Windows 8 Download Protect 2.2.12 hat sich eingenistet

Juan94 · 23.08.2015, 13:19

Guten Tag,

ich habe seit gestern festgestellt, dass ich die oben genannte Malware auf meinem System.
Durch Google bin ich auf dieses Board gestoßen und hoffe, dass mir jemand bei meinem Problem helfen kann.
Ich habe vorab laut einer Anleitung schon Malwarebites Anti-Malware installiert und durchlaufen lassen.

Hier die txt vom ersten Durchlauf:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 23.08.2015
Suchlaufzeit: 05:25
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.08.22.04
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Juan

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 376171
Abgelaufene Zeit: 25 Min., 12 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 4
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\DnsBlockA.dll, , [12caf318117af5412545f42b30d307f9],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\DnsBlockA.dll, , [12caf318117af5412545f42b30d307f9],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\DnsBlockB.dll, , [776568a3cebdfe384f1cda458b784cb4],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\DnsBlockB.dll, , [776568a3cebdfe384f1cda458b784cb4],

Registrierungsschlüssel: 59
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DPBHO.DownloadProtect, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect.1, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DPBHO.DownloadProtect.1, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}\INPROCSERVER32, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1cc2bb80-20ab-43e5-b958-432d72b546ca}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{c73e229d-5127-4e12-80eb-a51818f55311}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F4DD775F-ECBD-44A8-B472-916072DED4F7}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F4DD775F-ECBD-44A8-B472-916072DED4F7}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F4DD775F-ECBD-44A8-B472-916072DED4F7}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{c73e229d-5127-4e12-80eb-a51818f55311}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{c73e229d-5127-4e12-80eb-a51818f55311}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1CC2BB80-20AB-43E5-B958-432D72B546CA}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1CC2BB80-20AB-43E5-B958-432D72B546CA}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1CC2BB80-20AB-43E5-B958-432D72B546CA}, , [895388833556e5510082d0078d75916f],
PUP.Optional.GreatFind.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1CC2BB80-20AB-43E5-B958-432D72B546CA}, , [895388833556e5510082d0078d75916f],
PUP.Optional.MoreResultsHub.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{a8345a32-3b31-410a-bfbf-f2fdb81ba019}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{d2853659-4f85-41ef-83d9-26286d4b8605}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E5478627-F318-4374-BCC5-C868F3FCE022}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E5478627-F318-4374-BCC5-C868F3FCE022}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E5478627-F318-4374-BCC5-C868F3FCE022}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{d2853659-4f85-41ef-83d9-26286d4b8605}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{d2853659-4f85-41ef-83d9-26286d4b8605}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A8345A32-3B31-410A-BFBF-F2FDB81BA019}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A8345A32-3B31-410A-BFBF-F2FDB81BA019}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A8345A32-3B31-410A-BFBF-F2FDB81BA019}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.MoreResultsHub.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A8345A32-3B31-410A-BFBF-F2FDB81BA019}, , [14c844c74a41b77fad1afe978b7714ec],
PUP.Optional.DNSBlock.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DnsBlockUpdateSvc, , [c6169a7163282d095810e639b54ef010],
PUP.Optional.BDYahoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [2fad000b6b2062d49f11d9d9d52f54ac],
PUP.Optional.RegCleanerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASP, , [994328e392f90c2aeefb011b58ab7e82],
PUP.Optional.DigitalSites.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Digital Sites, , [67759a71cac164d2f47253cb0af922de],
PUP.Optional.RegCleanerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\RegClean Pro, , [697325e6cac1a88e48a2b765ca397888],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\RegClean Pro_DEFAULT, , [815b6f9c7d0e280e7b70f626798a39c7],
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, , [b725da31fc8f2313b1dd553859ab9d63],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, , [06d66ba05635c4729d05252829da2ed2],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, , [05d79e6db2d981b57c729fae8b784fb1],
PUP.Optional.IePluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, , [66766d9ec8c371c5093b9d9221e2fd03],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, , [5389de2d8209e254cbc4a69612f115eb],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [2bb13fcc2a61ac8a7c14d26aea190df3],
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\DSiteproducts, , [6e6ef813d5b6fc3acabb9605bf45f50b],
PUP.Optional.InstallCore.C, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\InstallCore, , [4c900902c1caf343413c6d3f758f7c84],
PUP.Optional.BDYahoo.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AA6677D3-FA45-4936-A20C-E5B3F7EC88A1}, , [f7e50902e3a845f1edc2941eac58e917],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\SYSTWEAK\RegClean Pro, , [9c4024e7c5c67eb89ad090ef8c7857a9],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\SYSTWEAK\ssd, , [26b649c26526053119d4480540c3ae52],

Registrierungswerte: 3
PUP.Optional.BDYahoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sm-rhb-34__alt__ddc_dss_bd_com&p={searchTerms}, , [2fad000b6b2062d49f11d9d9d52f54ac]
PUP.Optional.DownloadProtectExtension.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{A511BEA9-68CA-4467-8B8C-12CDED4F17B7}, C:\WINDOWS\Installer\{18E9D39C-FC9A-4575-90AE-841229DDBE55}\{A511BEA9-68CA-4467-8B8C-12CDED4F17B7}.xpi, , [5c808784b5d6dc5afe5aee31f40fec14]
PUP.Optional.BDYahoo.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AA6677D3-FA45-4936-A20C-E5B3F7EC88A1}|URL, hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sm-rhb-34__alt__ddc_dss_bd_com&p={searchTerms}, , [f7e50902e3a845f1edc2941eac58e917]

Registrierungsdaten: 4
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1406441137&from=cor&uid=WDCXWD10SPCX-22HWST0_WD-WX71A530991609916&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1406441137&from=cor&uid=WDCXWD10SPCX-22HWST0_WD-WX71A530991609916&q={searchTerms}),,[b626f11aeba0ea4ce668134550b505fb]
PUP.Optional.BDYahoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-34__alt__ddc_dsssyc_bd_com, Gut: (www.google.com), Schlecht: (hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-34__alt__ddc_dsssyc_bd_com),,[c21a31da4e3d221496403e1b0500817f]
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1406441137&from=cor&uid=WDCXWD10SPCX-22HWST0_WD-WX71A530991609916&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1406441137&from=cor&uid=WDCXWD10SPCX-22HWST0_WD-WX71A530991609916&q={searchTerms}),,[b824a9629fecdd597cd2a7b14db8fa06]
PUP.Optional.BDYahoo.A, HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-34__alt__ddc_dsssyc_bd_com, Gut: (www.google.com), Schlecht: (hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-34__alt__ddc_dsssyc_bd_com),,[578592796a214ee8d00468f1877e42be]

Ordner: 21
PUP.Optional.DownloadProtect.A, C:\Windows\Installer\{D55A0A86-CCC8-4D98-BB25-254AE8A1C043}, , [f6e610fb6e1d03336ef7b06f14ef6799],
PUP.Optional.UpdateProc.A, C:\Users\Juan\AppData\Roaming\DigitalSites\UpdateProc, , [7e5ebf4c0a8161d5f37c0b16b350e51b],
PUP.Optional.UpdateProc.A, C:\Users\Juan\AppData\Roaming\DigitalSites, , [7e5ebf4c0a8161d5f37c0b16b350e51b],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, , [fbe123e8d6b53afc7509ea6d08fb18e8],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro, , [97457596701b62d474baa84019e958a8],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, , [97457596701b62d474baa84019e958a8],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice, , [97457596701b62d474baa84019e958a8],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de, , [97457596701b62d474baa84019e958a8],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, , [8953c04b0c7f270f526597601be723dd],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, , [8953c04b0c7f270f526597601be723dd],
PUP.Optional.SystemSpeedup, C:\Users\Juan\AppData\Roaming\Systweak\ssd, , [8f4d77943358af874a73f4056a989f61],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\2.1.1000.13665, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Juan\AppData\Roaming\Systweak\Advanced-System-Protector, , [a03cfb10dcafa88e7d3f2cd04ab825db],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Juan\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665, , [a03cfb10dcafa88e7d3f2cd04ab825db],
PUP.Optional.SweetPage.ShrtCln, C:\Users\Juan\AppData\Roaming\sweet-page, , [6379bf4c1576092db3cc4eb335ce1ce4],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, , [6379f11abecd6cca764a17ffee1540c0],
PUP.Optional.DnsBlock.A, C:\Users\Juan\AppData\Local\DnsBlock, , [6b7151bab1daf93d8093df3b59aadd23],
PUP.Optional.DnsBlock.A, C:\Program Files (x86)\DnsBlock, , [a03cc3488dfe13236dddd842f70cb34d],

Dateien: 62
PUP.Optional.DownloadProtect.A, C:\Program Files\{93B1ECAD-1E9C-4D34-9171-A09C3F2FFB47}\{5D5C12BE-B70B-46DC-8378-B2EF6919B987}.bin, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.DownloadProtect.A, C:\Program Files (x86)\{EF8FEFB6-68E5-42F3-8685-9589D7956E00}\{FEBF56FA-A497-4CFE-80EA-57DA966CDAA0}.bin, , [7c60da3164278caa0c375ddc14ec10f0],
PUP.Optional.GreatFind.A, C:\Users\Juan\AppData\Roaming\RPEng\76ED798F964A446C9521FC0E76BB9509\setup.exe, , [ab3152b9e0ab80b69355612b12f324dc],
PUP.Optional.GreatFind.A, C:\Users\Juan\AppData\Local\Temp\{55CF57CD-71C6-4BCA-9C60-FDA80C71942B}.dll, , [1ac21af1e3a84cea14d45b31b84d867a],
PUP.Optional.GreatFind.A, C:\Users\Juan\AppData\Local\Temp\{7BA5BE33-DD85-4F97-8173-B0964996025F}.dll, , [716b40cb90fb51e5955399f39e674ab6],
PUP.Optional.GreatFind.A, C:\Users\Juan\AppData\Local\Temp\{ED8D9024-6BFD-455F-971F-2927E4A90098}.dll, , [a6368b80d3b8bd79c226513b6f9627d9],
PUP.Optional.DiscoveryApp.A, C:\Users\Juan\AppData\Local\Temp\si, , [6a72ff0ca4e73ff7b333724e2bd6bc44],
PUP.Optional.DNSBlock.A, C:\Users\Juan\AppData\Local\Temp\setup.exe, , [1cc0e42744475dd9c40c596ae41dbd43],
PUP.Optional.GreatFind.A, C:\Users\Juan\AppData\Local\Temp\~nsu.tmp\Au_.exe, , [c11b07046e1d9f9731b7ff8dec19639d],
PUP.Optional.DNSBlocker.A, C:\Windows\System32\dns.block, , [bd1f38d3800b51e5009454c706fd56aa],
PUP.Optional.DNSBlocker.A, C:\Windows\SysWOW64\dns.block, , [3d9fcf3c6c1fc07682127c9f2cd7a15f],
PUP.Optional.DownloadProtect.A, C:\Windows\Installer\{D55A0A86-CCC8-4D98-BB25-254AE8A1C043}\cdmooldchceiomeonecgcbfcemnfdcejhrx, , [f6e610fb6e1d03336ef7b06f14ef6799],
PUP.Optional.DownloadProtect.A, C:\Windows\Installer\{D55A0A86-CCC8-4D98-BB25-254AE8A1C043}\xdmooldchceiomeonecgcbfcemnfdcejhml, , [f6e610fb6e1d03336ef7b06f14ef6799],
PUP.Optional.DNSBlock.A, C:\Windows\System32\DnsBlockUpdateSvc.exe, , [c6169a7163282d095810e639b54ef010],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\DnsBlockA.dll, , [12caf318117af5412545f42b30d307f9],
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\DnsBlockA.dll, , [1bc1ca41e9a273c36ffbf02fe1220cf4],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\DnsBlockB.dll, , [776568a3cebdfe384f1cda458b784cb4],
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\DnsBlockB.dll, , [8f4d22e9ed9e51e5ff6c031cbc470ef2],
PUP.Optional.UpdateProc.A, C:\Users\Juan\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, , [7e5ebf4c0a8161d5f37c0b16b350e51b],
PUP.Optional.UpdateProc.A, C:\Users\Juan\AppData\Roaming\DigitalSites\UpdateProc\config.dat, , [7e5ebf4c0a8161d5f37c0b16b350e51b],
PUP.Optional.UpdateProc.A, C:\Users\Juan\AppData\Roaming\DigitalSites\UpdateProc\info.dat, , [7e5ebf4c0a8161d5f37c0b16b350e51b],
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\RegClean Pro, , [bd1f8d7e800bc27420c7de6932d13fc1],
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, , [09d353b87b1072c475731c2b29da6c94],
PUP.Optional.RegCleanPro.A, C:\Windows\System32\Tasks\RegClean Pro_DEFAULT, , [4d8f57b43655fa3c40bad57a07fccd33],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, , [fbe123e8d6b53afc7509ea6d08fb18e8],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro entfernen.lnk, , [fbe123e8d6b53afc7509ea6d08fb18e8],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, , [fbe123e8d6b53afc7509ea6d08fb18e8],
PUP.Optional.RegCleanerPro.J, C:\Windows\Tasks\RegClean Pro_UPDATES.job, , [33a90dfed1ba0036ca8ac0aab74cb44c],
PUP.Optional.RegCleanPro.A, C:\Windows\Tasks\RegClean Pro_DEFAULT.job, , [18c4df2cd8b3fc3aa1f1c1b750b4b34d],
PUP.Optional.DigitalSites.A, C:\Windows\Tasks\Digital Sites.job, , [5389d73482095ed8770f4655c24210f0],
PUP.Optional.DigitalSites.A, C:\Windows\System32\Tasks\Digital Sites, , [0eceef1c3c4f61d5c3c43b609d67936d],
PUP.Optional.GreatFind.A, C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_greatfind-a.akamaihd.net_0.localstorage, , [f2ea62a9cbc01620b338f2bc52b24cb4],
PUP.Optional.GreatFind.A, C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_greatfind-a.akamaihd.net_0.localstorage-journal, , [09d32edd167584b28566664860a4c13f],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, , [97457596701b62d474baa84019e958a8],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\German_rcp.dat, , [97457596701b62d474baa84019e958a8],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_07-27-2014.log, , [97457596701b62d474baa84019e958a8],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, , [97457596701b62d474baa84019e958a8],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, , [97457596701b62d474baa84019e958a8],
PUP.Optional.RegCleanerPro.A, C:\Users\Juan\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, , [97457596701b62d474baa84019e958a8],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, , [8953c04b0c7f270f526597601be723dd],
PUP.Optional.SystemSpeedup, C:\Users\Juan\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, , [8f4d77943358af874a73f4056a989f61],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\completedatabase.db, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Cookies.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\DigSign.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FilePathFIX.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FilePaths.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FileSignature.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Folders.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Md5.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Registry.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\SetupSign.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\StrSetupSign.bin, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\100oupdate.zip, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1835completedatabase.zip, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1891mupdate.zip, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1892update.zip, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1893update.zip, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1894update.zip, , [e3f92be0e2a9d660f7c57b8109f9d32d],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Juan\AppData\Roaming\Systweak\Advanced-System-Protector\QDetail.db, , [a03cfb10dcafa88e7d3f2cd04ab825db],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Juan\AppData\Roaming\Systweak\Advanced-System-Protector\Settings.db, , [a03cfb10dcafa88e7d3f2cd04ab825db],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Juan\AppData\Roaming\Systweak\Advanced-System-Protector\Update.ini, , [a03cfb10dcafa88e7d3f2cd04ab825db],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Juan\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665\ASPLog.txt, , [a03cfb10dcafa88e7d3f2cd04ab825db],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

Beim zweiten Durchlauf wurden keine identifizierten Bedrohungen gefunden.
Hier noch mal die txt:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 23.08.2015
Suchlaufzeit: 13:42
Protokolldatei: mbam2.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.08.23.02
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Juan

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 375960
Abgelaufene Zeit: 26 Min., 11 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

Ich bitte um Hilfe bei der Entfernung von Defend Protect..

Vielen Dank im Voraus!

M-K-D-B · 23.08.2015, 13:24

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

Juan94 · 23.08.2015, 17:39

Wenn ich mir die Programme downloaden möchte kommt die Meldung, dass die Website Filepony zur Seit nicht verfügbar ist..
Wo soll ich mir die Programme runterladen ?

