Error: (04/30/2015 00:43:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TESV.exe1.9.32.051437ce5TESV.exe1.9.32.051437ce5c000041700b53759143c01d082cdbf78831eC:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exeC:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exe1bd4b1c5-eec1-11e4-801a-20689d450d1d
Error: (04/30/2015 00:32:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TESV.exe1.9.32.051437ce5TESV.exe1.9.32.051437ce5c000041700b522e31be801d082b53ab51614C:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exeC:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN\TESV.exe90d4cd75-eebf-11e4-801a-20689d450d1d
CodeIntegrity Errors:
===================================
Date: 2014-10-17 17:32:48.668
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-12 15:10:11.273
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 23:00:13.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-08 18:29:35.406
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-07 21:05:27.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-07 20:38:18.654
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-05 13:33:04.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-27 16:17:02.982
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-21 21:28:12.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-21 21:28:11.934
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 8074.27 MB
Available physical RAM: 6086.27 MB
Total Pagefile: 16266.27 MB
Available Pagefile: 14129.78 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:680.48 GB) (Free:150.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: DB699A5A)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
03.05.2015, 12:28
| #7 |
| /// the machine /// TB-Ausbilder | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus VenezuelaESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.05.2015, 13:54
| #8 |
| | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela Hallo, ich habe seit dem Rootkid-Scan von Kaspersky definitiv weniger Pingjumps, teilweise tritt nur stündlich einer auf, was auch am Internetzugang meiner Familie liegen kann. Wollte allerdings nicht voreilig etwas dazu schreiben, für den Fall dass sich der Zustand wieder "entnormalisiert" (; habe die Programme durchlaufen lassen, dabei hat ESET 34 Viren entdeckt! Laut Anleitung sollte ich die aber nicht gleich löschen, sondern überspringen und das Programm danach deinstallieren? Ist das korrekt? Hier dennoch die Logs: ESET Code:
ATTFilter SETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2cb74d3d50087448a4f47a5aa3fa60a6
# engine=23669
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-03 09:27:25
# local_time=2015-05-03 11:27:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 217667 117822429 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4599870 20460087 0 0
# scanned=810638
# found=34
# cleaned=0
# scan_time=34258
sh=9A167E0054AFB0E0F33A4CFA59D828E50F3BB05C ft=1 fh=3b02e1c37ba38a3f vn="Variante von Win32/Toolbar.Widgi.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir"
sh=106E1261CC5B1FA6F7006910A3CDC10ACAE52E6D ft=1 fh=ef62475443475fff vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free FLV Converter\Helper.dll"
sh=9A855B28640DFBD9A51B8EC2DEFE09E2AECD8666 ft=1 fh=8c844ec34dbd7389 vn="Variante von Win32/KoyoteLab.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free FLV Converter\Uninstall.exe"
sh=01AACBF6700E6E6EC8DBDDBF39501350CAB47665 ft=1 fh=b8dd21187265c149 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\HijackThis - CHIP-Installer.exe"
sh=2FB7973F2508D8E8914D77FE5E951A479AF69CE0 ft=1 fh=10ee2d55f991196b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\Vollversion Ashampoo Burning Studio 2015 - CHIP-Installer.exe"
sh=AD443D3208934BC93168DD92D9FF2EA12E181D66 ft=1 fh=373d3eb8c1a3ef60 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\All in One Runtimes - CHIP-Installer.exe"
sh=DD7A4F8FA218F9FF97C8D35C43776B6F189E3C8E ft=1 fh=9828515360fdd5df vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\BlueStacks App Player - CHIP-Installer.exe"
sh=F43A66F5AC79276A3E27467D5DD100DDCFA61891 ft=1 fh=80399c2706f2ad8c vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\FFSetup3.0.1.exe"
sh=0F99E8125C8EAFD6FA359D750205A7A7FE919CC1 ft=1 fh=0eed903587af6854 vn="Variante von Win32/KoyoteLab.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\FreeFLVConverterSetup_7.6.1.exe"
sh=7F0A0674E9522BFCF7CBA33DED49AAEBAF36F614 ft=1 fh=2f70aa409cdbff5b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\HSS-2.90.exe"
sh=B2BE073912E20406EC0BEEA8BEAF4C918D004264 ft=1 fh=5a3e249a6fedd190 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\iLividSetupV1 (1).exe"
sh=B2BE073912E20406EC0BEEA8BEAF4C918D004264 ft=1 fh=5a3e249a6fedd190 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\iLividSetupV1.exe"
sh=04BBE4DB2722AB22CD80D60378EB4F6770732070 ft=1 fh=f8f2e7415ffe27f2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\Paint NET - CHIP-Installer.exe"
sh=5722577C8EB6C1E9BABA1F4154EE880076F2EB0E ft=1 fh=ca0b5e29ec48c154 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\YTDSetup.exe"
sh=8B45D98B3D2AD42ACD832B4C4EC83D9E51CECDBE ft=1 fh=c47817d02d04bbc3 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Paul\Downloads\General Setups\YTDSetup36.exe"
sh=024204281571F6CC076DD6B8B80E1673A720ABC7 ft=1 fh=a9babc7463a11b90 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="H:\Dateisicherung 2\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=D6CFE89E51D1CF5C0043E538BC26C4477CE3EF3E ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe"
sh=98748962ABC9F35FAD05DDE12A1A732F89B8CC8A ft=1 fh=09f83793f4c0466f vn="Win32/Mobogenie.B evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\AppData\Local\Temp\setupA9_.exe"
sh=5BA0D483EB8648BD26095C74B6A7528FE4862607 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\AppData\Roaming\Mozilla\Firefox\Profiles\ok86h4be.default\extensions\{345422e3-72fa-447a-9550-97803edfacf3}.xpi"
sh=7BF9FFEA5F316FB46BAFFD7DCCE6DBB08BFCAB4F ft=1 fh=c87b68bc21a5e6b6 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\Downloads\General Setups\coretemp_rc3_1236.exe"
sh=F43A66F5AC79276A3E27467D5DD100DDCFA61891 ft=1 fh=80399c2706f2ad8c vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\Downloads\General Setups\FFSetup3.0.1.exe"
sh=7F0A0674E9522BFCF7CBA33DED49AAEBAF36F614 ft=1 fh=2f70aa409cdbff5b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\Downloads\General Setups\HSS-2.90.exe"
sh=B2BE073912E20406EC0BEEA8BEAF4C918D004264 ft=1 fh=5a3e249a6fedd190 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\Downloads\General Setups\iLividSetupV1 (1).exe"
sh=B2BE073912E20406EC0BEEA8BEAF4C918D004264 ft=1 fh=5a3e249a6fedd190 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\Downloads\General Setups\iLividSetupV1.exe"
sh=BF4180680C951423A57537412363492EEDB8D4E6 ft=1 fh=77a67212be41c6dd vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\Downloads\General Setups\SoftonicDownloader_for_ap-tuner.exe"
sh=9673C7F8C9BF2D7416756F0922F2E6FFEB05499B ft=1 fh=1a6ab527bb2003e5 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\Downloads\General Setups\SoftonicDownloader_for_latency-optimizer.exe"
sh=8B45D98B3D2AD42ACD832B4C4EC83D9E51CECDBE ft=1 fh=c47817d02d04bbc3 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\Downloads\General Setups\YTDSetup36.exe"
sh=F64E233F85E294ED3D622EDD73429244DB0B0255 ft=1 fh=12c6d72efd160e1f vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\ProgramData\InstallMate\{4504474F-89BB-44DF-A634-C1999EE765B9}\Custom.dll"
sh=A4DD1A7CFF3EA0DC8477067D5C46F80D6929CD6A ft=1 fh=e0f0aa0d305d3c4a vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="H:\Dateisicherung 2\ProgramData\InstallMate\{F2AA0F1E-DA9F-46C9-A422-92BD29492DE8}\Custom.dll"
Code:
ATTFilter Results of screen317's Security Check version 1.001
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
AVG AntiVirus Free Edition 2015
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG Web TuneUp
Java 7 Update 45
Java 8 Update 25
Java version 32-bit out of Date!
Google Chrome (42.0.2311.135)
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Paul (administrator) on PAULS-PC on 04-05-2015 14:46:54
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available profiles: Paul)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Spotify Ltd) C:\Users\Paul\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [655256 2012-08-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Run: [Spotify Web Helper] => C:\Users\Paul\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-30] (Spotify Ltd)
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\MountPoints2: {764629b4-9b58-11e3-be73-20689d450d1d} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\MountPoints2: {904d65e9-aa16-11e4-bfaf-20689d450d1d} - "E:\SETUP.EXE"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE [241280 2014-09-17] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-03]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-296916632-418451122-4117134758-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-296916632-418451122-4117134758-1002 -> {A1CE32C2-25BF-4592-AB76-84E43FCB0F85} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-296916632-418451122-4117134758-1002 -> {C5FA9621-F9C8-48F6-AA02-D58224CB1A74} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-09] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-09] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-09] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2014-06-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-296916632-418451122-4117134758-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-296916632-418451122-4117134758-1002: electronicarts.com/GameFacePlugin -> C:\Users\Paul\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-20]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-20]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-12-27]
CHR Extension: (Adblock Plus) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-18]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-20]
CHR Extension: (BetaFish Adblocker) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-20]
CHR Extension: (Bookmark Manager) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-02-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-20]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-27] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-17] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-02-26] ()
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-05-18] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-15] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-02-01] (DT Soft Ltd)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-05-18] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-17] (Dritek System Inc.)
S3 uisp; C:\Windows\System32\Drivers\mtdfu.sys [17936 2014-02-26] (Logitech, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 X6va022; \??\C:\WINDOWS\SysWOW64\Drivers\X6va022 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-04 14:46 - 2015-05-04 14:46 - 00000804 _____ () C:\Users\Paul\Desktop\checkup.txt
2015-05-04 14:44 - 2015-05-04 14:44 - 00852630 _____ () C:\Users\Paul\Desktop\SecurityCheck.exe
2015-05-04 01:09 - 2015-05-04 01:09 - 00183296 _____ (Donkey Crew) C:\Users\Paul\Downloads\cRPGLauncher.exe
2015-05-03 13:47 - 2015-05-03 13:48 - 02347384 _____ (ESET) C:\Users\Paul\Desktop\esetsmartinstaller_deu.exe
2015-05-02 16:18 - 2015-05-04 14:31 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-1002
2015-05-02 16:12 - 2015-05-02 16:12 - 00001581 _____ () C:\Users\Paul\Desktop\JRT.txt
2015-05-02 16:07 - 2015-05-02 16:07 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-PAULS-PC-Windows-8.1-(64-bit).dat
2015-05-02 16:07 - 2015-05-02 16:07 - 00000000 ____D () C:\RegBackup
2015-05-02 16:06 - 2015-05-02 16:07 - 02716306 _____ (Thisisu) C:\Users\Paul\Desktop\JRT.exe
2015-05-02 16:06 - 2015-05-02 16:06 - 00001095 _____ () C:\Users\Paul\Desktop\AdwCleaner[S1].txt
2015-05-01 16:24 - 2015-05-02 12:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-01 16:24 - 2015-05-01 17:23 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-01 16:24 - 2015-05-01 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-01 16:23 - 2015-05-01 17:22 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-01 16:22 - 2015-05-01 18:34 - 00000000 ____D () C:\Users\Paul\Desktop\mbar
2015-05-01 16:21 - 2015-05-01 16:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Paul\Desktop\mbar-1.09.1.1004.exe
2015-05-01 16:21 - 2015-05-01 16:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Paul\Desktop\tdsskiller.exe
2015-05-01 15:59 - 2015-05-01 16:00 - 00087887 _____ () C:\Users\Paul\Downloads\bluescreenview-x64.zip
2015-05-01 15:59 - 2015-05-01 16:00 - 00001672 _____ () C:\Users\Paul\Downloads\bluescreenview_german.zip
2015-05-01 15:59 - 2015-05-01 16:00 - 00001672 _____ () C:\Users\Paul\Downloads\bluescreenview_german (1).zip
2015-05-01 15:56 - 2015-05-01 15:56 - 638271571 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-01 15:56 - 2015-05-01 15:56 - 00296328 _____ () C:\WINDOWS\Minidump\050115-53015-01.dmp
2015-05-01 15:24 - 2015-05-01 15:24 - 00011718 _____ () C:\Users\Paul\Desktop\Gmer.txt
2015-05-01 15:18 - 2015-05-01 15:18 - 00380416 _____ () C:\Users\Paul\Desktop\g2xl7bim.exe
2015-05-01 15:15 - 2015-05-01 15:15 - 00000540 _____ () C:\Users\Paul\Downloads\defogger_disable.log
2015-05-01 15:15 - 2015-05-01 15:15 - 00000168 _____ () C:\Users\Paul\defogger_reenable
2015-05-01 15:10 - 2015-05-02 16:20 - 00059648 _____ () C:\Users\Paul\Desktop\Addition.txt
2015-05-01 15:08 - 2015-05-04 14:47 - 00023344 _____ () C:\Users\Paul\Desktop\FRST.txt
2015-05-01 14:48 - 2015-05-04 14:46 - 00000000 ____D () C:\FRST
2015-05-01 14:40 - 2015-05-01 14:40 - 02101248 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2015-05-01 14:40 - 2015-05-01 14:40 - 00050477 _____ () C:\Users\Paul\Desktop\Defogger.exe
2015-05-01 14:35 - 2015-05-02 15:57 - 00000000 ____D () C:\AdwCleaner
2015-05-01 14:31 - 2015-05-01 14:35 - 02204160 _____ () C:\Users\Paul\Desktop\adwcleaner_4.203.exe
2015-04-25 16:15 - 2015-04-26 19:08 - 00000324 _____ () C:\Users\Paul\Desktop\Abiball-Songs.txt
2015-04-22 22:07 - 2015-04-22 22:07 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-22 22:06 - 2015-04-22 22:08 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Dropbox
2015-04-22 22:04 - 2015-04-22 22:04 - 00356280 _____ (Dropbox, Inc.) C:\Users\Paul\Downloads\DropboxInstaller.exe
2015-04-20 22:01 - 2015-04-20 22:01 - 01203488 _____ () C:\Users\Paul\Downloads\Vollversion Ashampoo Burning Studio 2015 - CHIP-Installer.exe
2015-04-20 22:01 - 2015-04-20 22:01 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Canneverbe Limited
2015-04-20 21:58 - 2015-04-20 21:58 - 05409016 _____ (Canneverbe Limited ) C:\Users\Paul\Downloads\cdbxp_setup_4.5.4.5306_minimal.exe