Nach einer gescheiterten Systemwiederherstellung auf einen Punkt von vor ca. 2 wochen funktioniert die Seite jetzt:

FRST txt:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015
durchgeführt von Juan (Administrator) auf JUAN-PC (23-08-2015 18:21:18)
Gestartet von C:\Users\Juan\Downloads
Geladene Profile: Juan (Verfügbare Profile: Juan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Users\Juan\Downloads\FRST64 (1).exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Atheros Communications)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Richtlinienbeschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

ProxyServer: [S-1-5-21-994889132-872104614-2419786447-1002] => 64.31.22.131:7808
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> DefaultScope {AA6677D3-FA45-4936-A20C-E5B3F7EC88A1} URL = 
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> OldSearch URL = hxxp://www.search.ask.com/web?tpid=ATU4-SP&o=APN11391&pf=V7&p2=^BAY^aaa148^YY^DE&gct=&itbv=12.16.2.1836&apn_uid=C184E0BC-0447-461F-8935-D286031B601F&apn_ptnrs=^BAY&apn_dtid=^aaa148^YY^DE&apn_dbr=cr_37.0.2062.120&doi=2014-09-21&trgb=CR&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> {90168360-0D5A-400F-BC59-A9EB10650104} URL = 
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74DAB17B-C890-4B64-BD96-F7415F53E187}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E0C75E5A-8B49-4FB5-9619-40444B88458A}: [DhcpNameServer] 40.32.1.201 40.32.1.202

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Keine Datei]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-03] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-23]
CHR Extension: (Google Search) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-23]
CHR Extension: (Download Protect) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmooldchceiomeonecgcbfcemnfdcejh [2015-08-23]
CHR Extension: (Google Sheets) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-28] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-23 18:21 - 2015-08-23 18:21 - 00019162 _____ C:\Users\Juan\Downloads\FRST.txt
2015-08-23 18:20 - 2015-08-23 18:21 - 00000000 ____D C:\FRST
2015-08-23 18:20 - 2015-08-23 18:20 - 02173440 _____ C:\Users\Juan\Downloads\FRST64 (1).exe
2015-08-23 18:19 - 2015-08-23 18:19 - 02173440 _____ C:\Users\Juan\Downloads\FRST64.exe
2015-08-23 14:27 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-23 14:27 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-23 14:21 - 2015-08-23 14:21 - 00001197 _____ C:\Users\Juan\Desktop\mbam2.txt
2015-08-23 05:51 - 2015-08-23 05:51 - 00024441 _____ C:\Users\Juan\Desktop\mbam.txt
2015-08-23 05:24 - 2015-08-23 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-08-23 05:24 - 2015-08-23 19:02 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-23 05:24 - 2015-08-23 13:42 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 05:24 - 2015-08-23 05:24 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-23 05:24 - 2015-08-23 05:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 05:24 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-23 05:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-23 05:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 05:23 - 2015-08-23 05:24 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Juan\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 00:54 - 2015-08-23 00:54 - 00000000 ____D C:\Users\Juan\AppData\Roaming\TuneUp Software
2015-08-23 00:54 - 2015-08-23 00:54 - 00000000 ____D C:\Users\Juan\AppData\Local\TuneUp Software
2015-08-23 00:52 - 2015-08-23 19:01 - 00000000 ____D C:\Users\Juan\AppData\Roaming\RPEng
2015-08-23 00:52 - 2015-08-23 00:54 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-08-23 00:51 - 2015-08-23 05:18 - 00000000 ____D C:\Users\Juan\AppData\Roaming\DVDVideoSoft
2015-08-23 00:50 - 2015-08-23 00:51 - 30800040 _____ (DVDVideoSoft Ltd. ) C:\Users\Juan\Downloads\FreeVideoToMP3Converter5.0.61.805.exe
2015-08-23 00:47 - 2015-08-23 00:47 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-08-23 00:46 - 2015-08-23 05:52 - 00000000 ____D C:\Program Files\{93B1ECAD-1E9C-4D34-9171-A09C3F2FFB47}
2015-08-23 00:46 - 2015-08-23 05:52 - 00000000 ____D C:\Program Files (x86)\{EF8FEFB6-68E5-42F3-8685-9589D7956E00}
2015-08-23 00:44 - 2015-08-23 00:46 - 00000000 ____D C:\Users\Juan\AppData\Roaming\AdvertismentImages
2015-08-23 00:34 - 2015-08-23 01:12 - 00000000 ____D C:\Users\Juan\Desktop\Er Ist Wieder Da
2015-08-23 00:27 - 2015-08-23 05:16 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Opera Software
2015-08-23 00:27 - 2015-08-23 05:16 - 00000000 ____D C:\Users\Juan\AppData\Local\Opera Software
2015-08-23 00:26 - 2015-08-23 05:17 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-23 00:25 - 2015-08-23 00:25 - 00001206 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-08-23 00:25 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL
2015-08-23 00:23 - 2015-08-23 00:24 - 17089408 _____ (DsNET Corp ) C:\Users\Juan\Downloads\aTube_Catcher_3.8.7980.exe
2015-08-14 02:58 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-14 02:58 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-14 02:58 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-14 02:58 - 2015-06-09 20:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-14 02:57 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-14 02:57 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-14 02:57 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-14 02:57 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-14 02:57 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-14 02:57 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-14 02:57 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-14 02:57 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-14 02:57 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 05:09 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:09 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:42 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 04:42 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 04:42 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 04:42 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 04:42 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 04:42 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 04:42 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 04:42 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 04:42 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 04:42 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 04:42 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 04:42 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 04:41 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 04:41 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 04:41 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 04:41 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 04:41 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 04:41 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 04:41 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 04:41 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 04:41 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 04:41 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 04:41 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 04:41 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 04:41 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 04:41 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 04:41 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 04:41 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 04:41 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 04:41 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 04:41 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 04:41 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 04:41 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 04:41 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 04:41 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 04:41 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 04:41 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 04:41 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 04:41 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 04:41 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 04:41 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 04:39 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 04:39 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 04:39 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 04:39 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 04:39 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 04:39 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 04:39 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 04:39 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 04:39 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 04:36 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 04:36 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 04:35 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 04:35 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 04:35 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 04:35 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 04:35 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 04:35 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 04:35 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 04:35 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 04:35 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 04:35 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 04:35 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 04:35 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 04:35 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 04:35 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 04:35 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 04:35 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 04:35 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 04:35 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 04:35 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 04:35 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-23 19:02 - 2014-09-21 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-08-23 19:02 - 2014-07-27 08:13 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2015-08-23 19:02 - 2014-07-08 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-23 19:01 - 2014-12-12 14:52 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-23 19:01 - 2014-07-27 08:42 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Mp3tag
2015-08-23 19:01 - 2014-07-10 23:10 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-23 19:01 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-23 19:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-23 19:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-23 19:01 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-23 18:16 - 2014-07-08 04:41 - 01512735 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-23 18:15 - 2014-07-08 04:50 - 00000000 ___DO C:\Users\Juan\OneDrive
2015-08-23 18:12 - 2014-07-27 08:14 - 00000340 _____ C:\WINDOWS\Tasks\GlaryInitialize.job
2015-08-23 18:12 - 2014-07-08 05:21 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-23 18:11 - 2013-08-22 16:46 - 00365474 _____ C:\WINDOWS\setupact.log
2015-08-23 18:11 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-23 17:35 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-23 16:43 - 2014-07-08 04:49 - 00000000 ____D C:\Users\Juan\Documents\Bluetooth Folder
2015-08-23 14:28 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-23 14:27 - 2014-07-08 00:16 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-994889132-872104614-2419786447-1002
2015-08-23 13:45 - 2014-07-08 05:02 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F967FD8-5853-43BB-AD22-2750CCFD930B}
2015-08-23 13:45 - 2014-03-18 12:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-23 13:45 - 2014-03-18 11:25 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-08-23 13:45 - 2014-03-18 11:25 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-08-23 05:55 - 2014-03-18 03:50 - 00043140 _____ C:\WINDOWS\PFRO.log
2015-08-23 05:52 - 2014-09-21 20:09 - 00000000 ____D C:\ProgramData\APN
2015-08-23 05:52 - 2014-07-27 08:04 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Systweak
2015-08-23 05:52 - 2014-07-27 08:04 - 00000000 ____D C:\ProgramData\Systweak
2015-08-23 05:52 - 2014-07-08 05:21 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-23 05:52 - 2014-07-08 04:48 - 00001454 _____ C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-23 05:08 - 2013-08-22 16:44 - 00482240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 05:03 - 2014-07-08 04:32 - 00000000 ____D C:\Users\Juan
2015-08-23 04:29 - 2015-03-01 18:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-23 00:25 - 2014-09-21 20:05 - 00000049 _____ C:\WINDOWS\SysWOW64\ScrRecX.log
2015-08-22 22:21 - 2014-07-19 09:35 - 02698752 ___SH C:\Users\Juan\Downloads\Thumbs.db
2015-08-22 13:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-15 18:02 - 2014-11-01 05:09 - 00000000 ____D C:\Users\Juan\Desktop\Norman
2015-08-15 11:20 - 2014-07-08 00:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-15 11:15 - 2014-07-08 00:43 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-08 15:55 - 2015-04-17 21:00 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 15:55 - 2015-04-17 21:00 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-01 22:34 - 2014-07-08 05:23 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-01 22:30 - 2015-07-10 19:28 - 00000000 ___HD C:\$Windows.~BT
2015-07-26 23:56 - 2015-04-05 20:42 - 00000000 ___SD C:\WINDOWS\system32\GWX

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-09-05 18:22 - 2013-09-05 18:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Juan\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Juan\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Juan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Juan\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-04 22:27

==================== Ende von Ergebnis ============================

Addition.txt:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-08-2015
durchgeführt von Juan (2015-08-23 18:22:13)
Gestartet von C:\Users\Juan\Downloads
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-994889132-872104614-2419786447-500 - Administrator - Disabled)
Gast (S-1-5-21-994889132-872104614-2419786447-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-994889132-872104614-2419786447-1006 - Limited - Enabled)
Juan (S-1-5-21-994889132-872104614-2419786447-1002 - Administrator - Enabled) => C:\Users\Juan

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-994889132-872104614-2419786447-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mp3tag v2.61a (HKLM-x32\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.31 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

05-08-2015 16:06:12 Geplanter Prüfpunkt
12-08-2015 05:06:11 Windows Update
15-08-2015 11:12:54 Windows Update
22-08-2015 13:57:44 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01DF85F0-2C3E-4418-86D4-9C63C23ACDFD} - \RegClean Pro -> Keine Datei <==== ACHTUNG
Task: {16D2A44E-6C65-498E-ACC6-A08ECBF30002} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {1CF33A71-ED76-4BAE-9D86-CA3B5BA2A719} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {275EE877-94C2-4621-80B2-65FC9F3C0125} - \Digital Sites -> Keine Datei <==== ACHTUNG
Task: {2ED6F8E5-595F-4AA0-B6D3-A7D17B44E2E3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {45788018-7A97-44BF-B245-78A0D0D5A404} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {51CDA476-333D-4682-AC8F-FED407439FBD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {72AA2B51-7B41-483E-89FD-4EFF915F8478} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {79EF303A-364B-4AD8-A1A1-B7CD68906334} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7BEA3986-3709-487D-A4EC-3EFF832C9C8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {85793506-5F12-4695-96CD-5104C5D3575C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {8883418B-82EC-49FC-B9F1-B840710B0ABC} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {8E5E6550-D743-47E7-8210-9E529730AA38} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-15] (Microsoft Corporation)
Task: {99F0A56C-5002-47F1-B053-BD800B977B82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {BA66737C-91D9-4609-9186-2D3750474D4B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {CFD335E3-D842-4439-B977-88FB4B95EA6C} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {D33D2557-2884-4299-8967-7840469C88DB} - \ASP -> Keine Datei <==== ACHTUNG
Task: {ED1DF44E-4C93-4FA2-B158-06A602E347AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {FC00C62B-A29B-4FCC-9191-904B97C9AB0B} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-03 23:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-08-23 18:20 - 2015-08-23 18:20 - 02173440 _____ () C:\Users\Juan\Downloads\FRST64 (1).exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-23 00:47 - 2015-08-23 00:47 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2013-09-05 18:42 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-08-22 13:57 - 2015-08-18 07:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-22 13:57 - 2015-08-18 07:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2013-09-05 18:00 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-08-22 13:57 - 2015-08-18 07:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Juan\OneDrive:ms-properties

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-994889132-872104614-2419786447-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{69187A02-3A7A-44DF-AE6C-4B51680234DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B4387CEC-44D6-44BD-B827-20C59CD8F23F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB75A681-D599-4929-AD66-808C78DEB882}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{07EE9EDC-DC34-4CDD-AE3B-043B957BDE24}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{3E461B85-F750-4CB8-854E-D183C2BF2F5F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{E61A3D33-5BDF-4F53-974D-4B94782299C0}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{1DBB89DC-1515-4982-AC5A-5A7796F0039C}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9B667351-B64F-42F4-81E1-B935736FE8B1}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1C4E1032-E586-4833-84A2-A4C14A54B930}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{E98ED4CA-2307-4691-A091-E7F260A6D1BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{CDC6BA53-1E74-48A7-BBC6-089303C47362}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{514715CB-36B7-4C93-8BD3-BC3E392B0DD6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{5CB750C9-E639-44B6-9118-9C6356961B70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{10E1D93F-8473-4D5F-AF29-1F305B4B47D7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{03BDBADA-5DEE-42C5-91D4-EDA418312C0F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{B4D65B67-4C01-4041-917B-EFF33B69EF70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{62044434-5CD1-4FC8-B2FA-C3A97673630A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BC6C08A9-BC0A-4E81-8963-B8791C711F46}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{4B3D55A0-A788-41E9-9F13-F061D421ED86}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{75FE2E88-F1F7-47CF-8CB2-64CEA11831A9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{4E39C88B-3BB2-49D4-A7B1-20334C10E9D1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{704BC8DF-1D18-4A02-9C2D-3CC10196EB21}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D81312B6-D82E-4CFF-A5C3-E32AA625AE6E}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{AB0D0C1A-F2C6-4A2F-A433-8ED1F053C885}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{74E97420-0447-414A-8FBD-CB53E734EFDD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8335732E-F2D8-4697-ACED-17A2380A3B63}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2A0321B6-C86E-4A1A-960F-43C4D93C6614}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F9887015-8EF8-4140-9F10-C8BEB56DC707}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{806CD66C-C1C4-4D7F-AF3D-3FA7451D6949}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{7C8FCBF5-D46D-41D0-AD5C-328CBB02AC34}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{682702DF-26DA-44CB-A47C-88D8AE200791}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{22074F6A-CEFB-47A2-830E-B9D44A0B39E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8EB278A8-983A-4693-BD33-9AB09B4580C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1792074B-6436-4A8B-94A6-E608AEB99D1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF085B80-2102-4EE5-8590-E2C9AF2ECE0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A12F69AA-E324-41DF-AAF8-1B3E44703AF6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{C266802D-F25B-47E7-9BD5-DC3408681422}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{9CFA7166-0428-4A81-9246-BEBC8FA7913A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{1CF139D3-F4FD-46CE-A910-DDFC989DA0D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{96108BE6-6FF0-4786-AA8A-E8F35443CD88}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{53175C7E-14A2-4875-B4BF-8567D4A6D373}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{03DD5E90-63C9-45F1-BC2D-6A765872D862}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{20618D90-923D-4954-BD3D-CFEE22B8C13F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8C309626-7DC3-4BF6-B5B2-1000786EF252}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{87949DB4-52F2-4055-87A6-3C141064087F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{99E37507-5983-46FC-8810-CD895A20B31A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D4914DC1-6524-4403-8723-5F5A813E6D98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{36D4E665-2865-4926-9821-B9B1EB3FBEDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{DA834FD4-7849-403C-AB81-3193F929C043}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{029AF522-B226-4AA1-9163-6A6B0E79E0EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{D3C3ADC2-E99C-4C88-BA90-3BAE85C69EC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{AFA484CF-A0F3-41D6-BF1F-3BF30F7634A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{24D4076B-394A-4061-BB83-1C41B993AD8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{843EE1C5-CBB2-4214-934A-AA8D4B6C071F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{A26CDE6B-C4E4-48C5-BD5A-C971EADD2789}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{E0FC80F0-70F4-4F31-A628-5CA9404A856C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB373F64-822E-4705-9A4B-CC1D6CC24D1B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5959E4F9-38A9-4F60-87BE-087CD2030AF9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{8C879BE9-89EB-4E18-A1B5-6E4CFD443DC3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{589A1B66-2CD4-4D11-AF87-7C1665F40922}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{217E164A-86E8-4D6B-8E5C-9F7CC7E35B4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{D1766152-C802-4853-A891-1F25EC9C63FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5ABD3774-BA30-4AF9-83B0-F782BA45FABF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5F215DE-5B06-4C90-A205-3AEA85DB984E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89A02835-C4BF-4909-8A60-B4E71B49632E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F774AAD-E0C7-4C2B-BF01-5403950B3C2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{287AE324-497B-40F0-B1BD-79C14462D81C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{298F585C-AC3D-47EA-A11F-355D00F347C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{FDADB525-0AEC-4EF1-A1E0-CC5FF72DEC0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{C87C2A67-5EA4-4AD6-AA78-FDC6FDCD7941}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{5F4702C9-B5A9-4641-9921-67E94BFA360F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0CAF1D47-7844-4A67-ADB9-35A6D582BA87}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5696ED1A-17DB-4F28-A35C-2C0811C16CA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{BBF2FA5C-790B-41AA-B460-659EC7AE2819}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{AAF2577C-DEFD-4215-B7F5-5B8E614643B8}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [UDP Query User{89753AAE-F651-4090-AE53-A71B3563E2CB}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [TCP Query User{777F4B4E-A26A-4A77-9851-CC38DB06322D}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{280D5E90-03A7-4041-B9EB-96FA27400E3B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{2F6206F2-46FB-40B7-B1D1-3FBAC8605AE6}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{259EF262-B4A0-460A-82A1-AFF192D6CD66}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{76AA361F-0B8D-455C-A857-8F4A6E79ED35}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{D8BA06CB-9270-4DBF-BE5B-591BC317FBDD}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{E118B797-C319-4C3A-9678-5D9102E0CD53}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [UDP Query User{374E1A57-5503-4968-AEB8-695A6582C1E6}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [TCP Query User{8F1F9B09-3D03-4464-BBB6-B580D03544FF}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [UDP Query User{2A4E3A67-7695-4FF4-B344-58C280D3C01F}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [{3BD5364E-3937-47AB-9F1A-9C7AD603E922}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2FE8DB03-5209-4FE2-A919-628856931C3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{1E02EBAC-8A87-440F-9C3A-556C52171980}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{75BE6FC2-05CB-46DE-A382-FF3DCB498E4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{A5619A8B-F17E-417A-838C-8847E49F6A00}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A85719C0-704A-42BD-8579-44114E92429D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [TCP Query User{247A1FBE-08CE-4980-80C0-7CA60DF12074}C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{B38B3A90-C98E-46F4-9C49-5B4EC4C05B7C}C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{A15AC70D-410E-4840-BF70-6CDEE64B312C}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{94E7DCE3-9C5C-4146-91B5-D89CE48163EA}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [{9A34691E-A378-4B45-ACAF-514E4FAFEB4A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{DA4A4344-B613-4B7C-AE8B-B9A82E20707E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{17250BCA-1C4E-4CF0-A4A3-C6181FAE5C7D}C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{FF5EAF2D-6C38-4375-B271-D582F81522FB}C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{A9822AC8-E63A-4DBE-909E-ABD99C227262}C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{0FDE9C0F-6339-412E-BF10-98AED56A11E8}C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{ED8F1C79-40E6-4EED-8EC2-9BEA12D4713D}C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{7EA25382-DBA6-495B-A090-C32F72700EF0}C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{E8BD1182-D288-49DD-9A04-EE6BAFADC349}C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{08444A27-329D-4BFF-A347-1A1D55365C1B}C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{FD5AA5C4-D913-40B6-80DE-9F7ECDF258E9}C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{DAD92DC9-EC0E-42A3-A058-0AB495C41836}C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [{3D5EE7BE-08C8-4AF2-9ED7-8AA18EE749EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{9DE5A7BF-8C91-4AA6-96A6-9C0533D8679F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{4AA320E2-880F-4DAA-A332-B1E9DC99B347}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F904AF00-DE31-4194-B056-8A361D644CAD}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{4B96F101-AEC3-449D-8FCE-75B74F08F513}] => (Allow) C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{529CE85B-ECD8-4B0F-8B94-E2127CA4D2B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{F488197C-0CCE-4028-8ACC-21F637AA852A}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{61603ED3-BBEF-48DE-9E70-4B720D27055D}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{22BF79CE-79AE-4912-904F-CF365F9E7E2A}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F83358C8-CB35-449C-B77A-A08AD01043B0}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{1BA147B1-C99F-45EC-9D68-A955EAD34E19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/23/2015 06:12:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005.