2015-04-20 21:58 - 2015-04-20 21:58 - 05409016 _____ (Canneverbe Limited ) C:\Users\Paul\Downloads\cdbxp_setup_4.5.4.5306_minimal (1).exe
2015-04-20 21:20 - 2015-04-20 21:23 - 260635800 _____ (Nero AG) C:\Users\Paul\Downloads\Nero2015_setup-16.0.04000_3p_trial.exe
2015-04-20 21:01 - 2015-04-20 21:02 - 28305301 _____ () C:\Users\Paul\Downloads\PAUL-RAR.rar
2015-04-20 14:19 - 2015-04-20 14:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-19 20:22 - 2015-04-19 20:22 - 00000456 _____ () C:\Users\Paul\Downloads\ddos.zip
2015-04-19 20:22 - 2015-04-19 20:22 - 00000456 _____ () C:\Users\Paul\Desktop\ddos.zip
2015-04-19 18:47 - 2015-04-19 18:47 - 01203488 _____ () C:\Users\Paul\Downloads\HijackThis - CHIP-Installer.exe
2015-04-19 18:36 - 2015-04-19 18:36 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVG
2015-04-19 18:33 - 2015-04-19 18:33 - 00000000 ____D () C:\Users\Paul\AppData\Local\Avg
2015-04-19 18:32 - 2015-04-19 18:37 - 00000000 ____D () C:\ProgramData\AVG
2015-04-19 18:30 - 2015-04-19 18:31 - 113398072 _____ (AVG Technologies) C:\Users\Paul\Downloads\avg_tuh_stf_all_2015_403_24c28.exe
2015-04-19 16:57 - 2015-04-19 16:57 - 00000000 ____D () C:\ProgramData\Max Secure
2015-04-19 15:45 - 2015-04-19 15:45 - 00523720 _____ (Max Secure Software) C:\Users\Paul\Downloads\maxspywaredetectordm.exe
2015-04-19 15:27 - 2015-04-19 15:27 - 03494303 _____ () C:\Users\Paul\Downloads\facebook-paulwinkler982.zip
2015-04-19 14:20 - 2015-04-19 14:21 - 39608031 _____ () C:\Users\Paul\Downloads\PsiKotics Necromancy Mod-16394-0-838.zip
2015-04-18 12:37 - 2015-04-18 12:37 - 00180837 _____ () C:\Users\Paul\Downloads\Stealth Skills Rebalanced_COMPLETE_FULL-28418-1-4.zip
2015-04-18 01:14 - 2015-04-18 01:23 - 194097145 _____ () C:\Users\Paul\Downloads\Pixelmon-1.7.10-3.4.0-universal.jar
2015-04-16 22:19 - 2015-05-01 15:21 - 00007596 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2015-04-15 17:41 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 17:41 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 17:41 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 17:41 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 17:41 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 17:41 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 17:41 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 17:41 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 17:41 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 17:41 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 17:41 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 17:41 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 17:40 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 17:40 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 17:40 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 17:40 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 17:40 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 17:40 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 17:40 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 17:40 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 17:40 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 17:40 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 17:40 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 17:40 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 17:40 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 17:40 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 17:40 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 17:40 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 17:40 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 17:40 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 17:40 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 17:40 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 17:40 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 17:40 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 17:40 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 17:40 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 17:40 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 17:40 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 17:40 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 17:40 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 17:40 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 17:40 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 17:40 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 17:40 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 17:40 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 17:40 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 17:40 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 17:40 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 17:40 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 17:40 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 17:40 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 17:40 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 17:40 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 17:40 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 17:40 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 17:40 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 17:40 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 17:40 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 17:40 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 17:40 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 17:40 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 17:40 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 17:40 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 17:40 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 17:40 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-11 15:41 - 2015-04-11 15:44 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-11 15:41 - 2015-04-11 15:41 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-09 22:10 - 2015-04-09 22:10 - 00025270 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2015-04-06 21:20 - 2015-04-06 21:20 - 00001850 _____ () C:\Users\Paul\Desktop\Spotify.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-04 14:44 - 2014-02-24 16:53 - 01201346 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-04 14:36 - 2014-02-24 22:25 - 00000000 ____D () C:\Users\Paul\AppData\Local\Deployment
2015-05-04 14:36 - 2014-02-20 07:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\Packages
2015-05-04 14:26 - 2014-09-03 23:27 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B36ED933-45B3-4AFF-B675-FDC4DD7CBDDC}
2015-05-04 14:25 - 2014-10-19 00:06 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-04 14:21 - 2014-02-20 17:05 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 14:20 - 2014-02-24 20:10 - 00000000 __RDO () C:\Users\Paul\SkyDrive
2015-05-04 14:20 - 2013-08-22 16:46 - 00400220 _____ () C:\WINDOWS\setupact.log
2015-05-04 14:20 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-04 04:41 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-04 04:40 - 2014-02-20 17:18 - 00000000 ____D () C:\ProgramData\Origin
2015-05-04 04:19 - 2014-02-20 17:05 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-04 04:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-04 02:07 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-04 02:07 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-04 02:07 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-04 01:07 - 2014-02-20 17:24 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-05-03 23:11 - 2014-02-20 17:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-03 22:58 - 2014-11-09 19:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\Spotify
2015-05-03 22:40 - 2014-11-09 19:11 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Spotify
2015-05-02 21:35 - 2014-02-20 17:34 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TS3Client
2015-05-02 19:48 - 2015-03-31 20:52 - 00000000 ____D () C:\Users\Paul\Desktop\Abi
2015-05-02 16:58 - 2014-02-20 09:25 - 01434112 ___SH () C:\Users\Paul\Desktop\Thumbs.db
2015-05-02 16:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-02 12:23 - 2013-11-14 00:18 - 00045508 _____ () C:\WINDOWS\PFRO.log
2015-05-01 17:04 - 2014-02-24 16:59 - 00000000 ____D () C:\Users\Paul
2015-05-01 17:01 - 2014-04-18 18:53 - 00000000 ____D () C:\Program Files (x86)\FIFA Manager 14
2015-05-01 16:12 - 2012-09-03 08:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-01 15:56 - 2014-05-28 23:25 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-01 10:57 - 2014-02-20 17:33 - 00000000 ____D () C:\Users\Paul\AppData\Local\LogMeIn Hamachi
2015-05-01 05:04 - 2014-04-22 14:45 - 00008858 _____ () C:\Users\Paul\Desktop\Neues Textdokument.txt
2015-05-01 03:40 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-21 16:21 - 2014-08-12 19:01 - 00000000 ____D () C:\Users\Paul\Desktop\Musik
2015-04-21 00:09 - 2014-02-20 07:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\VirtualStore
2015-04-20 21:37 - 2014-08-02 00:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 14:19 - 2013-08-22 16:44 - 00494432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-19 19:18 - 2014-03-08 19:07 - 00000000 ____D () C:\Users\Paul\.thumbnails
2015-04-19 19:18 - 2014-02-20 19:52 - 00000000 ____D () C:\Users\Paul\AppData\Local\Microsoft Help
2015-04-19 19:18 - 2014-02-20 17:33 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2015-04-19 19:18 - 2014-02-20 17:20 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-04-19 19:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-19 19:18 - 2012-09-03 08:49 - 00000000 ____D () C:\ProgramData\Temp
2015-04-19 19:17 - 2014-02-20 16:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-19 19:17 - 2012-09-03 08:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-19 18:35 - 2014-10-19 00:12 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-19 17:16 - 2014-02-20 07:35 - 00000000 ____D () C:\Users\Paul\Downloads\General Setups
2015-04-19 15:11 - 2014-08-09 14:12 - 00000000 ____D () C:\Program Files (x86)\Dead Island Riptide
2015-04-18 12:45 - 2015-03-25 16:28 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V- Skyrim MAIN
2015-04-18 12:45 - 2014-02-22 00:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\Skyrim
2015-04-18 01:12 - 2014-03-26 15:45 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\.minecraft
2015-04-18 00:55 - 2014-04-19 13:36 - 00000000 ____D () C:\Users\Paul\Documents\FIFA 14
2015-04-17 18:57 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 18:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 16:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 22:47 - 2014-02-21 17:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 22:40 - 2014-02-21 17:53 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 22:32 - 2014-12-13 19:02 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 22:32 - 2014-07-14 15:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 17:39 - 2014-11-13 22:40 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 22:10 - 2014-02-20 09:24 - 00000000 ____D () C:\Users\Paul\Desktop\Schule
2015-04-14 22:09 - 2015-02-01 15:35 - 00000000 ____D () C:\Users\Paul\Downloads\Cracks
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 12:50 - 2014-02-20 09:10 - 00000000 ____D () C:\Users\Paul\Desktop\Handybilder 10.10.13
2015-04-09 22:10 - 2014-04-19 16:55 - 00000000 ____D () C:\Users\Paul\AppData\Local\gtk-2.0
2015-04-09 22:10 - 2014-03-05 13:24 - 00000000 ____D () C:\Users\Paul\.gimp-2.8
2015-04-07 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-04-06 21:20 - 2014-11-09 19:12 - 00001836 _____ () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-05 21:57 - 2014-03-16 23:52 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2015-04-09 22:10 - 2015-04-09 22:10 - 0025270 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2015-04-16 22:19 - 2015-05-01 15:21 - 0007596 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2012-09-17 08:12 - 2012-09-17 08:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3752hb.dll
C:\Users\Paul\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Paul\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe
C:\Users\Paul\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Paul\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Paul\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 14:31
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Paul at 2015-05-04 14:47:36
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-296916632-418451122-4117134758-500 - Administrator - Disabled)
Gast (S-1-5-21-296916632-418451122-4117134758-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-296916632-418451122-4117134758-1006 - Limited - Enabled)
Paul (S-1-5-21-296916632-418451122-4117134758-1002 - Administrator - Enabled) => C:\Users\Paul
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{755DDD59-9690-4F1A-BE9C-D39BDCFA77C9}) (Version: 12.1.3.153 - Adobe Systems, Inc)
Advanced Archive Password Recovery (HKLM-x32\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
Advanced Tactical Center™ 1.12 (HKLM-x32\...\ATC_is1) (Version: 1.1.2.0 - Foolish Entertainment)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.110 - Alps Electric)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoHotkey 1.1.18.00 (HKLM\...\AutoHotkey) (Version: 1.1.18.00 - Lexikos)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Brick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version: - Exe Games Inc.)