Error: (08/23/2015 05:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 2.1.108.0, Zeitstempel: 0x53613ec5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec4e0
ID des fehlerhaften Prozesses: 0x13f0
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5

Error: (08/23/2015 02:08:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/23/2015 01:45:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7ac

Startzeit: 01d0dd710dda3056

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: 754277c5-498c-11e5-bea9-48d22480dabd

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14328

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14328

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2015 05:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUAN-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/23/2015 05:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUAN-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/23/2015 05:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUAN-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (08/23/2015 05:42:46 PM) (Source: DCOM) (EventID: 10010) (User: JUAN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/23/2015 05:42:46 PM) (Source: DCOM) (EventID: 10010) (User: JUAN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/23/2015 05:42:46 PM) (Source: DCOM) (EventID: 10010) (User: JUAN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/23/2015 05:42:46 PM) (Source: DCOM) (EventID: 10010) (User: JUAN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/23/2015 05:38:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (08/23/2015 05:38:34 PM) (Source: DCOM) (EventID: 10010) (User: JUAN-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (08/23/2015 05:38:34 PM) (Source: DCOM) (EventID: 10010) (User: JUAN-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (08/23/2015 05:38:34 PM) (Source: DCOM) (EventID: 10010) (User: JUAN-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (08/23/2015 05:38:34 PM) (Source: DCOM) (EventID: 10010) (User: JUAN-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (08/23/2015 05:38:30 PM) (Source: DCOM) (EventID: 10010) (User: JUAN-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}


Microsoft Office:
=========================
Error: (08/23/2015 06:12:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Geplanter Prüfpunkt0x80070005

Error: (08/23/2015 05:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe2.1.108.053613ec5KERNELBASE.dll6.3.9600.1793655a68e0cc000014200000000000ec4e013f001d0ddba5bbd38c8C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll99971385-49ad-11e5-beab-48d22480dabd

Error: (08/23/2015 02:08:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/23/2015 01:45:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174157ac01d0dd710dda30564294967295C:\WINDOWS\syswow64\wwahost.exe754277c5-498c-11e5-bea9-48d22480dabdMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14328

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14328

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2015 05:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUAN-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (08/23/2015 05:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUAN-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (08/23/2015 05:54:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUAN-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141


CodeIntegrity:
===================================
  Date: 2015-08-23 18:20:22.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 18:20:22.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:46:09.844
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DnsBlockB.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:46:09.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:46:09.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DnsBlockA.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:46:09.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:28:26.869
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:28:26.486
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-16 23:28:04.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-16 23:28:04.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 7848.27 MB
Verfügbarer physikalischer RAM: 5701.7 MB
Summe virtueller Speicher: 21160.27 MB
Verfügbarer virtueller Speicher: 19147.38 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:914.76 GB) (Free:788.92 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D91B93BA)

Partition: GPT.

==================== Ende von Ergebnis ============================

Juan94 · 23.08.2015, 17:40

Im tdsskiller war oben der Button Report, hier die Datei:

Code:

ATTFilter

18:26:44.0075 0x13c0  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
18:26:44.0075 0x13c0  UEFI system
18:26:48.0746 0x13c0  ============================================================
18:26:48.0746 0x13c0  Current date / time: 2015/08/23 18:26:48.0746
18:26:48.0746 0x13c0  SystemInfo:
18:26:48.0746 0x13c0  
18:26:48.0746 0x13c0  OS Version: 6.3.9600 ServicePack: 0.0
18:26:48.0746 0x13c0  Product type: Workstation
18:26:48.0746 0x13c0  ComputerName: JUAN-PC
18:26:48.0746 0x13c0  UserName: Juan
18:26:48.0746 0x13c0  Windows directory: C:\WINDOWS
18:26:48.0746 0x13c0  System windows directory: C:\WINDOWS
18:26:48.0746 0x13c0  Running under WOW64
18:26:48.0746 0x13c0  Processor architecture: Intel x64
18:26:48.0746 0x13c0  Number of processors: 4
18:26:48.0746 0x13c0  Page size: 0x1000
18:26:48.0746 0x13c0  Boot type: Normal boot
18:26:48.0746 0x13c0  ============================================================
18:26:49.0603 0x13c0  KLMD registered as C:\WINDOWS\system32\drivers\45225699.sys
18:26:50.0830 0x13c0  System UUID: {31D6D4AD-FB82-9F0E-5929-4E6C4F88E321}
18:26:51.0543 0x13c0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:26:51.0543 0x13c0  ============================================================
18:26:51.0543 0x13c0  \Device\Harddisk0\DR0:
18:26:51.0543 0x13c0  GPT partitions:
18:26:51.0543 0x13c0  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1672E914-D099-4E51-A241-AF9FCBB61E61}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
18:26:51.0543 0x13c0  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C837D9A0-7945-4BC2-A833-DDCB7691B1FA}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
18:26:51.0543 0x13c0  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {FEB72373-DBA9-489A-8416-C31AFAED55AA}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
18:26:51.0543 0x13c0  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FAD099C3-6F8E-4B88-A0A4-F12FD96F536D}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x72587000
18:26:51.0543 0x13c0  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4F0B56FF-343B-4E4E-81D3-C2ED2E9BFDED}, Name: , StartLBA 0x72725800, BlocksNum 0xE1000
18:26:51.0543 0x13c0  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {8C42341F-4038-4144-844C-6A48CAFF3796}, Name: Basic data partition, StartLBA 0x72806800, BlocksNum 0x1F00000
18:26:51.0543 0x13c0  MBR partitions:
18:26:51.0543 0x13c0  ============================================================
18:26:51.0543 0x13c0  C: <-> \Device\Harddisk0\DR0\Partition4
18:26:51.0543 0x13c0  ============================================================
18:26:51.0543 0x13c0  Initialize success
18:26:51.0543 0x13c0  ============================================================
18:27:52.0299 0x0b48  ============================================================
18:27:52.0299 0x0b48  Scan started
18:27:52.0299 0x0b48  Mode: Manual; SigCheck; TDLFS; 
18:27:52.0299 0x0b48  ============================================================
18:27:52.0299 0x0b48  KSN ping started
18:27:54.0611 0x0b48  KSN ping finished: true
18:27:58.0295 0x0b48  ================ Scan system memory ========================
18:27:58.0295 0x0b48  System memory - ok
18:27:58.0295 0x0b48  ================ Scan services =============================
18:27:58.0498 0x0b48  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
18:27:58.0545 0x0b48  1394ohci - ok
18:27:58.0560 0x0b48  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
18:27:58.0576 0x0b48  3ware - ok
18:27:58.0623 0x0b48  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
18:27:58.0639 0x0b48  ACPI - ok
18:27:58.0639 0x0b48  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
18:27:58.0654 0x0b48  acpiex - ok
18:27:58.0670 0x0b48  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
18:27:58.0670 0x0b48  acpipagr - ok
18:27:58.0701 0x0b48  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
18:27:58.0701 0x0b48  AcpiPmi - ok
18:27:58.0701 0x0b48  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
18:27:58.0717 0x0b48  acpitime - ok
18:27:58.0748 0x0b48  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
18:27:58.0764 0x0b48  ADP80XX - ok
18:27:58.0795 0x0b48  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
18:27:58.0810 0x0b48  AeLookupSvc - ok
18:27:58.0842 0x0b48  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
18:27:58.0857 0x0b48  AFD - ok
18:27:58.0873 0x0b48  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
18:27:58.0889 0x0b48  agp440 - ok
18:27:58.0904 0x0b48  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
18:27:58.0920 0x0b48  ahcache - ok
18:27:58.0967 0x0b48  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
18:27:58.0967 0x0b48  ALG - ok
18:27:58.0983 0x0b48  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
18:27:58.0998 0x0b48  AmdK8 - ok
18:27:58.0998 0x0b48  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
18:27:59.0014 0x0b48  AmdPPM - ok
18:27:59.0045 0x0b48  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
18:27:59.0061 0x0b48  amdsata - ok
18:27:59.0076 0x0b48  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
18:27:59.0092 0x0b48  amdsbs - ok
18:27:59.0092 0x0b48  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
18:27:59.0108 0x0b48  amdxata - ok
18:27:59.0123 0x0b48  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
18:27:59.0139 0x0b48  AppID - ok
18:27:59.0170 0x0b48  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
18:27:59.0186 0x0b48  AppIDSvc - ok
18:27:59.0217 0x0b48  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
18:27:59.0248 0x0b48  Appinfo - ok
18:27:59.0342 0x0b48  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:27:59.0358 0x0b48  Apple Mobile Device - ok
18:27:59.0404 0x0b48  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
18:27:59.0420 0x0b48  AppReadiness - ok
18:27:59.0592 0x0b48  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
18:27:59.0623 0x0b48  AppXSvc - ok
18:27:59.0654 0x0b48  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
18:27:59.0654 0x0b48  arcsas - ok
18:27:59.0686 0x0b48  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:27:59.0686 0x0b48  AsyncMac - ok
18:27:59.0701 0x0b48  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
18:27:59.0717 0x0b48  atapi - ok
18:27:59.0748 0x0b48  [ 1E71A166547A110CD66EA44326DB4552, F66502ACBB50760EB0A676CB2560A539511935F016CBA2747C554F709D3FA1FE ] AthBTPort       C:\WINDOWS\system32\DRIVERS\btath_flt.sys
18:27:59.0748 0x0b48  AthBTPort - ok
18:27:59.0795 0x0b48  [ 7395FB31E3D1AA09EC5DBE6CE2FFE1D8, 7CD6D7A32C2C9B96B9320662C8B36C3089627A6699C7709153E30F9A79D9B7FD ] AtherosSvc      C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
18:27:59.0795 0x0b48  AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
18:28:03.0111 0x0b48  Detect skipped due to KSN trusted
18:28:03.0111 0x0b48  AtherosSvc - ok
18:28:03.0253 0x0b48  [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\WINDOWS\system32\DRIVERS\athw8x.sys
18:28:03.0323 0x0b48  athr - ok
18:28:03.0349 0x0b48  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:28:03.0360 0x0b48  AudioEndpointBuilder - ok
18:28:03.0390 0x0b48  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
18:28:03.0412 0x0b48  Audiosrv - ok
18:28:03.0452 0x0b48  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
18:28:03.0460 0x0b48  AxInstSV - ok
18:28:03.0502 0x0b48  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
18:28:03.0519 0x0b48  b06bdrv - ok
18:28:03.0554 0x0b48  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:28:03.0562 0x0b48  BasicDisplay - ok
18:28:03.0567 0x0b48  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
18:28:03.0584 0x0b48  BasicRender - ok
18:28:03.0603 0x0b48  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
18:28:03.0607 0x0b48  bcmfn2 - ok
18:28:03.0647 0x0b48  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
18:28:03.0672 0x0b48  BDESVC - ok
18:28:03.0693 0x0b48  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:28:03.0709 0x0b48  Beep - ok
18:28:03.0756 0x0b48  [ EBB435F0140BDEF5CEECCA727F43ECB4, F06276495661F14BD4FFBDEB7E5C48050B6A6CBAC67B2B580170A3DCADBF7B08 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
18:28:03.0787 0x0b48  BEService - ok
18:28:03.0865 0x0b48  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
18:28:03.0881 0x0b48  BFE - ok
18:28:04.0022 0x0b48  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
18:28:04.0037 0x0b48  BITS - ok
18:28:04.0115 0x0b48  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:28:04.0147 0x0b48  Bonjour Service - ok
18:28:04.0193 0x0b48  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
18:28:04.0209 0x0b48  bowser - ok
18:28:04.0272 0x0b48  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:28:04.0287 0x0b48  BrokerInfrastructure - ok
18:28:04.0334 0x0b48  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
18:28:04.0334 0x0b48  Browser - ok
18:28:04.0381 0x0b48  [ C8DD6CF775A7587333EBC74D383E2AC9, 9961196EE1E7A4F54CBE2A4C53A9A1B4243E3C2B3D4C4224A7A87B326E63CEDE ] BTATH_A2DP      C:\WINDOWS\system32\drivers\btath_a2dp.sys
18:28:04.0412 0x0b48  BTATH_A2DP - ok
18:28:04.0428 0x0b48  [ E54B63E59E66EE813AC974CF499DC55D, E08E180FC2172D7D75E7995F3E36229D63A51B0ED393D994AC608CD77E8D2160 ] btath_avdt      C:\WINDOWS\system32\drivers\btath_avdt.sys
18:28:04.0428 0x0b48  btath_avdt - ok
18:28:04.0459 0x0b48  [ C6978F7EBA6F37D626482AC6B9390630, B4BF939AB9962A61DE9518604C20347DC2A6FCDCEB3D8AEF295AF12E6F2CDCF3 ] BTATH_BUS       C:\WINDOWS\System32\drivers\btath_bus.sys
18:28:04.0459 0x0b48  BTATH_BUS - ok
18:28:04.0475 0x0b48  [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP      C:\WINDOWS\System32\drivers\btath_hcrp.sys
18:28:04.0490 0x0b48  BTATH_HCRP - ok
18:28:04.0506 0x0b48  [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT     C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
18:28:04.0506 0x0b48  BTATH_LWFLT - ok
18:28:04.0537 0x0b48  [ A6019537D6125099363F90D0C6D181F9, CA0C46AABBF71E2A29C93A477A06D33E3CACC84978DD9D729BEFB339E50D7055 ] BTATH_RCP       C:\WINDOWS\System32\drivers\btath_rcp.sys
18:28:04.0568 0x0b48  BTATH_RCP - ok
18:28:04.0662 0x0b48  [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
18:28:04.0678 0x0b48  BtFilter - ok
18:28:04.0709 0x0b48  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:28:04.0709 0x0b48  BthAvrcpTg - ok
18:28:04.0725 0x0b48  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
18:28:04.0740 0x0b48  BthEnum - ok
18:28:04.0756 0x0b48  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
18:28:04.0772 0x0b48  BthHFEnum - ok
18:28:04.0772 0x0b48  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
18:28:04.0772 0x0b48  bthhfhid - ok
18:28:04.0818 0x0b48  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
18:28:04.0834 0x0b48  BthHFSrv - ok
18:28:04.0850 0x0b48  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
18:28:04.0865 0x0b48  BthLEEnum - ok
18:28:04.0881 0x0b48  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
18:28:04.0881 0x0b48  BTHMODEM - ok
18:28:04.0912 0x0b48  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
18:28:04.0912 0x0b48  BthPan - ok
18:28:04.0975 0x0b48  [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
18:28:05.0006 0x0b48  BTHPORT - ok
18:28:05.0022 0x0b48  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
18:28:05.0038 0x0b48  bthserv - ok
18:28:05.0053 0x0b48  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
18:28:05.0069 0x0b48  BTHUSB - ok
18:28:05.0178 0x0b48  [ 843F5EFF90A988617C5FFD8596A2B571, 69FF9731876E1CBA4BBF00557F0CBC73247165F8EB45F45A55CC0178A7B90D44 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
18:28:05.0225 0x0b48  CCDMonitorService - ok
18:28:05.0268 0x0b48  [ E41F70406C34F1CB667B4B27D81AD162, 8869C7EB9CBF68B90640765D15DB5B8DACEF45025C1E580AA94D96E32560274B ] ccSet_NARA      C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
18:28:05.0276 0x0b48  ccSet_NARA - ok
18:28:05.0292 0x0b48  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:28:05.0301 0x0b48  cdfs - ok
18:28:05.0331 0x0b48  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
18:28:05.0340 0x0b48  cdrom - ok
18:28:05.0359 0x0b48  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
18:28:05.0375 0x0b48  CertPropSvc - ok
18:28:05.0406 0x0b48  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
18:28:05.0406 0x0b48  circlass - ok
18:28:05.0440 0x0b48  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
18:28:05.0453 0x0b48  CLFS - ok
18:28:05.0709 0x0b48  [ EC44010BAFA116B6ED200AB18A29E560, 0261CBABF18158FB836DB4569201035F702A5CE27C64551E29C2AC4BC6C3851C ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
18:28:05.0758 0x0b48  ClickToRunSvc - ok
18:28:05.0789 0x0b48  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
18:28:05.0789 0x0b48  CmBatt - ok
18:28:05.0820 0x0b48  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
18:28:05.0836 0x0b48  CNG - ok
18:28:05.0867 0x0b48  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
18:28:05.0883 0x0b48  CompositeBus - ok
18:28:05.0883 0x0b48  COMSysApp - ok
18:28:05.0914 0x0b48  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
18:28:05.0930 0x0b48  condrv - ok
18:28:05.0992 0x0b48  [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
18:28:06.0023 0x0b48  cphs - ok
18:28:06.0070 0x0b48  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
18:28:06.0086 0x0b48  CryptSvc - ok
18:28:06.0102 0x0b48  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
18:28:06.0117 0x0b48  dam - ok
18:28:06.0180 0x0b48  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:28:06.0211 0x0b48  DcomLaunch - ok
18:28:06.0258 0x0b48  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
18:28:06.0273 0x0b48  defragsvc - ok
18:28:06.0320 0x0b48  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:28:06.0336 0x0b48  DeviceAssociationService - ok
18:28:06.0367 0x0b48  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
18:28:06.0383 0x0b48  DeviceInstall - ok
18:28:06.0427 0x0b48  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
18:28:06.0436 0x0b48  Dfsc - ok
18:28:06.0455 0x0b48  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
18:28:06.0460 0x0b48  dg_ssudbus - ok
18:28:06.0493 0x0b48  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
18:28:06.0493 0x0b48  Dhcp - ok
18:28:06.0553 0x0b48  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
18:28:06.0584 0x0b48  DiagTrack - ok
18:28:06.0609 0x0b48  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
18:28:06.0624 0x0b48  disk - ok
18:28:06.0686 0x0b48  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
18:28:06.0709 0x0b48  dmvsc - ok
18:28:06.0741 0x0b48  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:28:06.0768 0x0b48  Dnscache - ok
18:28:06.0805 0x0b48  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:28:06.0816 0x0b48  dot3svc - ok
18:28:06.0854 0x0b48  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
18:28:06.0865 0x0b48  DPS - ok
18:28:06.0893 0x0b48  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:28:06.0900 0x0b48  drmkaud - ok
18:28:06.0940 0x0b48  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
18:28:06.0951 0x0b48  DsmSvc - ok
18:28:07.0157 0x0b48  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:28:07.0204 0x0b48  DXGKrnl - ok
18:28:07.0235 0x0b48  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
18:28:07.0251 0x0b48  Eaphost - ok
18:28:07.0376 0x0b48  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
18:28:07.0438 0x0b48  ebdrv - ok
18:28:07.0470 0x0b48  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
18:28:07.0485 0x0b48  EFS - ok
18:28:07.0517 0x0b48  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
18:28:07.0517 0x0b48  EhStorClass - ok
18:28:07.0548 0x0b48  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:28:07.0548 0x0b48  EhStorTcgDrv - ok
18:28:07.0673 0x0b48  [ 138690A45CE2EE341D00A86AFF44D95F, 79230ED8285E5A9FCB7A6C3EFE64E1BAEBC64018394F9E8849A493F4ADA5C006 ] ePowerSvc       C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
18:28:07.0688 0x0b48  ePowerSvc - ok
18:28:07.0704 0x0b48  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
18:28:07.0720 0x0b48  ErrDev - ok
18:28:07.0767 0x0b48  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
18:28:07.0813 0x0b48  EventSystem - ok
18:28:07.0860 0x0b48  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
18:28:07.0892 0x0b48  exfat - ok
18:28:07.0907 0x0b48  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
18:28:07.0923 0x0b48  fastfat - ok
18:28:07.0954 0x0b48  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
18:28:07.0985 0x0b48  Fax - ok
18:28:08.0001 0x0b48  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
18:28:08.0001 0x0b48  fdc - ok
18:28:08.0048 0x0b48  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
18:28:08.0063 0x0b48  fdPHost - ok
18:28:08.0095 0x0b48  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
18:28:08.0126 0x0b48  FDResPub - ok
18:28:08.0157 0x0b48  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
18:28:08.0173 0x0b48  fhsvc - ok
18:28:08.0204 0x0b48  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
18:28:08.0204 0x0b48  FileInfo - ok
18:28:08.0220 0x0b48  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
18:28:08.0235 0x0b48  Filetrace - ok
18:28:08.0235 0x0b48  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
18:28:08.0251 0x0b48  flpydisk - ok
18:28:08.0282 0x0b48  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:28:08.0298 0x0b48  FltMgr - ok
18:28:08.0376 0x0b48  [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache       C:\WINDOWS\system32\FntCache.dll
18:28:08.0407 0x0b48  FontCache - ok
18:28:08.0532 0x0b48  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:28:08.0548 0x0b48  FontCache3.0.0.0 - ok
18:28:08.0579 0x0b48  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
18:28:08.0610 0x0b48  FsDepends - ok
18:28:08.0642 0x0b48  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:28:08.0642 0x0b48  Fs_Rec - ok
18:28:08.0704 0x0b48  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:28:08.0735 0x0b48  fvevol - ok
18:28:08.0751 0x0b48  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
18:28:08.0751 0x0b48  FxPPM - ok
18:28:08.0782 0x0b48  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
18:28:08.0782 0x0b48  gagp30kx - ok
18:28:08.0892 0x0b48  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:28:08.0907 0x0b48  GamesAppService - ok
18:28:08.0923 0x0b48  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:28:08.0923 0x0b48  GEARAspiWDM - ok
18:28:08.0954 0x0b48  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
18:28:08.0954 0x0b48  gencounter - ok
18:28:08.0985 0x0b48  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:28:09.0001 0x0b48  GPIOClx0101 - ok
18:28:09.0079 0x0b48  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
18:28:09.0110 0x0b48  gpsvc - ok
18:28:09.0173 0x0b48  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:09.0188 0x0b48  gupdate - ok
18:28:09.0188 0x0b48  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:09.0204 0x0b48  gupdatem - ok
18:28:09.0235 0x0b48  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
18:28:09.0235 0x0b48  HDAudBus - ok
18:28:09.0267 0x0b48  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
18:28:09.0267 0x0b48  HidBatt - ok
18:28:09.0298 0x0b48  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
18:28:09.0313 0x0b48  HidBth - ok
18:28:09.0329 0x0b48  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
18:28:09.0329 0x0b48  hidi2c - ok
18:28:09.0360 0x0b48  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
18:28:09.0360 0x0b48  HidIr - ok
18:28:09.0392 0x0b48  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
18:28:09.0407 0x0b48  hidserv - ok
18:28:09.0439 0x0b48  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
18:28:09.0439 0x0b48  HidUsb - ok
18:28:09.0470 0x0b48  [ 852681A14AFEE00C0C3179429A08C868, 405B26901E066062E424768662FF9E9009C8D381E9D41167B0024CB6DE348895 ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
18:28:09.0485 0x0b48  HipShieldK - ok
18:28:09.0501 0x0b48  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
18:28:09.0517 0x0b48  hkmsvc - ok
18:28:09.0563 0x0b48  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:28:09.0579 0x0b48  HomeGroupListener - ok
18:28:09.0626 0x0b48  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:28:09.0657 0x0b48  HomeGroupProvider - ok
18:28:09.0704 0x0b48  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
18:28:09.0704 0x0b48  HpSAMD - ok
18:28:09.0782 0x0b48  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
18:28:09.0798 0x0b48  HTTP - ok
18:28:09.0829 0x0b48  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
18:28:09.0845 0x0b48  hwpolicy - ok
18:28:09.0845 0x0b48  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
18:28:09.0860 0x0b48  hyperkbd - ok
18:28:09.0876 0x0b48  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:28:09.0876 0x0b48  HyperVideo - ok
18:28:09.0907 0x0b48  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
18:28:09.0907 0x0b48  i8042prt - ok
18:28:09.0923 0x0b48  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:28:09.0923 0x0b48  iaLPSSi_GPIO - ok
18:28:09.0939 0x0b48  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:28:09.0939 0x0b48  iaLPSSi_I2C - ok
18:28:10.0017 0x0b48  [ B9E489CC1EA3284FEED33799DC70612D, 0DD714A3A37C391B38F4EEEB3F85C3C3C056F4AAB4A5EFA63835AD967BC25B51 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
18:28:10.0032 0x0b48  iaStorA - ok
18:28:10.0048 0x0b48  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
18:28:10.0064 0x0b48  iaStorAV - ok
18:28:10.0079 0x0b48  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
18:28:10.0095 0x0b48  iaStorV - ok
18:28:10.0095 0x0b48  IEEtwCollectorService - ok
18:28:10.0236 0x0b48  [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
18:28:10.0314 0x0b48  igfx - ok
18:28:10.0345 0x0b48  [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
18:28:10.0361 0x0b48  igfxCUIService1.0.0.0 - ok