Brick-Force (HKLM-x32\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 4.4.393.134.20 - Infernum Productions AG)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dead Island Riptide version 5.1 (HKLM-x32\...\{554894C6-A12C-4CE6-8FDC-F1BBEABB69B4}_is1) (Version: 5.1 - Black_Box)
Dead Island version 1.0 (HKLM-x32\...\{3L7IL77L-T4D4-75B1-97C5-18CD6E6334A3}_is1) (Version: 1.0 - Deep Silver)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Druckerdeinstallation für EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FIFA 15 Version 1.4 (HKLM-x32\...\FIFA 15_is1) (Version: 1.4 - RFT)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free FLV Converter V 7.6.2 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.2.0 - Koyote Lab Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lazarus 1.2.6 (HKLM\...\lazarus_is1) (Version: 1.2.6 - Lazarus Team)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office Language Pack 2013 - German/Deutsch (HKLM\...\Office15.OMUI.de-de) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - Tale Worlds)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.7 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlanetSide 2 (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Spotify (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Super Giovanni (HKLM-x32\...\Super Giovanni) (Version: 1.0 - Ubersoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria v1.1.2 (HKLM-x32\...\Terraria_is1) (Version: 1.1.2 - OUTLAWS)
The Elder Scrolls V Skyrim Update 13 (1.9.32.0.8) Deutsche Version 1.9.32.0.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Update 13 (1.9.32.0.8) Deutsche Version 1.9.32.0.8) (Version: 1.9.32.0.8 - .x.X.RIDDICK.X.x.)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296916632-418451122-4117134758-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
21-04-2015 13:06:58 Geplanter Prüfpunkt
30-04-2015 03:28:52 Geplanter Prüfpunkt
01-05-2015 16:06:21 Removed MyWinLocker Suite
01-05-2015 17:01:26 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {030330C3-3EDB-44FC-B419-955FBD692A39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0B96D948-D337-4AA5-BE6B-7005AD8AEDD1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0E79F8C1-5361-46ED-B5CC-2CB2F1515D4F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {2D5EE8D9-472A-4320-8F90-17405DAAD365} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {446DCAE7-347F-458F-83BC-0112B0E51013} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {4787D71A-FB12-485A-8202-4D70640ABB3E} - \Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-500 No Task File <==== ATTENTION
Task: {4ABE9688-8EB1-4BF0-B6C2-B794879D0FB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {4CCA8A6C-CFAA-4B21-A0DF-ADD9E15960E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4F2B23CC-1FE7-480A-94AF-ACFB74F08469} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {501D3939-702C-49C6-A4A0-21B6C4F8BA6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {7F32F1DC-AF40-4FDA-9BAE-F8E32480CA05} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {7F3747FF-4F3F-43E1-8966-0F972453AD6C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {86A391D6-5267-4462-9F8B-A54E12F23D42} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {A7344468-3B3F-4A1E-A62B-70EBD9143DD3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A9B212E7-8BE4-4321-9E27-063B231CA556} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {AD5FA22B-30EB-49B9-BC26-5BAE9B3BB3B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B75AE49F-3F94-45E5-9D3B-D12B4A24E397} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {D1494A22-1D3A-42D6-A2DE-F5B64C6C1965} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DB945601-EE8E-4E39-A1C4-3715685B94B4} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F264E1AE-6010-4540-9DBB-BAC6CC690260} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-26 00:16 - 2015-02-26 00:16 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-07-26 02:03 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-26 02:13 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-27 23:19 - 2014-12-27 23:25 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-20 16:26 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-01-28 15:45 - 2013-01-28 15:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 15:42 - 2013-01-28 15:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-28 15:47 - 2013-01-28 15:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2014-02-24 22:25 - 2014-02-24 22:25 - 00035472 _____ () C:\Users\Paul\AppData\Local\assembly\dl3\XMHY9TEV.VLW\PDC42VT4.6N9\d8844b44\00949faa_5d7ccd01\WordAddIn.DLL
2012-08-22 23:26 - 2012-08-22 23:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-11-07 00:15 - 2014-11-07 00:15 - 01685528 ____N () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2012-09-17 08:16 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Paul\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-296916632-418451122-4117134758-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\Pictures\Eigene Bilder\Mein Mädchen\IMG-20141213-WA0018.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "SDAutoScan"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-296916632-418451122-4117134758-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{756CE59E-9A43-48FA-AB7F-A0E3B9D14DCC}C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [TCP Query User{BB49FC14-4F40-4B9E-8E4E-F6755E8A1066}C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\paul\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [{508BA9C6-2375-47F5-9501-9268747EC0F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7F4950C4-34CF-49EB-A732-B11FAB47897F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{300F8774-F3C2-41F8-9794-60C74B8C5EDC}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{7FC02153-8974-469A-AA8D-F14B68AAB776}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{5304E76E-BBBE-4879-A4C3-BBE589DFC72C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{4F2E2E31-F34E-4383-826C-1C5C913B5D9A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E1046C63-2EFB-4297-A5E2-E505D7BC6D55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{73E61590-D820-4F2D-9CB6-75B2851AFF3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{5B9DB2A9-81CB-491E-B36F-2FBA0FD0F379}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{928ACCB2-DA56-4C5D-86E8-4475A8888232}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C243B3EA-D51F-4FA4-8232-2DE607AD736E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{8F3423E6-57A0-4045-9C04-FA6D1F9FC1FC}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{444DEC8C-7C4E-4CF0-A3DB-6BF150292B9D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B3BB87F8-007F-427D-ABB8-8FEBC5E811F3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{25091AD1-E28F-4044-908B-BC39BE201588}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{72447E57-FE50-4556-AF7E-F7A7B5471848}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{AAA490EE-23B4-449B-9509-DBA25D7BB113}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{6470B133-D48B-489E-9B74-72B0E70E3EB6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{C861590C-DDCF-4942-9B6B-565C84405778}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{FEB2A201-A0C2-4399-85C3-CC6B11E75BC7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{FAB8348D-97B4-408E-BD8F-84D10545F8A5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{C44F4001-5117-4E3F-972D-06FD998E2275}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{554A9B34-A045-4F77-8BBF-31B886DF4369}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{22CD2F9A-7FF3-4EDC-9339-DCDB0B172F41}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{97270DF8-DB4F-4C56-BEE6-2F8683CED7B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{856199E8-8DA5-45C4-8729-F7DA1EBA8FF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E37D21BE-B38B-4EB0-BF24-D90BD316095A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5D0CD5B4-AD4E-498C-AA93-BD51C191E9F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FC171C8B-D47D-4A63-9923-CBFC8A30F788}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A301CB0F-C4FB-4643-AAC0-181993CB76F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{502A0072-7AE0-44C6-812A-6144B91C9A99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{ED6ABC67-1715-4737-9167-2A83CC14FA3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{89599D6F-4258-4836-99F5-58D4079A4337}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{715AC500-1E4D-4F30-BBD9-85EB7EFFE0CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{3CE6D93D-0E2F-48A5-9D67-0AD59E7C1F83}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{ABB78719-9CB4-4E40-AE8F-A13F87889ED4}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [{23E0B24D-F533-47D9-B1E4-A0E3024A31B2}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{9D7181A0-E3A8-47A9-B2A1-F8C01F497625}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{BD0A7ED8-80AB-4A34-80D1-0D0638083359}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{8A59F550-D577-4685-890A-04C6FCC6755E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{746B9F7C-D1D7-498D-96D7-6BD878FC477F}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{ABC0F3EF-9B8C-4602-B2F7-1E2764E22868}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe
FirewallRules: [{FD23C676-731A-4693-ADE2-F26EF4F86D6C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{1774DC5A-E282-4F13-957C-578C6AB1FE99}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{680AFC4F-7EEE-4F01-97C3-3C331619C97B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{8ADBE6A0-BB21-472C-81B6-6000F201428B}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{2C9C0B76-8E2F-453E-9D2E-BA6C5F2D08E2}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{D73661A4-CBBD-4341-BB6C-FB9B8CDBCF2C}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{6EE357FD-EAFC-4CCB-A598-D12713256916}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{E668C4CB-7CC7-4150-A7E7-E7AE3D48416F}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{AF42CCFB-D56F-4624-A692-47A1C4072A6F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [{D5994576-025A-43C5-AFAB-C4C4AA102CBB}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe
FirewallRules: [TCP Query User{200ABC95-81E5-438C-8945-8A0B1B778B3B}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{14578907-09A0-41B9-A3E9-1BAF2C12ED3A}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{ABEE6659-5854-4913-A367-8ACC1C5A5339}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E66B0F9F-911A-474C-A2A2-BAE80FCE177D}C:\users\paul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paul\appdata\roaming\spotify\spotify.exe
FirewallRules: [{51E43A8F-5774-45D0-84AB-7625E0A5950A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{6808E2E2-B541-4095-83B6-0B232AD99D12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{3F6F09B7-F83A-4ECB-AA8D-47BBC0C30828}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{92B1D263-D27D-4E10-9E0A-4F6A223D668A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{313262E4-8958-4760-AC31-7D935D339055}C:\program files (x86)\dead island\deadislandgame.exe] => (Block) C:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{37FEBEE5-4265-42CE-BBF8-60608EE2BAEB}C:\program files (x86)\dead island\deadislandgame.exe] => (Block) C:\program files (x86)\dead island\deadislandgame.exe
FirewallRules: [TCP Query User{F1F9C3BE-765C-4BFC-9BC3-43422931BFED}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [UDP Query User{5EB6E980-7DD1-4603-B86B-F9D768373122}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [{BEA0F4E8-2522-4460-9E77-BF459D9A8CB5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB40E79F-6372-4A65-9808-51479C814B3E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F90F83DB-73E4-45D1-8016-52935031A5E3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2584AF26-76B3-41A4-BEDC-B4B0F7D3F2E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{3B0F064F-1F42-47D6-A54B-C08D7C21D277}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe] => (Allow) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [UDP Query User{900AA6EE-24BA-4044-8593-BDD9BDD73205}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe] => (Allow) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [{49EBA24D-7DF2-4146-A783-D2AAD423281D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{4FC991DF-062A-4697-9968-BDF21647CFF5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{F322A37A-BE8F-4AE2-AC3B-84107AF0530C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{6D339B46-5AEC-4C0A-BA7C-BF98C4B95F13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{31A7DF62-6A3C-4DF4-B1F4-82C42C3F1B03}] => (Allow) C:\Program Files (x86)\Brick-Force\BfLauncher.exe
FirewallRules: [{4EEA6EFF-3D62-45EF-9A71-339C6B6F8734}] => (Allow) C:\Program Files (x86)\Brick-Force\BrickForce.exe
FirewallRules: [{D763C0A5-400E-4662-A8E1-5E56EB57851F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BB740A96-6E03-4663-A09B-3D4EA2518B84}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F09BCF57-3C68-40D7-94D6-67B7EB753757}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BD420D41-5FED-43D2-84A6-4FE90EAD3E4B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40FEC6E0-9C26-4275-A47B-B01AF54D5368}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{9472EF62-34D3-4824-8382-56EB8E647DB9}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{18F86F92-B0AF-4415-967E-C64739A920B0}] => (Allow) C:\Program Files (x86)\ FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{36A5A491-820B-4D38-80D5-2E604ACE411D}] => (Allow) C:\Program Files (x86)\ FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{5FC2D2FC-F78C-4932-AD4D-F285AEFF59BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{42B4E4AE-52DF-4F6E-A5DA-7AFD73141228}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{40423292-35E2-4EEF-A2A8-AA4789BC713B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{81EE2B57-40C9-4B6E-B9A3-82A20D499679}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{570C0211-5653-47B9-A273-9E40F254CEC1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2BC41C10-9E14-4B66-B165-A7662B060220}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E39AD9E1-2BAA-46B3-AA0F-BD9858B2E120}] => (Allow) C:\Program Files\Microsoft Office\Office15\outlook.exe