18:28:10.0407 0x0b48  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
18:28:10.0439 0x0b48  IKEEXT - ok
18:28:10.0454 0x0b48  [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
18:28:10.0470 0x0b48  intaud_WaveExtensible - ok
18:28:10.0595 0x0b48  [ 443E340366681EFCAA7B95512EA18733, EA17A9B3B954182C99D6C1A1CD9217AC03A9718BD784FA1B5E91DF26C4ED7183 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:28:10.0657 0x0b48  IntcAzAudAddService - ok
18:28:10.0689 0x0b48  [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:28:10.0704 0x0b48  IntcDAud - ok
18:28:10.0814 0x0b48  [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:28:10.0829 0x0b48  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
18:28:13.0189 0x0b48  Detect skipped due to KSN trusted
18:28:13.0189 0x0b48  Intel(R) Capability Licensing Service Interface - ok
18:28:13.0236 0x0b48  [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:28:13.0267 0x0b48  Intel(R) Capability Licensing Service TCP IP Interface - ok
18:28:13.0329 0x0b48  [ 726BFAF3DC2071218F0AE53C919A4D3B, 7934BB42C16F1DAA80AB92FA4AF4BFDD2B8AF73EF55D95950E4A77DBB3DCBF4A ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:28:13.0361 0x0b48  Intel(R) ME Service - ok
18:28:13.0392 0x0b48  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
18:28:13.0407 0x0b48  intelide - ok
18:28:13.0439 0x0b48  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
18:28:13.0439 0x0b48  intelpep - ok
18:28:13.0470 0x0b48  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
18:28:13.0486 0x0b48  intelppm - ok
18:28:13.0501 0x0b48  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:28:13.0501 0x0b48  IpFilterDriver - ok
18:28:13.0579 0x0b48  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
18:28:13.0611 0x0b48  iphlpsvc - ok
18:28:13.0642 0x0b48  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:28:13.0642 0x0b48  IPMIDRV - ok
18:28:13.0657 0x0b48  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
18:28:13.0657 0x0b48  IPNAT - ok
18:28:13.0704 0x0b48  [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:28:13.0720 0x0b48  iPod Service - ok
18:28:13.0751 0x0b48  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
18:28:13.0751 0x0b48  IRENUM - ok
18:28:13.0767 0x0b48  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
18:28:13.0782 0x0b48  isapnp - ok
18:28:13.0829 0x0b48  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
18:28:13.0829 0x0b48  iScsiPrt - ok
18:28:13.0861 0x0b48  [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
18:28:13.0861 0x0b48  iwdbus - ok
18:28:13.0892 0x0b48  [ 1128B38EEC9DAF1B36373B65E87C00A3, 071E9454B9B442C2C3272FBC1AE5E92911A23CDB99F1C718C34067A70B99F910 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:28:13.0907 0x0b48  jhi_service - ok
18:28:13.0939 0x0b48  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
18:28:13.0954 0x0b48  kbdclass - ok
18:28:13.0970 0x0b48  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
18:28:13.0970 0x0b48  kbdhid - ok
18:28:14.0001 0x0b48  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:28:14.0017 0x0b48  kdnic - ok
18:28:14.0032 0x0b48  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
18:28:14.0032 0x0b48  KeyIso - ok
18:28:14.0064 0x0b48  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
18:28:14.0079 0x0b48  KSecDD - ok
18:28:14.0111 0x0b48  [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:28:14.0126 0x0b48  KSecPkg - ok
18:28:14.0126 0x0b48  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
18:28:14.0142 0x0b48  ksthunk - ok
18:28:14.0157 0x0b48  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
18:28:14.0173 0x0b48  KtmRm - ok
18:28:14.0204 0x0b48  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
18:28:14.0220 0x0b48  LanmanServer - ok
18:28:14.0251 0x0b48  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:28:14.0267 0x0b48  LanmanWorkstation - ok
18:28:14.0282 0x0b48  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
18:28:14.0298 0x0b48  lfsvc - ok
18:28:14.0314 0x0b48  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:28:14.0329 0x0b48  lltdio - ok
18:28:14.0361 0x0b48  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
18:28:14.0376 0x0b48  lltdsvc - ok
18:28:14.0407 0x0b48  [ 95DD1E89A772A383E0FDC677A2E2ED44, 94701ACC1F4D5422CB7084609BC25D34A05F68829DB5030AA6697BD7DBC3B0B2 ] LMDriver        C:\WINDOWS\System32\drivers\LMDriver.sys
18:28:14.0407 0x0b48  LMDriver - ok
18:28:14.0439 0x0b48  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
18:28:14.0439 0x0b48  lmhosts - ok
18:28:14.0501 0x0b48  [ 60471C88EB4906DB0C2026B3290EE4B6, D51752E4149A5BA578BF9F8DA83443BFF0719BAA34D91BD938DAC831BC0BA6DC ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:28:14.0517 0x0b48  LMS - ok
18:28:14.0579 0x0b48  [ 287979F25EBBE306F1D972643D273905, 6C62706A8CF03017F3A0D55134D02111C3E1E765EE18AD2199852E00DB3987FC ] LMSvc           C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
18:28:14.0595 0x0b48  LMSvc - ok
18:28:14.0626 0x0b48  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
18:28:14.0626 0x0b48  LSI_SAS - ok
18:28:14.0642 0x0b48  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:28:14.0657 0x0b48  LSI_SAS2 - ok
18:28:14.0673 0x0b48  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
18:28:14.0689 0x0b48  LSI_SAS3 - ok
18:28:14.0689 0x0b48  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
18:28:14.0704 0x0b48  LSI_SSS - ok
18:28:14.0736 0x0b48  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
18:28:14.0751 0x0b48  LSM - ok
18:28:14.0798 0x0b48  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
18:28:14.0829 0x0b48  luafv - ok
18:28:14.0845 0x0b48  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
18:28:14.0845 0x0b48  MBAMProtector - ok
18:28:14.0923 0x0b48  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
18:28:14.0954 0x0b48  MBAMService - ok
18:28:15.0017 0x0b48  [ 8F22037D3F5A6BB676525D825A1388B9, 2AAC748D46136DFA1BE45150BF0AB7707D45391CAC1F63B964D341D11B135C91 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:28:15.0033 0x0b48  MBAMSwissArmy - ok
18:28:15.0064 0x0b48  [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
18:28:15.0079 0x0b48  MBAMWebAccessControl - ok
18:28:15.0126 0x0b48  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
18:28:15.0142 0x0b48  megasas - ok
18:28:15.0158 0x0b48  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
18:28:15.0189 0x0b48  megasr - ok
18:28:15.0220 0x0b48  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
18:28:15.0220 0x0b48  MEIx64 - ok
18:28:15.0283 0x0b48  [ 9C9FC3770BD600B2D761D666234C244D, AB9B5CE715CAD148B9DC980F13CF2C2CC81626C716A7C5C31E339CDB02E44A48 ] mfencbdc        C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
18:28:15.0298 0x0b48  mfencbdc - ok
18:28:15.0329 0x0b48  [ 93241CC8509B622B47EEA1B8505CF511, 4A68F25134506638879EDFE92BFB7C5EC7C720BE5FDB7F36344949F86B0ADEB6 ] mfencrk         C:\WINDOWS\system32\DRIVERS\mfencrk.sys
18:28:15.0329 0x0b48  mfencrk - ok
18:28:15.0376 0x0b48  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
18:28:15.0392 0x0b48  MMCSS - ok
18:28:15.0392 0x0b48  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
18:28:15.0408 0x0b48  Modem - ok
18:28:15.0439 0x0b48  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
18:28:15.0439 0x0b48  monitor - ok
18:28:15.0455 0x0b48  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
18:28:15.0470 0x0b48  mouclass - ok
18:28:15.0486 0x0b48  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
18:28:15.0486 0x0b48  mouhid - ok
18:28:15.0533 0x0b48  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
18:28:15.0533 0x0b48  mountmgr - ok
18:28:15.0564 0x0b48  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
18:28:15.0579 0x0b48  mpsdrv - ok
18:28:15.0642 0x0b48  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
18:28:15.0658 0x0b48  MpsSvc - ok
18:28:15.0689 0x0b48  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
18:28:15.0689 0x0b48  MRxDAV - ok
18:28:15.0720 0x0b48  [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:28:15.0736 0x0b48  mrxsmb - ok
18:28:15.0767 0x0b48  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:28:15.0783 0x0b48  mrxsmb10 - ok
18:28:15.0798 0x0b48  [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:28:15.0798 0x0b48  mrxsmb20 - ok
18:28:15.0830 0x0b48  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
18:28:15.0845 0x0b48  MsBridge - ok
18:28:15.0861 0x0b48  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
18:28:15.0876 0x0b48  MSDTC - ok
18:28:15.0908 0x0b48  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:28:15.0939 0x0b48  Msfs - ok
18:28:15.0955 0x0b48  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:28:15.0955 0x0b48  msgpiowin32 - ok
18:28:15.0970 0x0b48  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:28:15.0986 0x0b48  mshidkmdf - ok
18:28:15.0986 0x0b48  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
18:28:16.0001 0x0b48  mshidumdf - ok
18:28:16.0017 0x0b48  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
18:28:16.0017 0x0b48  msisadrv - ok
18:28:16.0064 0x0b48  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
18:28:16.0064 0x0b48  MSiSCSI - ok
18:28:16.0064 0x0b48  msiserver - ok
18:28:16.0079 0x0b48  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:28:16.0095 0x0b48  MSKSSRV - ok
18:28:16.0111 0x0b48  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:28:16.0126 0x0b48  MsLldp - ok
18:28:16.0142 0x0b48  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:28:16.0142 0x0b48  MSPCLOCK - ok
18:28:16.0173 0x0b48  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:28:16.0189 0x0b48  MSPQM - ok
18:28:16.0283 0x0b48  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
18:28:16.0298 0x0b48  MsRPC - ok
18:28:16.0330 0x0b48  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
18:28:16.0361 0x0b48  mssmbios - ok
18:28:16.0361 0x0b48  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:28:16.0376 0x0b48  MSTEE - ok
18:28:16.0392 0x0b48  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
18:28:16.0392 0x0b48  MTConfig - ok
18:28:16.0423 0x0b48  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
18:28:16.0423 0x0b48  Mup - ok
18:28:16.0439 0x0b48  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
18:28:16.0439 0x0b48  mvumis - ok
18:28:16.0470 0x0b48  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
18:28:16.0486 0x0b48  napagent - ok
18:28:16.0533 0x0b48  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:28:16.0548 0x0b48  NativeWifiP - ok
18:28:16.0595 0x0b48  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        c:\Program Files (x86)\Nero\Update\NASvc.exe
18:28:16.0611 0x0b48  NAUpdate - ok
18:28:16.0642 0x0b48  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
18:28:16.0673 0x0b48  NcaSvc - ok
18:28:16.0720 0x0b48  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
18:28:16.0736 0x0b48  NcbService - ok
18:28:16.0767 0x0b48  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
18:28:16.0783 0x0b48  NcdAutoSetup - ok
18:28:16.0861 0x0b48  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
18:28:16.0892 0x0b48  NDIS - ok
18:28:16.0908 0x0b48  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:28:16.0908 0x0b48  NdisCap - ok
18:28:16.0939 0x0b48  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:28:16.0954 0x0b48  NdisImPlatform - ok
18:28:16.0986 0x0b48  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:28:16.0986 0x0b48  NdisTapi - ok
18:28:17.0017 0x0b48  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:28:17.0017 0x0b48  Ndisuio - ok
18:28:17.0033 0x0b48  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:28:17.0048 0x0b48  NdisVirtualBus - ok
18:28:17.0064 0x0b48  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:28:17.0064 0x0b48  NdisWan - ok
18:28:17.0080 0x0b48  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:28:17.0095 0x0b48  NdisWanLegacy - ok
18:28:17.0127 0x0b48  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:28:17.0142 0x0b48  NDProxy - ok
18:28:17.0158 0x0b48  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
18:28:17.0173 0x0b48  Ndu - ok
18:28:17.0189 0x0b48  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:28:17.0205 0x0b48  NetBIOS - ok
18:28:17.0220 0x0b48  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:28:17.0236 0x0b48  NetBT - ok
18:28:17.0252 0x0b48  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:28:17.0252 0x0b48  Netlogon - ok
18:28:17.0298 0x0b48  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
18:28:17.0298 0x0b48  Netman - ok
18:28:17.0345 0x0b48  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
18:28:17.0361 0x0b48  netprofm - ok
18:28:17.0423 0x0b48  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:17.0455 0x0b48  NetTcpPortSharing - ok
18:28:17.0470 0x0b48  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
18:28:17.0486 0x0b48  netvsc - ok
18:28:17.0517 0x0b48  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
18:28:17.0533 0x0b48  NlaSvc - ok
18:28:17.0658 0x0b48  [ 9B70CE32DD84A674B100BEA37F756016, 4B52FDA1FB24B02AE149AC70F46F3605B85A2A8AC5B948260BF53A5F076A674A ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:28:17.0720 0x0b48  NOBU - ok
18:28:17.0752 0x0b48  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:28:17.0767 0x0b48  Npfs - ok
18:28:17.0798 0x0b48  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
18:28:17.0798 0x0b48  npsvctrig - ok
18:28:17.0814 0x0b48  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
18:28:17.0830 0x0b48  nsi - ok
18:28:17.0861 0x0b48  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
18:28:17.0861 0x0b48  nsiproxy - ok
18:28:17.0939 0x0b48  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:28:18.0017 0x0b48  Ntfs - ok
18:28:18.0033 0x0b48  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:28:18.0048 0x0b48  Null - ok
18:28:18.0329 0x0b48  [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
18:28:18.0516 0x0b48  nvlddmkm - ok
18:28:18.0641 0x0b48  [ C22ADABFABBC2B7AC189C87D87B1ABD6, 20886F806C1C02FA8BAA8B76AFCC32C40FA51921ED8D97F592DF9F92BFA933EE ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
18:28:18.0672 0x0b48  NvNetworkService - ok
18:28:18.0688 0x0b48  [ F76296368BB813E0C6996501A3271C7C, FA1C127F881C09C5066CB83A686AFD7A40D731922185EA4001A52ABA230FD812 ] nvpciflt        C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
18:28:18.0688 0x0b48  nvpciflt - ok
18:28:18.0735 0x0b48  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
18:28:18.0735 0x0b48  nvraid - ok
18:28:18.0751 0x0b48  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
18:28:18.0766 0x0b48  nvstor - ok
18:28:18.0797 0x0b48  [ A88135181D776F8C18550A589A9CAF2D, 47CA5246A55198BA5DEDD34C93A3C5E2DF0EED29ADA3F27AB963857116B6048E ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
18:28:18.0797 0x0b48  NvStreamKms - ok
18:28:18.0813 0x0b48  NvStreamSvc - ok
18:28:18.0876 0x0b48  [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
18:28:18.0891 0x0b48  nvsvc - ok
18:28:18.0922 0x0b48  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
18:28:18.0922 0x0b48  nvvad_WaveExtensible - ok
18:28:18.0938 0x0b48  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
18:28:18.0938 0x0b48  nv_agp - ok
18:28:18.0969 0x0b48  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:28:18.0985 0x0b48  ose - ok
18:28:19.0016 0x0b48  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
18:28:19.0032 0x0b48  p2pimsvc - ok
18:28:19.0094 0x0b48  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
18:28:19.0110 0x0b48  p2psvc - ok
18:28:19.0126 0x0b48  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
18:28:19.0141 0x0b48  Parport - ok
18:28:19.0157 0x0b48  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
18:28:19.0172 0x0b48  partmgr - ok
18:28:19.0219 0x0b48  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
18:28:19.0219 0x0b48  PcaSvc - ok
18:28:19.0266 0x0b48  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
18:28:19.0266 0x0b48  pci - ok
18:28:19.0297 0x0b48  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
18:28:19.0313 0x0b48  pciide - ok
18:28:19.0329 0x0b48  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
18:28:19.0329 0x0b48  pcmcia - ok
18:28:19.0344 0x0b48  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
18:28:19.0344 0x0b48  pcw - ok
18:28:19.0376 0x0b48  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
18:28:19.0376 0x0b48  pdc - ok
18:28:19.0422 0x0b48  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
18:28:19.0438 0x0b48  PEAUTH - ok
18:28:19.0516 0x0b48  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
18:28:19.0516 0x0b48  PerfHost - ok
18:28:19.0610 0x0b48  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
18:28:19.0641 0x0b48  pla - ok
18:28:19.0672 0x0b48  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
18:28:19.0688 0x0b48  PlugPlay - ok
18:28:19.0719 0x0b48  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
18:28:19.0719 0x0b48  PNRPAutoReg - ok
18:28:19.0735 0x0b48  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
18:28:19.0751 0x0b48  PNRPsvc - ok
18:28:19.0782 0x0b48  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
18:28:19.0797 0x0b48  PolicyAgent - ok
18:28:19.0829 0x0b48  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
18:28:19.0844 0x0b48  Power - ok
18:28:19.0876 0x0b48  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:28:19.0876 0x0b48  PptpMiniport - ok
18:28:20.0001 0x0b48  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:28:20.0063 0x0b48  PrintNotify - ok
18:28:20.0094 0x0b48  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
18:28:20.0126 0x0b48  Processor - ok
18:28:20.0157 0x0b48  [ C8D39A07CAD9EF1C86BD5D7CAC98DA54, 10146D1E023D9BC5B8CBAADE6A70D87A41BDABAA44D812B609C13563DF25527A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
18:28:20.0172 0x0b48  ProfSvc - ok
18:28:20.0204 0x0b48  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
18:28:20.0219 0x0b48  Psched - ok
18:28:20.0235 0x0b48  [ A5B22EACF1DA28E19CC9F80D37978657, 9543615574D540AC825DBE8D1581DFC8CC0B7A1113420903F6747E3789EEACDA ] QRDCIO          C:\WINDOWS\System32\drivers\QRDCIO.sys
18:28:20.0235 0x0b48  QRDCIO - ok
18:28:20.0297 0x0b48  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
18:28:20.0313 0x0b48  QWAVE - ok
18:28:20.0344 0x0b48  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
18:28:20.0360 0x0b48  QWAVEdrv - ok
18:28:20.0376 0x0b48  [ E94067155C8AA4EF134CB2528E0C9CD7, 6EEF603F64827AB138930DFE379BF8E48E64AE8AA5EE7B9E0CA369022BAAA2EA ] RadioShim       C:\WINDOWS\System32\drivers\RadioShim.sys
18:28:20.0376 0x0b48  RadioShim - ok
18:28:20.0391 0x0b48  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:28:20.0391 0x0b48  RasAcd - ok
18:28:20.0422 0x0b48  [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
18:28:20.0438 0x0b48  RasAgileVpn - ok
18:28:20.0485 0x0b48  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:28:20.0516 0x0b48  RasAuto - ok
18:28:20.0532 0x0b48  [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:28:20.0532 0x0b48  Rasl2tp - ok
18:28:20.0579 0x0b48  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:28:20.0594 0x0b48  RasMan - ok
18:28:20.0610 0x0b48  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:28:20.0610 0x0b48  RasPppoe - ok
18:28:20.0641 0x0b48  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
18:28:20.0657 0x0b48  RasSstp - ok
18:28:20.0704 0x0b48  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:28:20.0704 0x0b48  rdbss - ok
18:28:20.0735 0x0b48  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
18:28:20.0751 0x0b48  rdpbus - ok
18:28:20.0766 0x0b48  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
18:28:20.0766 0x0b48  RDPDR - ok
18:28:20.0797 0x0b48  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:28:20.0797 0x0b48  RdpVideoMiniport - ok
18:28:20.0829 0x0b48  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
18:28:20.0829 0x0b48  rdyboost - ok
18:28:20.0876 0x0b48  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
18:28:21.0016 0x0b48  ReFS - ok
18:28:21.0032 0x0b48  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:28:21.0047 0x0b48  RemoteAccess - ok
18:28:21.0079 0x0b48  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:28:21.0079 0x0b48  RemoteRegistry - ok
18:28:21.0126 0x0b48  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
18:28:21.0157 0x0b48  RFCOMM - ok
18:28:21.0173 0x0b48  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
18:28:21.0188 0x0b48  RpcEptMapper - ok
18:28:21.0204 0x0b48  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:28:21.0204 0x0b48  RpcLocator - ok
18:28:21.0251 0x0b48  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:28:21.0282 0x0b48  RpcSs - ok
18:28:21.0313 0x0b48  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:28:21.0329 0x0b48  rspndr - ok
18:28:21.0360 0x0b48  [ BC1FD4C82BF2922A8A6E8661DD1B8CE8, 254A790F0F10AD15C7C585D2918D4333C577EED848BA9FE4E2C4498E32494418 ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
18:28:21.0391 0x0b48  RTL8168 - ok
18:28:21.0407 0x0b48  [ C3FCFB3072F5AB95C31D4E80978C3CA1, 5F08B8A0151EC30594E12F432B2F3DA81DF1DB8E034DD032760FDB25B6B4FACA ] RTSPER          C:\WINDOWS\system32\DRIVERS\RtsPer.sys
18:28:21.0422 0x0b48  RTSPER - ok
18:28:21.0438 0x0b48  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
18:28:21.0438 0x0b48  s3cap - ok
18:28:21.0469 0x0b48  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
18:28:21.0469 0x0b48  SamSs - ok
18:28:21.0501 0x0b48  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
18:28:21.0501 0x0b48  sbp2port - ok
18:28:21.0532 0x0b48  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
18:28:21.0547 0x0b48  SCardSvr - ok
18:28:21.0579 0x0b48  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
18:28:21.0594 0x0b48  ScDeviceEnum - ok
18:28:21.0626 0x0b48  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:28:21.0626 0x0b48  scfilter - ok
18:28:21.0672 0x0b48  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:28:21.0719 0x0b48  Schedule - ok