FirewallRules: [{3CCF7722-5875-4EEE-9957-9BCF4D8DCD9B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{DC8B2B96-1DD9-4A1A-ADB6-FFCFE7ADA01E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{4AD39694-4DE9-4E6E-8B9A-93C0BE9D5D34}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{55A99009-DF01-459C-9A56-69FE139C9C87}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{53221FC6-43CD-436F-A6D1-9E722EC59F76}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{BC710396-5C03-4B49-9A5C-E9AD9608223B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{61F1EF1F-4FAE-4C47-BE34-6D47A89EEF66}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FCDE97E8-3092-49B5-A6C5-A164A4632905}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{31B9270D-12CB-48A6-B8B0-02CC98C81B82}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{250C15D5-E235-48EE-890B-B84FD3359DA5}] => (Allow) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DCD666AF-AE4C-428B-948E-483846F4AB5B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E821BC73-528B-4C2E-B922-0A706B81DC0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{338CD94C-66F4-4A6F-9535-400B80D4037A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{59BFD89E-98E1-458A-8756-2681820EE904}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{B82337A6-9777-45AA-9F69-E19F344E1D1E}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/04/2015 01:14:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mb_warband_old.exe, Version: 1.0.0.0, Zeitstempel: 0x4e1b0b6f
Name des fehlerhaften Moduls: mb_warband_old.exe, Version: 1.0.0.0, Zeitstempel: 0x4e1b0b6f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00074017
ID des fehlerhaften Prozesses: 0x1218
Startzeit der fehlerhaften Anwendung: 0xmb_warband_old.exe0
Pfad der fehlerhaften Anwendung: mb_warband_old.exe1
Pfad des fehlerhaften Moduls: mb_warband_old.exe2
Berichtskennung: mb_warband_old.exe3
Vollständiger Name des fehlerhaften Pakets: mb_warband_old.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mb_warband_old.exe5
Error: (05/04/2015 00:40:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (05/03/2015 10:10:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a4
Startzeit: 01d085dc7fae107a
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 7480f47f-f1d0-11e4-8024-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/03/2015 07:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1fa8
Startzeit: 01d085c35b5f2ada
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 51337799-f1b7-11e4-8024-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/03/2015 05:40:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b1c
Startzeit: 01d085b6c7640103
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: bd4c313c-f1aa-11e4-8024-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (05/03/2015 03:40:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a90
Startzeit: 01d085a603d72b85
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: f851b3df-f199-11e4-8024-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/03/2015 03:40:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d74
Startzeit: 01d085a603d68f2a
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: f84c5bcd-f199-11e4-8024-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (05/03/2015 03:10:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 33c
Startzeit: 01d085a1d2f18725
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: c8436043-f195-11e4-8024-20689d450d1d
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (05/03/2015 01:54:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (05/03/2015 01:54:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
System errors:
=============
Error: (05/04/2015 02:20:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/03/2015 01:35:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/02/2015 06:27:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/02/2015 04:08:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2015 04:08:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/02/2015 04:08:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2015 04:08:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IconMan_R" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/02/2015 04:08:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dritek RF Button Command Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/02/2015 04:08:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/02/2015 04:08:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (05/04/2015 01:14:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mb_warband_old.exe1.0.0.04e1b0b6fmb_warband_old.exe1.0.0.04e1b0b6fc000000500074017121801d085f62de738a9C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband_old.exeC:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband_old.exe1a3d04fc-f1ea-11e4-8024-20689d450d1d
Error: (05/04/2015 00:40:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (05/03/2015 10:10:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689a401d085dc7fae107a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe7480f47f-f1d0-11e4-8024-20689d450d1dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/03/2015 07:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891fa801d085c35b5f2ada4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe51337799-f1b7-11e4-8024-20689d450d1dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/03/2015 05:40:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174151b1c01d085b6c76401034294967295C:\WINDOWS\syswow64\wwahost.exebd4c313c-f1aa-11e4-8024-20689d450d1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (05/03/2015 03:40:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891a9001d085a603d72b854294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef851b3df-f199-11e4-8024-20689d450d1dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/03/2015 03:40:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415d7401d085a603d68f2a4294967295C:\WINDOWS\syswow64\wwahost.exef84c5bcd-f199-11e4-8024-20689d450d1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (05/03/2015 03:10:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1741533c01d085a1d2f187254294967295C:\WINDOWS\syswow64\wwahost.exec8436043-f195-11e4-8024-20689d450d1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (05/03/2015 01:54:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Paul\Desktop\esetsmartinstaller_deu.exe
Error: (05/03/2015 01:54:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Paul\Desktop\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-10-17 17:32:48.668
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-12 15:10:11.273
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-10 23:00:13.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-08 18:29:35.406
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-07 21:05:27.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-07 20:38:18.654
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-05 13:33:04.470
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-27 16:17:02.982
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-21 21:28:12.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-21 21:28:11.934
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 25%
Total physical RAM: 8074.27 MB
Available physical RAM: 6047.35 MB
Total Pagefile: 16266.27 MB
Available Pagefile: 14114.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:680.48 GB) (Free:149.25 GB) NTFS
Drive f: (PAULS STICK) (Removable) (Total:29.81 GB) (Free:27.55 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: DB699A5A)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
05.05.2015, 07:39
| #9 |
| /// the machine /// TB-Ausbilder | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\Free FLV Converter\Helper.dll
C:\Program Files (x86)\Free FLV Converter\Uninstall.exe
C:\Users\Paul\Downloads\HijackThis - CHIP-Installer.exe
C:\Users\Paul\Downloads\Vollversion Ashampoo Burning Studio 2015 - CHIP-Installer.exe
C:\Users\Paul\Downloads\General Setups\All in One Runtimes - CHIP-Installer.exe
C:\Users\Paul\Downloads\General Setups\BlueStacks App Player - CHIP-Installer.exe
C:\Users\Paul\Downloads\General Setups\FFSetup3.0.1.exe
C:\Users\Paul\Downloads\General Setups\FreeFLVConverterSetup_7.6.1.exe
C:\Users\Paul\Downloads\General Setups\HSS-2.90.exe
C:\Users\Paul\Downloads\General Setups\iLividSetupV1 (1).exe
C:\Users\Paul\Downloads\General Setups\iLividSetupV1.exe
C:\Users\Paul\Downloads\General Setups\Paint NET - CHIP-Installer.exe
C:\Users\Paul\Downloads\General Setups\YTDSetup.exe
C:\Users\Paul\Downloads\General Setups\YTDSetup36.exe
H:\Dateisicherung 2\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000
H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip
H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe
H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe
H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk
H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll
H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe
H:\Dateisicherung 2\AppData\Local\Temp\setupA9_.exe
H:\Dateisicherung 2\AppData\Roaming\Mozilla\Firefox\Profiles\ok86h4be.default\extensions\{345422e3-72fa-447a-9550-97803edfacf3}.xpi
H:\Dateisicherung 2\Downloads\General Setups\coretemp_rc3_1236.exe
H:\Dateisicherung 2\Downloads\General Setups\FFSetup3.0.1.exe
H:\Dateisicherung 2\Downloads\General Setups\HSS-2.90.exe
H:\Dateisicherung 2\Downloads\General Setups\iLividSetupV1 (1).exe
H:\Dateisicherung 2\Downloads\General Setups\iLividSetupV1.exe
H:\Dateisicherung 2\Downloads\General Setups\SoftonicDownloader_for_ap-tuner.exe
H:\Dateisicherung 2\Downloads\General Setups\SoftonicDownloader_for_latency-optimizer.exe
H:\Dateisicherung 2\Downloads\General Setups\YTDSetup36.exe
H:\Dateisicherung 2\ProgramData\InstallMate\{4504474F-89BB-44DF-A634-C1999EE765B9}\Custom.dll
H:\Dateisicherung 2\ProgramData\InstallMate\{F2AA0F1E-DA9F-46C9-A422-92BD29492DE8}\Custom.dll
Task: {4787D71A-FB12-485A-8202-4D70640ABB3E} - \Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-500 No Task File <==== ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Du solltest schleunigst dein Downloadverhalten überdenken: CHIP-Installer - was ist das? - Anleitungen Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.05.2015, 22:12
| #10 |
| | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela Hallo, hier die Fixlog. Es gab allerdings ein paar Probleme, weil AVG zwischenzeitlich 5 Dateien aus der Fixlist in Quarantäne genommen hat. Dementsprechend konnte FRST diese Dateien zunächst nicht löschen, den Rest aber schon. Aber dann nach Beiseitigung der anderen Dateien AVG deaktiviert, die Fixlist.txt erneut erstellt und die Prozedur wiederholt. Dabei wurde das Fixlog überschrieben. Die Dateien hinter denen jetzt "not found" steht, wurden aber in der vorigen Bereinigung "successfully moved". Code:
ATTFilter H:\Dateisicherung 2\Downloads\General Setups\FFSetup3.0.1.exe
H:\Dateisicherung 2\Downloads\General Setups\HSS-2.90.exe
H:\Dateisicherung 2\Downloads\General Setups\iLividSetupV1 (1).exe
H:\Dateisicherung 2\Downloads\General Setups\iLividSetupV1.exe
H:\Dateisicherung 2\Downloads\General Setups\SoftonicDownloader_for_ap-tuner.exe
H:\Dateisicherung 2\Downloads\General Setups\SoftonicDownloader_for_latency-optimizer.exe
H:\Dateisicherung 2\Downloads\General Setups\YTDSetup36.exe
H:\Dateisicherung 2\ProgramData\InstallMate\{4504474F-89BB-44DF-A634-C1999EE765B9}\Custom.dll
H:\Dateisicherung 2\ProgramData\InstallMate\{F2AA0F1E-DA9F-46C9-A422-92BD29492DE8}\Custom.dll
Task: {4787D71A-FB12-485A-8202-4D70640ABB3E} - \Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-500 No Task File <==== ATTENTION
Emptytemp:
*****************
"C:\Program Files (x86)\Free FLV Converter\Helper.dll" => File/Directory not found.
"C:\Program Files (x86)\Free FLV Converter\Uninstall.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\HijackThis - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\Vollversion Ashampoo Burning Studio 2015 - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\All in One Runtimes - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\BlueStacks App Player - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\FFSetup3.0.1.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\FreeFLVConverterSetup_7.6.1.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\HSS-2.90.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\iLividSetupV1 (1).exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\iLividSetupV1.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\Paint NET - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\YTDSetup.exe" => File/Directory not found.
"C:\Users\Paul\Downloads\General Setups\YTDSetup36.exe" => File/Directory not found.
H:\Dateisicherung 2\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 => Moved successfully.
"H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip" => File/Directory not found.
"H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe" => File/Directory not found.
"H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe" => File/Directory not found.
"H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk" => File/Directory not found.
H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll => Moved successfully.
"H:\Dateisicherung 2\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe" => File/Directory not found.
"H:\Dateisicherung 2\AppData\Local\Temp\setupA9_.exe" => File/Directory not found.
"H:\Dateisicherung 2\AppData\Roaming\Mozilla\Firefox\Profiles\ok86h4be.default\extensions\{345422e3-72fa-447a-9550-97803edfacf3}.xpi" => File/Directory not found.
H:\Dateisicherung 2\Downloads\General Setups\coretemp_rc3_1236.exe => Moved successfully.
"H:\Dateisicherung 2\Downloads\General Setups\FFSetup3.0.1.exe" => File/Directory not found.
"H:\Dateisicherung 2\Downloads\General Setups\HSS-2.90.exe" => File/Directory not found.
"H:\Dateisicherung 2\Downloads\General Setups\iLividSetupV1 (1).exe" => File/Directory not found.
"H:\Dateisicherung 2\Downloads\General Setups\iLividSetupV1.exe" => File/Directory not found.
H:\Dateisicherung 2\Downloads\General Setups\SoftonicDownloader_for_ap-tuner.exe => Moved successfully.
H:\Dateisicherung 2\Downloads\General Setups\SoftonicDownloader_for_latency-optimizer.exe => Moved successfully.
"H:\Dateisicherung 2\Downloads\General Setups\YTDSetup36.exe" => File/Directory not found.
"H:\Dateisicherung 2\ProgramData\InstallMate\{4504474F-89BB-44DF-A634-C1999EE765B9}\Custom.dll" => File/Directory not found.
"H:\Dateisicherung 2\ProgramData\InstallMate\{F2AA0F1E-DA9F-46C9-A422-92BD29492DE8}\Custom.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4787D71A-FB12-485A-8202-4D70640ABB3E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-296916632-418451122-4117134758-500 => Key not found.
EmptyTemp: => Removed 10.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 23:02:00 ====
Werde mir dann morgen das Cleanup vornehmen und AVG durch Emisoft ersetzen und noch eine "Dankesrede" verfassen  Danke schon mal im Voraus! Lg |
|
06.05.2015, 08:54
| #11 |
| /// the machine /// TB-Ausbilder | [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela |
| adobe flash player, anmeldung, autokms, dateien, datenverbrauch, diverse, edition, flash player, hallo zusammen, hijack, launch, livecomm.exe, meldung, microsoft, nachrichten, netzwerk, netzwerkauslastung, office, passwörter, pingerhöhung, player, required, secure search, seltsame, task-manager, update, verbindung, virtool.obfuscator, vtoolbarupdater, windows, windowsapps |
![[Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela](iconimages/log-analyse-auswertung/windows-8-1-sehr-hohe-netzwerkauslastung-steam-facebook-web-de-fremdzugriff-venezuela_ltr.gif)
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