18:28:21.0751 0x0b48  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
18:28:21.0751 0x0b48  SCPolicySvc - ok
18:28:21.0797 0x0b48  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
18:28:21.0797 0x0b48  sdbus - ok
18:28:21.0829 0x0b48  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
18:28:21.0844 0x0b48  sdstor - ok
18:28:21.0860 0x0b48  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
18:28:21.0876 0x0b48  secdrv - ok
18:28:21.0891 0x0b48  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
18:28:21.0907 0x0b48  seclogon - ok
18:28:21.0938 0x0b48  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
18:28:21.0954 0x0b48  SENS - ok
18:28:21.0985 0x0b48  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
18:28:22.0001 0x0b48  SensrSvc - ok
18:28:22.0017 0x0b48  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
18:28:22.0017 0x0b48  SerCx - ok
18:28:22.0032 0x0b48  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
18:28:22.0032 0x0b48  SerCx2 - ok
18:28:22.0063 0x0b48  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
18:28:22.0079 0x0b48  Serenum - ok
18:28:22.0095 0x0b48  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
18:28:22.0095 0x0b48  Serial - ok
18:28:22.0126 0x0b48  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
18:28:22.0126 0x0b48  sermouse - ok
18:28:22.0173 0x0b48  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
18:28:22.0204 0x0b48  SessionEnv - ok
18:28:22.0220 0x0b48  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
18:28:22.0220 0x0b48  sfloppy - ok
18:28:22.0251 0x0b48  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:28:22.0267 0x0b48  SharedAccess - ok
18:28:22.0282 0x0b48  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:28:22.0298 0x0b48  ShellHWDetection - ok
18:28:22.0345 0x0b48  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:28:22.0360 0x0b48  SiSRaid2 - ok
18:28:22.0392 0x0b48  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
18:28:22.0407 0x0b48  SiSRaid4 - ok
18:28:22.0438 0x0b48  [ 05452E6C539CD69EDF28B5027BFDEF1F, 94067D03D5E6CD09EDB586EA658A3A13B1D2B594A150D7002A31F4E119B5AB06 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
18:28:22.0438 0x0b48  SmbDrvI - ok
18:28:22.0470 0x0b48  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
18:28:22.0501 0x0b48  smphost - ok
18:28:22.0532 0x0b48  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
18:28:22.0548 0x0b48  SNMPTRAP - ok
18:28:22.0595 0x0b48  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
18:28:22.0610 0x0b48  spaceport - ok
18:28:22.0642 0x0b48  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
18:28:22.0642 0x0b48  SpbCx - ok
18:28:22.0688 0x0b48  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
18:28:22.0704 0x0b48  Spooler - ok
18:28:22.0926 0x0b48  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
18:28:23.0067 0x0b48  sppsvc - ok
18:28:23.0098 0x0b48  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:28:23.0114 0x0b48  srv - ok
18:28:23.0161 0x0b48  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
18:28:23.0176 0x0b48  srv2 - ok
18:28:23.0208 0x0b48  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:28:23.0223 0x0b48  srvnet - ok
18:28:23.0286 0x0b48  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:28:23.0317 0x0b48  SSDPSRV - ok
18:28:23.0348 0x0b48  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
18:28:23.0364 0x0b48  SstpSvc - ok
18:28:23.0395 0x0b48  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
18:28:23.0395 0x0b48  ssudmdm - ok
18:28:23.0426 0x0b48  [ 76F7D7217FBDAB77798A2A244ACD641F, E65CF2CE789E721CEFCA35DF5100304C56135459DA2421DB2A0DF9E6E9DDE70F ] ssudserd        C:\WINDOWS\system32\DRIVERS\ssudserd.sys
18:28:23.0442 0x0b48  ssudserd - ok
18:28:23.0551 0x0b48  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:28:23.0582 0x0b48  Steam Client Service - ok
18:28:23.0614 0x0b48  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
18:28:23.0614 0x0b48  stexstor - ok
18:28:23.0676 0x0b48  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
18:28:23.0692 0x0b48  stisvc - ok
18:28:23.0708 0x0b48  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
18:28:23.0723 0x0b48  storahci - ok
18:28:23.0739 0x0b48  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
18:28:23.0754 0x0b48  storflt - ok
18:28:23.0770 0x0b48  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
18:28:23.0770 0x0b48  stornvme - ok
18:28:23.0817 0x0b48  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
18:28:23.0833 0x0b48  StorSvc - ok
18:28:23.0864 0x0b48  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
18:28:23.0864 0x0b48  storvsc - ok
18:28:23.0911 0x0b48  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
18:28:23.0926 0x0b48  svsvc - ok
18:28:23.0957 0x0b48  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
18:28:23.0973 0x0b48  swenum - ok
18:28:24.0020 0x0b48  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
18:28:24.0036 0x0b48  swprv - ok
18:28:24.0083 0x0b48  [ 4D4FA3967D50C44318BD8CD978520049, 5A93CAE62538F335E5CA694314CB00CC85C39D99CDA263D6090696DAE797D6F8 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:28:24.0098 0x0b48  SynTP - ok
18:28:24.0145 0x0b48  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\WINDOWS\system32\sysmain.dll
18:28:24.0176 0x0b48  SysMain - ok
18:28:24.0207 0x0b48  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:28:24.0223 0x0b48  SystemEventsBroker - ok
18:28:24.0254 0x0b48  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:28:24.0270 0x0b48  TabletInputService - ok
18:28:24.0317 0x0b48  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:28:24.0333 0x0b48  TapiSrv - ok
18:28:24.0411 0x0b48  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
18:28:24.0458 0x0b48  Tcpip - ok
18:28:24.0551 0x0b48  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:28:24.0598 0x0b48  TCPIP6 - ok
18:28:24.0645 0x0b48  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
18:28:24.0645 0x0b48  tcpipreg - ok
18:28:24.0692 0x0b48  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
18:28:24.0692 0x0b48  tdx - ok
18:28:24.0723 0x0b48  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
18:28:24.0723 0x0b48  terminpt - ok
18:28:24.0786 0x0b48  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:28:24.0832 0x0b48  TermService - ok
18:28:24.0864 0x0b48  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
18:28:24.0895 0x0b48  Themes - ok
18:28:24.0926 0x0b48  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
18:28:24.0942 0x0b48  THREADORDER - ok
18:28:24.0973 0x0b48  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
18:28:24.0989 0x0b48  TimeBroker - ok
18:28:25.0020 0x0b48  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
18:28:25.0036 0x0b48  TPM - ok
18:28:25.0067 0x0b48  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
18:28:25.0067 0x0b48  TrkWks - ok
18:28:25.0114 0x0b48  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:28:25.0145 0x0b48  TrustedInstaller - ok
18:28:25.0161 0x0b48  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
18:28:25.0176 0x0b48  TsUsbFlt - ok
18:28:25.0192 0x0b48  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:28:25.0192 0x0b48  TsUsbGD - ok
18:28:25.0223 0x0b48  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:28:25.0239 0x0b48  tunnel - ok
18:28:25.0239 0x0b48  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
18:28:25.0255 0x0b48  uagp35 - ok
18:28:25.0270 0x0b48  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
18:28:25.0286 0x0b48  UASPStor - ok
18:28:25.0317 0x0b48  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
18:28:25.0317 0x0b48  UCX01000 - ok
18:28:25.0364 0x0b48  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
18:28:25.0364 0x0b48  udfs - ok
18:28:25.0411 0x0b48  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
18:28:25.0426 0x0b48  UEFI - ok
18:28:25.0458 0x0b48  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
18:28:25.0473 0x0b48  UI0Detect - ok
18:28:25.0473 0x0b48  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
18:28:25.0489 0x0b48  uliagpkx - ok
18:28:25.0505 0x0b48  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
18:28:25.0505 0x0b48  umbus - ok
18:28:25.0520 0x0b48  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
18:28:25.0536 0x0b48  UmPass - ok
18:28:25.0567 0x0b48  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
18:28:25.0598 0x0b48  UmRdpService - ok
18:28:25.0661 0x0b48  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:28:25.0676 0x0b48  upnphost - ok
18:28:25.0708 0x0b48  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
18:28:25.0723 0x0b48  usbccgp - ok
18:28:25.0739 0x0b48  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
18:28:25.0739 0x0b48  usbcir - ok
18:28:25.0770 0x0b48  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
18:28:25.0770 0x0b48  usbehci - ok
18:28:25.0801 0x0b48  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
18:28:25.0817 0x0b48  usbhub - ok
18:28:25.0848 0x0b48  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
18:28:25.0864 0x0b48  USBHUB3 - ok
18:28:25.0895 0x0b48  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
18:28:25.0911 0x0b48  usbohci - ok
18:28:25.0927 0x0b48  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
18:28:25.0947 0x0b48  usbprint - ok
18:28:25.0970 0x0b48  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:28:25.0970 0x0b48  USBSTOR - ok
18:28:25.0986 0x0b48  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
18:28:26.0001 0x0b48  usbuhci - ok
18:28:26.0032 0x0b48  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
18:28:26.0032 0x0b48  usbvideo - ok
18:28:26.0064 0x0b48  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:28:26.0079 0x0b48  USBXHCI - ok
18:28:26.0095 0x0b48  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
18:28:26.0095 0x0b48  VaultSvc - ok
18:28:26.0126 0x0b48  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
18:28:26.0126 0x0b48  vdrvroot - ok
18:28:26.0173 0x0b48  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
18:28:26.0204 0x0b48  vds - ok
18:28:26.0236 0x0b48  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
18:28:26.0251 0x0b48  VerifierExt - ok
18:28:26.0298 0x0b48  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
18:28:26.0314 0x0b48  vhdmp - ok
18:28:26.0329 0x0b48  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
18:28:26.0345 0x0b48  viaide - ok
18:28:26.0361 0x0b48  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
18:28:26.0376 0x0b48  vmbus - ok
18:28:26.0392 0x0b48  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
18:28:26.0392 0x0b48  VMBusHID - ok
18:28:26.0439 0x0b48  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
18:28:26.0470 0x0b48  vmicguestinterface - ok
18:28:26.0486 0x0b48  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
18:28:26.0501 0x0b48  vmicheartbeat - ok
18:28:26.0501 0x0b48  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:28:26.0533 0x0b48  vmickvpexchange - ok
18:28:26.0611 0x0b48  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
18:28:26.0626 0x0b48  vmicrdv - ok
18:28:26.0642 0x0b48  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
18:28:26.0657 0x0b48  vmicshutdown - ok
18:28:26.0673 0x0b48  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
18:28:26.0689 0x0b48  vmictimesync - ok
18:28:26.0704 0x0b48  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
18:28:26.0720 0x0b48  vmicvss - ok
18:28:26.0736 0x0b48  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
18:28:26.0736 0x0b48  volmgr - ok
18:28:26.0767 0x0b48  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
18:28:26.0782 0x0b48  volmgrx - ok
18:28:26.0798 0x0b48  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
18:28:26.0814 0x0b48  volsnap - ok
18:28:26.0845 0x0b48  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
18:28:26.0845 0x0b48  vpci - ok
18:28:26.0876 0x0b48  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
18:28:26.0892 0x0b48  vsmraid - ok
18:28:26.0939 0x0b48  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
18:28:26.0985 0x0b48  VSS - ok
18:28:27.0001 0x0b48  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
18:28:27.0017 0x0b48  VSTXRAID - ok
18:28:27.0064 0x0b48  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
18:28:27.0079 0x0b48  vwifibus - ok
18:28:27.0111 0x0b48  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
18:28:27.0126 0x0b48  vwififlt - ok
18:28:27.0142 0x0b48  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
18:28:27.0142 0x0b48  vwifimp - ok
18:28:27.0173 0x0b48  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
18:28:27.0189 0x0b48  W32Time - ok
18:28:27.0236 0x0b48  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
18:28:27.0267 0x0b48  WacomPen - ok
18:28:27.0298 0x0b48  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:28:27.0314 0x0b48  Wanarp - ok
18:28:27.0329 0x0b48  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:28:27.0345 0x0b48  Wanarpv6 - ok
18:28:27.0439 0x0b48  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
18:28:27.0470 0x0b48  wbengine - ok
18:28:27.0517 0x0b48  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
18:28:27.0533 0x0b48  WbioSrvc - ok
18:28:27.0579 0x0b48  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
18:28:27.0595 0x0b48  Wcmsvc - ok
18:28:27.0642 0x0b48  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
18:28:27.0658 0x0b48  wcncsvc - ok
18:28:27.0673 0x0b48  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:28:27.0689 0x0b48  WcsPlugInService - ok
18:28:27.0720 0x0b48  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
18:28:27.0720 0x0b48  WdBoot - ok
18:28:27.0767 0x0b48  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
18:28:27.0783 0x0b48  Wdf01000 - ok
18:28:27.0814 0x0b48  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
18:28:27.0829 0x0b48  WdFilter - ok
18:28:27.0861 0x0b48  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
18:28:27.0861 0x0b48  WdiServiceHost - ok
18:28:27.0876 0x0b48  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
18:28:27.0876 0x0b48  WdiSystemHost - ok
18:28:27.0908 0x0b48  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:28:27.0923 0x0b48  WdNisDrv - ok
18:28:27.0939 0x0b48  WdNisSvc - ok
18:28:27.0970 0x0b48  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:28:27.0970 0x0b48  WebClient - ok
18:28:28.0017 0x0b48  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
18:28:28.0017 0x0b48  Wecsvc - ok
18:28:28.0048 0x0b48  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
18:28:28.0048 0x0b48  WEPHOSTSVC - ok
18:28:28.0095 0x0b48  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
18:28:28.0095 0x0b48  wercplsupport - ok
18:28:28.0126 0x0b48  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
18:28:28.0142 0x0b48  WerSvc - ok
18:28:28.0173 0x0b48  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:28:28.0189 0x0b48  WFPLWFS - ok
18:28:28.0220 0x0b48  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
18:28:28.0220 0x0b48  WiaRpc - ok
18:28:28.0251 0x0b48  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
18:28:28.0251 0x0b48  WIMMount - ok
18:28:28.0251 0x0b48  WinDefend - ok
18:28:28.0283 0x0b48  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:28:28.0314 0x0b48  WinHttpAutoProxySvc - ok
18:28:28.0392 0x0b48  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:28:28.0423 0x0b48  Winmgmt - ok
18:28:28.0533 0x0b48  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
18:28:28.0595 0x0b48  WinRM - ok
18:28:28.0626 0x0b48  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
18:28:28.0658 0x0b48  WinUsb - ok
18:28:28.0704 0x0b48  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
18:28:28.0736 0x0b48  WlanSvc - ok
18:28:28.0829 0x0b48  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
18:28:28.0861 0x0b48  wlidsvc - ok
18:28:28.0892 0x0b48  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
18:28:28.0908 0x0b48  WmiAcpi - ok
18:28:28.0939 0x0b48  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:28:28.0954 0x0b48  wmiApSrv - ok
18:28:28.0971 0x0b48  WMPNetworkSvc - ok
18:28:29.0003 0x0b48  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:28:29.0018 0x0b48  Wof - ok
18:28:29.0081 0x0b48  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
18:28:29.0112 0x0b48  workfolderssvc - ok
18:28:29.0143 0x0b48  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:28:29.0175 0x0b48  wpcfltr - ok
18:28:29.0206 0x0b48  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
18:28:29.0221 0x0b48  WPCSvc - ok
18:28:29.0253 0x0b48  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
18:28:29.0253 0x0b48  WPDBusEnum - ok
18:28:29.0284 0x0b48  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:28:29.0300 0x0b48  WpdUpFltr - ok
18:28:29.0315 0x0b48  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:28:29.0331 0x0b48  ws2ifsl - ok
18:28:29.0362 0x0b48  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
18:28:29.0378 0x0b48  wscsvc - ok
18:28:29.0378 0x0b48  WSearch - ok
18:28:29.0503 0x0b48  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
18:28:29.0581 0x0b48  WSService - ok
18:28:29.0737 0x0b48  [ BB6F53F80AA1789815963C16E303A973, B140D5A4633C39E84A5C7DB86C7E869FB5D993B924998BF8CC2B8F07E382CCEA ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
18:28:29.0800 0x0b48  wuauserv - ok
18:28:29.0846 0x0b48  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
18:28:29.0878 0x0b48  WudfPf - ok
18:28:29.0893 0x0b48  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
18:28:29.0893 0x0b48  WUDFRd - ok
18:28:29.0909 0x0b48  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
18:28:29.0925 0x0b48  WUDFSensorLP - ok
18:28:29.0956 0x0b48  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
18:28:29.0971 0x0b48  wudfsvc - ok
18:28:29.0971 0x0b48  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
18:28:29.0987 0x0b48  WUDFWpdFs - ok
18:28:29.0987 0x0b48  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
18:28:30.0003 0x0b48  WUDFWpdMtp - ok
18:28:30.0050 0x0b48  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
18:28:30.0065 0x0b48  WwanSvc - ok
18:28:30.0065 0x0b48  ================ Scan global ===============================
18:28:30.0112 0x0b48  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
18:28:30.0159 0x0b48  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
18:28:30.0206 0x0b48  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
18:28:30.0222 0x0b48  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
18:28:30.0237 0x0b48  [ Global ] - ok
18:28:30.0237 0x0b48  ================ Scan MBR ==================================
18:28:30.0253 0x0b48  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:28:30.0347 0x0b48  \Device\Harddisk0\DR0 - ok
18:28:30.0347 0x0b48  ================ Scan VBR ==================================
18:28:30.0378 0x0b48  [ 011BD2AFC799C1F403A73EEDEE34CFFD ] \Device\Harddisk0\DR0\Partition1
18:28:30.0456 0x0b48  \Device\Harddisk0\DR0\Partition1 - ok
18:28:30.0472 0x0b48  [ 7A516473F1ACA07A17AF5B8B9F961879 ] \Device\Harddisk0\DR0\Partition2
18:28:30.0534 0x0b48  \Device\Harddisk0\DR0\Partition2 - ok
18:28:30.0565 0x0b48  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
18:28:30.0565 0x0b48  \Device\Harddisk0\DR0\Partition3 - ok
18:28:30.0581 0x0b48  [ F2CDFD7632DD34B3FED17246BD235D6E ] \Device\Harddisk0\DR0\Partition4
18:28:30.0644 0x0b48  \Device\Harddisk0\DR0\Partition4 - ok
18:28:30.0675 0x0b48  [ D32708623963B9E732A560358D81A189 ] \Device\Harddisk0\DR0\Partition5
18:28:30.0690 0x0b48  \Device\Harddisk0\DR0\Partition5 - ok
18:28:30.0722 0x0b48  [ 3EFFAFA2BD2448F73FD549F2A2F16E1E ] \Device\Harddisk0\DR0\Partition6
18:28:30.0722 0x0b48  \Device\Harddisk0\DR0\Partition6 - ok
18:28:30.0722 0x0b48  ================ Scan generic autorun ======================
18:28:31.0159 0x0b48  [ 6121FAB614C910769E7DF2A3F4DE15E1, 41A895A03D98C15B56A3B9B3F7BADB54CBDA517108C22941CE375C98F039E79D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:28:31.0534 0x0b48  RtHDVCpl - ok
18:28:31.0581 0x0b48  [ 1061A6E95A99375F1322A8874EC9BE91, 112F4B523A89D173A0A21C22F29D8D1223EC17077282C2ECD380E8A9F4046456 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
18:28:31.0612 0x0b48  RtHDVBg_Dolby - ok
18:28:31.0612 0x0b48  SynTPEnh - ok
18:28:31.0769 0x0b48  [ 44FE94FCDF97E574B6986C5A81758628, D950CF92623CA2AD053F7DCC44B483176D02E721C716255957DA90A083D0F1B9 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
18:28:31.0847 0x0b48  NvBackend - ok
18:28:31.0878 0x0b48  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\WINDOWS\system32\rundll32.exe
18:28:31.0893 0x0b48  ShadowPlay - ok
18:28:32.0002 0x0b48  [ C46229075C0CE88B2BB71AC5664601CE, 0B8CAD993148AF73EA07D375AA9A1EAA1EADC409DF3E21ECBACF91204D191125 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
18:28:32.0095 0x0b48  Norton Online Backup - ok
18:28:32.0158 0x0b48  [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
18:28:32.0189 0x0b48  iTunesHelper - ok
18:28:32.0299 0x0b48  [ D192592FD0A99D9F360906D3F6DFBFF1, E0ED95A8AB4D26A40BF95B8DB2D968AD1FDB36B8C4DF2990185E0458B3948CA3 ] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
18:28:32.0361 0x0b48  Wondershare Helper Compact.exe - ok
18:28:32.0408 0x0b48  DelaypluginInstall - ok
18:28:32.0408 0x0b48  Waiting for KSN requests completion. In queue: 157
18:28:33.0424 0x0b48  Waiting for KSN requests completion. In queue: 157
18:28:34.0439 0x0b48  Waiting for KSN requests completion. In queue: 157
18:28:35.0491 0x0b48  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x61100 ( enabled : updated )
18:28:35.0538 0x0b48  Win FW state via NFP2: enabled ( trusted )
18:28:37.0903 0x0b48  ============================================================
18:28:37.0903 0x0b48  Scan finished
18:28:37.0903 0x0b48  ============================================================
18:28:37.0921 0x0cf4  Detected object count: 0
18:28:37.0922 0x0cf4  Actual detected object count: 0

Habe gerade nachgeschaut, ist die selbe Datei wie unter C//

Mit freundlichen Grüßen

Juan

M-K-D-B · 24.08.2015, 08:17

Servus Juan,

Malwarebytes entfernt DownloadProtect nicht vollständig, daher verwenden wir jetzt mal u. a. mein Tool, das sollte helfen.

Schritt 1
Deaktiviere bitte dein Antivirenprogramm, da es die Entfernung von DownloadProtect blockieren kann.
Bitte downloade DownloadProtectCleaner und speichere die Datei auf dem Desktop.

Speichere alle Arbeiten und schließe alle noch offenen Programme und Browser.
Starte die DownloadProtectCleaner.exe.
Drücke eine beliebige Taste, um den Entfernungsprozess zu starten.
Wenn das Tool fertig ist, wird es automatisch einen Neustart durchführen.
Nach dem Neustart sollte DownloadProtect entfernt sein. Solltest du trotzdem noch Reste entdecken, so teile mir das bitte mit.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

Juan94 · 24.08.2015, 17:55

Moin Matthias,

hier die AdwCleaner txt:

Code:

ATTFilter

# AdwCleaner v5.003 - Bericht erstellt 24/08/2015 um 18:12:50
# Aktualisiert 20/08/2015 von Xplode
# Datenbank : 2015-08-23.3 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Juan - JUAN-PC
# Gestarted von : C:\Users\Juan\Downloads\AdwCleaner_5.003.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\ProgramData\apn
[-] Ordner Gelöscht : C:\ProgramData\Systweak
[-] Ordner Gelöscht : C:\Users\Juan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
[-] Ordner Gelöscht : C:\Users\Juan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
[-] Ordner Gelöscht : C:\Users\Juan\AppData\Local\Temp\apn
[-] Ordner Gelöscht : C:\Users\Juan\AppData\Roaming\Systweak
[-] Ordner Gelöscht : C:\Users\Juan\AppData\Roaming\RPEng

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Juan\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
[-] Datei Gelöscht : C:\Users\Juan\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Juan\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
[-] Datei Gelöscht : C:\Users\Juan\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal
[-] Datei Gelöscht : C:\WINDOWS\Sysnative\roboot64.exe

***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Schlüssel Gelöscht : HKCU\Software\systweak
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\systweak

***** [ Internetbrowser ] *****

[-] [C:\Users\Juan\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] [Search Provider] Gelöscht : ask.com

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2894 Bytes] ##########

und die JunkwareRmovalTool.txt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 8.1 x64
Ran by Juan on 24.08.2015 at 18:21:50,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin



~~~ Chrome


[C:\Users\Juan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Juan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Juan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Juan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.08.2015 at 18:24:42,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Die neuen FRST-Dateien folgen gleich

FRST.txt:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015
durchgeführt von Juan (Administrator) auf JUAN-PC (24-08-2015 18:46:59)
Gestartet von C:\Users\Juan\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Geladene Profile: Juan (Verfügbare Profile: Juan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Atheros Communications)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> DefaultScope {AA6677D3-FA45-4936-A20C-E5B3F7EC88A1} URL = 
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> OldSearch URL = hxxp://www.search.ask.com/web?tpid=ATU4-SP&o=APN11391&pf=V7&p2=^BAY^aaa148^YY^DE&gct=&itbv=12.16.2.1836&apn_uid=C184E0BC-0447-461F-8935-D286031B601F&apn_ptnrs=^BAY&apn_dtid=^aaa148^YY^DE&apn_dbr=cr_37.0.2062.120&doi=2014-09-21&trgb=CR&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> {90168360-0D5A-400F-BC59-A9EB10650104} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74DAB17B-C890-4B64-BD96-F7415F53E187}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E0C75E5A-8B49-4FB5-9619-40444B88458A}: [DhcpNameServer] 40.32.1.201 40.32.1.202

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Keine Datei]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-03] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-23]
CHR Extension: (Google Search) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-23]
CHR Extension: (Google Sheets) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-28] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-24 18:33 - 2015-08-24 18:41 - 00000000 ____D C:\Users\Juan\Downloads\FRST-OlderVersion
2015-08-24 18:24 - 2015-08-24 18:24 - 00001259 _____ C:\Users\Juan\Desktop\JRT.txt
2015-08-24 18:18 - 2015-08-24 18:18 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Juan\Downloads\JRT.exe
2015-08-24 18:11 - 2015-08-24 18:12 - 00000000 ____D C:\AdwCleaner
2015-08-24 18:11 - 2015-08-24 18:11 - 01605632 _____ C:\Users\Juan\Downloads\AdwCleaner_5.003.exe
2015-08-24 17:57 - 2015-08-24 17:57 - 00226304 _____ C:\Users\Juan\Desktop\DownloadProtectCleaner-reboot.exe
2015-08-24 17:56 - 2015-08-24 17:56 - 00327168 _____ C:\Users\Juan\Desktop\DownloadProtectCleaner.exe
2015-08-24 17:56 - 2015-08-24 17:56 - 00226304 _____ C:\Users\Juan\Downloads\DownloadProtectCleaner-reboot.exe
2015-08-23 18:26 - 2015-08-23 18:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Juan\Downloads\tdsskiller.exe
2015-08-23 18:22 - 2015-08-23 18:22 - 00050380 _____ C:\Users\Juan\Downloads\Addition.txt
2015-08-23 18:21 - 2015-08-23 18:22 - 00039738 _____ C:\Users\Juan\Downloads\FRST.txt
2015-08-23 18:20 - 2015-08-24 18:47 - 00000000 ____D C:\FRST
2015-08-23 18:19 - 2015-08-24 18:33 - 02173952 _____ (Farbar) C:\Users\Juan\Downloads\FRST64.exe
2015-08-23 14:27 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-23 14:27 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-23 14:21 - 2015-08-23 14:21 - 00001197 _____ C:\Users\Juan\Desktop\mbam2.txt
2015-08-23 05:51 - 2015-08-23 05:51 - 00024441 _____ C:\Users\Juan\Desktop\mbam.txt
2015-08-23 05:24 - 2015-08-23 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-08-23 05:24 - 2015-08-23 19:02 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-23 05:24 - 2015-08-23 13:42 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 05:24 - 2015-08-23 05:24 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-23 05:24 - 2015-08-23 05:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 05:24 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-23 05:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-23 05:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 05:23 - 2015-08-23 05:24 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Juan\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 00:54 - 2015-08-23 00:54 - 00000000 ____D C:\Users\Juan\AppData\Roaming\TuneUp Software
2015-08-23 00:54 - 2015-08-23 00:54 - 00000000 ____D C:\Users\Juan\AppData\Local\TuneUp Software
2015-08-23 00:52 - 2015-08-23 00:54 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-08-23 00:51 - 2015-08-23 05:18 - 00000000 ____D C:\Users\Juan\AppData\Roaming\DVDVideoSoft
2015-08-23 00:50 - 2015-08-23 00:51 - 30800040 _____ (DVDVideoSoft Ltd. ) C:\Users\Juan\Downloads\FreeVideoToMP3Converter5.0.61.805.exe
2015-08-23 00:44 - 2015-08-23 00:46 - 00000000 ____D C:\Users\Juan\AppData\Roaming\AdvertismentImages
2015-08-23 00:34 - 2015-08-23 01:12 - 00000000 ____D C:\Users\Juan\Desktop\Er Ist Wieder Da
2015-08-23 00:27 - 2015-08-23 05:16 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Opera Software
2015-08-23 00:27 - 2015-08-23 05:16 - 00000000 ____D C:\Users\Juan\AppData\Local\Opera Software
2015-08-23 00:26 - 2015-08-23 05:17 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-23 00:25 - 2015-08-23 00:25 - 00001206 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-08-23 00:25 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL
2015-08-23 00:23 - 2015-08-23 00:24 - 17089408 _____ (DsNET Corp ) C:\Users\Juan\Downloads\aTube_Catcher_3.8.7980.exe
2015-08-14 02:58 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-14 02:58 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-14 02:58 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-14 02:58 - 2015-06-09 20:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-14 02:57 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-14 02:57 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-14 02:57 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-14 02:57 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-14 02:57 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-14 02:57 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-14 02:57 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-14 02:57 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-14 02:57 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 05:09 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:09 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:42 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 04:42 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 04:42 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 04:42 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 04:42 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 04:42 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 04:42 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 04:42 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 04:42 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 04:42 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 04:42 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 04:42 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 04:41 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 04:41 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 04:41 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 04:41 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 04:41 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 04:41 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 04:41 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 04:41 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 04:41 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 04:41 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 04:41 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 04:41 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 04:41 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 04:41 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 04:41 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 04:41 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 04:41 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 04:41 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 04:41 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 04:41 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 04:41 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 04:41 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 04:41 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 04:41 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 04:41 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 04:41 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 04:41 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 04:41 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 04:41 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 04:39 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 04:39 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 04:39 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 04:39 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 04:39 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 04:39 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 04:39 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 04:39 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 04:39 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 04:36 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 04:36 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 04:35 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 04:35 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 04:35 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 04:35 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 04:35 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 04:35 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 04:35 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 04:35 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 04:35 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 04:35 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 04:35 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 04:35 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 04:35 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 04:35 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 04:35 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 04:35 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 04:35 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 04:35 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 04:35 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 04:35 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-24 18:37 - 2014-07-08 04:41 - 01682909 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-24 18:24 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-24 18:22 - 2014-07-08 05:21 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 18:17 - 2014-07-08 04:50 - 00000000 ___DO C:\Users\Juan\OneDrive
2015-08-24 18:14 - 2014-07-27 08:14 - 00000340 _____ C:\WINDOWS\Tasks\GlaryInitialize.job
2015-08-24 18:13 - 2013-08-22 16:46 - 00365936 _____ C:\WINDOWS\setupact.log
2015-08-24 18:13 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-24 18:13 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-24 17:57 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-24 17:55 - 2014-07-08 04:49 - 00000000 ____D C:\Users\Juan\Documents\Bluetooth Folder
2015-08-24 17:55 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-23 21:21 - 2014-07-08 05:02 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F967FD8-5853-43BB-AD22-2750CCFD930B}
2015-08-23 19:02 - 2014-09-21 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-08-23 19:02 - 2014-07-27 08:13 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2015-08-23 19:02 - 2014-07-08 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-23 19:01 - 2014-12-12 14:52 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-23 19:01 - 2014-07-27 08:42 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Mp3tag
2015-08-23 19:01 - 2014-07-10 23:10 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-23 19:01 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-23 19:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-23 19:01 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-23 14:28 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-23 14:27 - 2014-07-08 00:16 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-994889132-872104614-2419786447-1002
2015-08-23 13:45 - 2014-03-18 12:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-23 13:45 - 2014-03-18 11:25 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-08-23 13:45 - 2014-03-18 11:25 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-08-23 05:55 - 2014-03-18 03:50 - 00043140 _____ C:\WINDOWS\PFRO.log
2015-08-23 05:52 - 2014-07-08 05:21 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-23 05:52 - 2014-07-08 04:48 - 00001454 _____ C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-23 05:08 - 2013-08-22 16:44 - 00482240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 05:03 - 2014-07-08 04:32 - 00000000 ____D C:\Users\Juan
2015-08-23 04:29 - 2015-03-01 18:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-23 00:25 - 2014-09-21 20:05 - 00000049 _____ C:\WINDOWS\SysWOW64\ScrRecX.log
2015-08-22 22:21 - 2014-07-19 09:35 - 02698752 ___SH C:\Users\Juan\Downloads\Thumbs.db
2015-08-15 18:02 - 2014-11-01 05:09 - 00000000 ____D C:\Users\Juan\Desktop\Norman
2015-08-15 11:20 - 2014-07-08 00:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-15 11:15 - 2014-07-08 00:43 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-08 15:55 - 2015-04-17 21:00 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 15:55 - 2015-04-17 21:00 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-01 22:34 - 2014-07-08 05:23 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-01 22:30 - 2015-07-10 19:28 - 00000000 ___HD C:\$Windows.~BT
2015-07-26 23:56 - 2015-04-05 20:42 - 00000000 ___SD C:\WINDOWS\system32\GWX

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-09-05 18:22 - 2013-09-05 18:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Juan\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Juan\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Juan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Juan\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Juan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-04 22:27

==================== Ende von Ergebnis ============================

Addition.txt:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-08-2015
durchgeführt von Juan (2015-08-24 18:48:02)
Gestartet von C:\Users\Juan\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-994889132-872104614-2419786447-500 - Administrator - Disabled)
Gast (S-1-5-21-994889132-872104614-2419786447-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-994889132-872104614-2419786447-1006 - Limited - Enabled)
Juan (S-1-5-21-994889132-872104614-2419786447-1002 - Administrator - Enabled) => C:\Users\Juan

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-994889132-872104614-2419786447-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mp3tag v2.61a (HKLM-x32\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.31 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

05-08-2015 16:06:12 Geplanter Prüfpunkt
12-08-2015 05:06:11 Windows Update
15-08-2015 11:12:54 Windows Update
22-08-2015 13:57:44 Windows Update
24-08-2015 18:21:54 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01DF85F0-2C3E-4418-86D4-9C63C23ACDFD} - \RegClean Pro -> Keine Datei <==== ACHTUNG
Task: {16D2A44E-6C65-498E-ACC6-A08ECBF30002} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {1CF33A71-ED76-4BAE-9D86-CA3B5BA2A719} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {275EE877-94C2-4621-80B2-65FC9F3C0125} - \Digital Sites -> Keine Datei <==== ACHTUNG
Task: {2ED6F8E5-595F-4AA0-B6D3-A7D17B44E2E3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {45788018-7A97-44BF-B245-78A0D0D5A404} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {51CDA476-333D-4682-AC8F-FED407439FBD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {72AA2B51-7B41-483E-89FD-4EFF915F8478} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {79EF303A-364B-4AD8-A1A1-B7CD68906334} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7BEA3986-3709-487D-A4EC-3EFF832C9C8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {85793506-5F12-4695-96CD-5104C5D3575C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {8883418B-82EC-49FC-B9F1-B840710B0ABC} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {8E5E6550-D743-47E7-8210-9E529730AA38} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-15] (Microsoft Corporation)
Task: {99F0A56C-5002-47F1-B053-BD800B977B82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {BA66737C-91D9-4609-9186-2D3750474D4B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {CFD335E3-D842-4439-B977-88FB4B95EA6C} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {D33D2557-2884-4299-8967-7840469C88DB} - \ASP -> Keine Datei <==== ACHTUNG
Task: {ED1DF44E-4C93-4FA2-B158-06A602E347AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {FC00C62B-A29B-4FCC-9191-904B97C9AB0B} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-03 23:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-05 18:00 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-23 00:47 - 2015-08-23 00:47 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2013-09-05 18:42 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-08-22 13:57 - 2015-08-18 07:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-22 13:57 - 2015-08-18 07:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Juan\OneDrive:ms-properties

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-994889132-872104614-2419786447-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{69187A02-3A7A-44DF-AE6C-4B51680234DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B4387CEC-44D6-44BD-B827-20C59CD8F23F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB75A681-D599-4929-AD66-808C78DEB882}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{07EE9EDC-DC34-4CDD-AE3B-043B957BDE24}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{3E461B85-F750-4CB8-854E-D183C2BF2F5F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{E61A3D33-5BDF-4F53-974D-4B94782299C0}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{1DBB89DC-1515-4982-AC5A-5A7796F0039C}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9B667351-B64F-42F4-81E1-B935736FE8B1}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1C4E1032-E586-4833-84A2-A4C14A54B930}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{E98ED4CA-2307-4691-A091-E7F260A6D1BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{CDC6BA53-1E74-48A7-BBC6-089303C47362}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{514715CB-36B7-4C93-8BD3-BC3E392B0DD6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{5CB750C9-E639-44B6-9118-9C6356961B70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{10E1D93F-8473-4D5F-AF29-1F305B4B47D7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{03BDBADA-5DEE-42C5-91D4-EDA418312C0F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{B4D65B67-4C01-4041-917B-EFF33B69EF70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{62044434-5CD1-4FC8-B2FA-C3A97673630A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BC6C08A9-BC0A-4E81-8963-B8791C711F46}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{4B3D55A0-A788-41E9-9F13-F061D421ED86}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{75FE2E88-F1F7-47CF-8CB2-64CEA11831A9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{4E39C88B-3BB2-49D4-A7B1-20334C10E9D1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{704BC8DF-1D18-4A02-9C2D-3CC10196EB21}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D81312B6-D82E-4CFF-A5C3-E32AA625AE6E}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{AB0D0C1A-F2C6-4A2F-A433-8ED1F053C885}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{74E97420-0447-414A-8FBD-CB53E734EFDD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8335732E-F2D8-4697-ACED-17A2380A3B63}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2A0321B6-C86E-4A1A-960F-43C4D93C6614}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F9887015-8EF8-4140-9F10-C8BEB56DC707}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{806CD66C-C1C4-4D7F-AF3D-3FA7451D6949}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{7C8FCBF5-D46D-41D0-AD5C-328CBB02AC34}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{682702DF-26DA-44CB-A47C-88D8AE200791}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{22074F6A-CEFB-47A2-830E-B9D44A0B39E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8EB278A8-983A-4693-BD33-9AB09B4580C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1792074B-6436-4A8B-94A6-E608AEB99D1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF085B80-2102-4EE5-8590-E2C9AF2ECE0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A12F69AA-E324-41DF-AAF8-1B3E44703AF6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{C266802D-F25B-47E7-9BD5-DC3408681422}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{9CFA7166-0428-4A81-9246-BEBC8FA7913A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{1CF139D3-F4FD-46CE-A910-DDFC989DA0D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{96108BE6-6FF0-4786-AA8A-E8F35443CD88}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{53175C7E-14A2-4875-B4BF-8567D4A6D373}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{03DD5E90-63C9-45F1-BC2D-6A765872D862}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{20618D90-923D-4954-BD3D-CFEE22B8C13F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8C309626-7DC3-4BF6-B5B2-1000786EF252}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{87949DB4-52F2-4055-87A6-3C141064087F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{99E37507-5983-46FC-8810-CD895A20B31A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D4914DC1-6524-4403-8723-5F5A813E6D98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{36D4E665-2865-4926-9821-B9B1EB3FBEDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{DA834FD4-7849-403C-AB81-3193F929C043}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{029AF522-B226-4AA1-9163-6A6B0E79E0EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{D3C3ADC2-E99C-4C88-BA90-3BAE85C69EC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{AFA484CF-A0F3-41D6-BF1F-3BF30F7634A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{24D4076B-394A-4061-BB83-1C41B993AD8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{843EE1C5-CBB2-4214-934A-AA8D4B6C071F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{A26CDE6B-C4E4-48C5-BD5A-C971EADD2789}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{E0FC80F0-70F4-4F31-A628-5CA9404A856C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB373F64-822E-4705-9A4B-CC1D6CC24D1B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5959E4F9-38A9-4F60-87BE-087CD2030AF9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{8C879BE9-89EB-4E18-A1B5-6E4CFD443DC3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{589A1B66-2CD4-4D11-AF87-7C1665F40922}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{217E164A-86E8-4D6B-8E5C-9F7CC7E35B4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{D1766152-C802-4853-A891-1F25EC9C63FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5ABD3774-BA30-4AF9-83B0-F782BA45FABF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5F215DE-5B06-4C90-A205-3AEA85DB984E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89A02835-C4BF-4909-8A60-B4E71B49632E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F774AAD-E0C7-4C2B-BF01-5403950B3C2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{287AE324-497B-40F0-B1BD-79C14462D81C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{298F585C-AC3D-47EA-A11F-355D00F347C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{FDADB525-0AEC-4EF1-A1E0-CC5FF72DEC0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{C87C2A67-5EA4-4AD6-AA78-FDC6FDCD7941}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{5F4702C9-B5A9-4641-9921-67E94BFA360F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0CAF1D47-7844-4A67-ADB9-35A6D582BA87}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5696ED1A-17DB-4F28-A35C-2C0811C16CA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{BBF2FA5C-790B-41AA-B460-659EC7AE2819}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{AAF2577C-DEFD-4215-B7F5-5B8E614643B8}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [UDP Query User{89753AAE-F651-4090-AE53-A71B3563E2CB}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [TCP Query User{777F4B4E-A26A-4A77-9851-CC38DB06322D}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{280D5E90-03A7-4041-B9EB-96FA27400E3B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{2F6206F2-46FB-40B7-B1D1-3FBAC8605AE6}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{259EF262-B4A0-460A-82A1-AFF192D6CD66}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{76AA361F-0B8D-455C-A857-8F4A6E79ED35}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{D8BA06CB-9270-4DBF-BE5B-591BC317FBDD}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{E118B797-C319-4C3A-9678-5D9102E0CD53}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [UDP Query User{374E1A57-5503-4968-AEB8-695A6582C1E6}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [TCP Query User{8F1F9B09-3D03-4464-BBB6-B580D03544FF}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [UDP Query User{2A4E3A67-7695-4FF4-B344-58C280D3C01F}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [{3BD5364E-3937-47AB-9F1A-9C7AD603E922}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2FE8DB03-5209-4FE2-A919-628856931C3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{1E02EBAC-8A87-440F-9C3A-556C52171980}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{75BE6FC2-05CB-46DE-A382-FF3DCB498E4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{A5619A8B-F17E-417A-838C-8847E49F6A00}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A85719C0-704A-42BD-8579-44114E92429D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [TCP Query User{247A1FBE-08CE-4980-80C0-7CA60DF12074}C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{B38B3A90-C98E-46F4-9C49-5B4EC4C05B7C}C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{A15AC70D-410E-4840-BF70-6CDEE64B312C}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{94E7DCE3-9C5C-4146-91B5-D89CE48163EA}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [{9A34691E-A378-4B45-ACAF-514E4FAFEB4A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{DA4A4344-B613-4B7C-AE8B-B9A82E20707E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{17250BCA-1C4E-4CF0-A4A3-C6181FAE5C7D}C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{FF5EAF2D-6C38-4375-B271-D582F81522FB}C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{A9822AC8-E63A-4DBE-909E-ABD99C227262}C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{0FDE9C0F-6339-412E-BF10-98AED56A11E8}C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{ED8F1C79-40E6-4EED-8EC2-9BEA12D4713D}C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{7EA25382-DBA6-495B-A090-C32F72700EF0}C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{E8BD1182-D288-49DD-9A04-EE6BAFADC349}C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{08444A27-329D-4BFF-A347-1A1D55365C1B}C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{FD5AA5C4-D913-40B6-80DE-9F7ECDF258E9}C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{DAD92DC9-EC0E-42A3-A058-0AB495C41836}C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [{3D5EE7BE-08C8-4AF2-9ED7-8AA18EE749EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{9DE5A7BF-8C91-4AA6-96A6-9C0533D8679F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{4AA320E2-880F-4DAA-A332-B1E9DC99B347}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F904AF00-DE31-4194-B056-8A361D644CAD}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{4B96F101-AEC3-449D-8FCE-75B74F08F513}] => (Allow) C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{529CE85B-ECD8-4B0F-8B94-E2127CA4D2B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{F488197C-0CCE-4028-8ACC-21F637AA852A}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{61603ED3-BBEF-48DE-9E70-4B720D27055D}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{22BF79CE-79AE-4912-904F-CF365F9E7E2A}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F83358C8-CB35-449C-B77A-A08AD01043B0}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{1BA147B1-C99F-45EC-9D68-A955EAD34E19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/24/2015 05:56:02 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (08/23/2015 06:41:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2562

Error: (08/23/2015 06:41:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2562

Error: (08/23/2015 06:41:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2015 06:12:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005.

Error: (08/23/2015 05:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 2.1.108.0, Zeitstempel: 0x53613ec5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec4e0
ID des fehlerhaften Prozesses: 0x13f0
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5

Error: (08/23/2015 02:08:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/23/2015 01:45:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7ac

Startzeit: 01d0dd710dda3056

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: 754277c5-498c-11e5-bea9-48d22480dabd

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14328

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14328


Systemfehler:
=============
Error: (08/24/2015 06:27:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Home

Error: (08/24/2015 06:22:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/24/2015 06:22:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/24/2015 06:22:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/24/2015 06:22:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/24/2015 06:22:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/24/2015 06:22:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/24/2015 06:22:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/24/2015 06:22:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/24/2015 06:22:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (08/24/2015 05:56:02 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (08/23/2015 06:41:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2562

Error: (08/23/2015 06:41:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2562

Error: (08/23/2015 06:41:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2015 06:12:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Geplanter Prüfpunkt0x80070005

Error: (08/23/2015 05:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe2.1.108.053613ec5KERNELBASE.dll6.3.9600.1793655a68e0cc000014200000000000ec4e013f001d0ddba5bbd38c8C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll99971385-49ad-11e5-beab-48d22480dabd

Error: (08/23/2015 02:08:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/23/2015 01:45:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174157ac01d0dd710dda30564294967295C:\WINDOWS\syswow64\wwahost.exe754277c5-498c-11e5-bea9-48d22480dabdMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14328

Error: (08/23/2015 08:58:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14328


CodeIntegrity:
===================================
  Date: 2015-08-24 18:25:26.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-24 18:25:26.371
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 18:26:49.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 18:26:49.619
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 18:20:22.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 18:20:22.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:46:09.844
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DnsBlockB.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:46:09.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:46:09.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DnsBlockA.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-23 00:46:09.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 7848.27 MB
Verfügbarer physikalischer RAM: 6173.57 MB
Summe virtueller Speicher: 21160.27 MB
Verfügbarer virtueller Speicher: 19470.99 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:914.76 GB) (Free:788.86 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D91B93BA)

Partition: GPT.

==================== Ende von Ergebnis ============================

Laut Google Chrome wurde die Erweiterung DefendProtect, aber nicht unter diesem Namen so genannt, deaktiviert

!

Habe noch eine Frage bezüglich der 153 ursprünglich identifizierten Bedrohungen..
Kann es sein, dass diese Schaden angerichtet haben bzw. Passwörter oder ähnliches ausgespäht haben, da ich öfter den Typ "Key" gelesen haben..

Und vielen vielen Dank für die sehr professionelle Hilfe, du scheinst fast so wie ein studierter Informatiker?

Gruß Juan

M-K-D-B · 24.08.2015, 21:34

Servus,

Zitat:

Gestartet von C:\Users\Juan\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion

Warum belässt du FRST nicht auf dem Desktop und führst das Programm von dort aus?

Passwörter werden durch die Programme nicht ausspioniert.

Es freut mich, dass mein Tool DownloadProtect entfernt hat.

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> DefaultScope {AA6677D3-FA45-4936-A20C-E5B3F7EC88A1} URL = 
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> OldSearch URL = hxxp://www.search.ask.com/web?tpid=ATU4-SP&o=APN11391&pf=V7&p2=^BAY^aaa148^YY^DE&gct=&itbv=12.16.2.1836&apn_uid=C184E0BC-0447-461F-8935-D286031B601F&apn_ptnrs=^BAY&apn_dtid=^aaa148^YY^DE&apn_dbr=cr_37.0.2062.120&doi=2014-09-21&trgb=CR&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> {90168360-0D5A-400F-BC59-A9EB10650104} URL = 
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei
Task: {01DF85F0-2C3E-4418-86D4-9C63C23ACDFD} - \RegClean Pro -> Keine Datei <==== ACHTUNG
Task: {275EE877-94C2-4621-80B2-65FC9F3C0125} - \Digital Sites -> Keine Datei <==== ACHTUNG
Task: {D33D2557-2884-4299-8967-7840469C88DB} - \ASP -> Keine Datei <==== ACHTUNG
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck,
die beiden neuen Logdateien von FRST.

Juan94 · 25.08.2015, 21:32

Guten Abend,

ich habe die Datei von dort aus gestartet, weil ich FRST noch nicht auf dem Desktop verschoben habe

Also haben die 153 Bedrohungen keinerlei Schaden angerichtet?

Hier die FixLog.txt:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-08-2015
durchgeführt von Juan (2015-08-25 19:48:48) Run:1
Gestartet von C:\Users\Juan\Desktop
Geladene Profile: Juan (Verfügbare Profile: Juan)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> DefaultScope {AA6677D3-FA45-4936-A20C-E5B3F7EC88A1} URL = 
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> OldSearch URL = hxxp://www.search.ask.com/web?tpid=ATU4-SP&o=APN11391&pf=V7&p2=^BAY^aaa148^YY^DE&gct=&itbv=12.16.2.1836&apn_uid=C184E0BC-0447-461F-8935-D286031B601F&apn_ptnrs=^BAY&apn_dtid=^aaa148^YY^DE&apn_dbr=cr_37.0.2062.120&doi=2014-09-21&trgb=CR&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-994889132-872104614-2419786447-1002 -> {90168360-0D5A-400F-BC59-A9EB10650104} URL = 
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei
Task: {01DF85F0-2C3E-4418-86D4-9C63C23ACDFD} - \RegClean Pro -> Keine Datei <==== ACHTUNG
Task: {275EE877-94C2-4621-80B2-65FC9F3C0125} - \Digital Sites -> Keine Datei <==== ACHTUNG
Task: {D33D2557-2884-4299-8967-7840469C88DB} - \ASP -> Keine Datei <==== ACHTUNG
RemoveProxy:
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
"HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => Schlüssel erfolgreich entfernt
HKCR\CLSID\OldSearch => Schlüssel nicht gefunden. 
"HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{90168360-0D5A-400F-BC59-A9EB10650104}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{90168360-0D5A-400F-BC59-A9EB10650104} => Schlüssel nicht gefunden. 
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01DF85F0-2C3E-4418-86D4-9C63C23ACDFD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01DF85F0-2C3E-4418-86D4-9C63C23ACDFD}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{275EE877-94C2-4621-80B2-65FC9F3C0125}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{275EE877-94C2-4621-80B2-65FC9F3C0125}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D33D2557-2884-4299-8967-7840469C88DB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D33D2557-2884-4299-8967-7840469C88DB}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP => Schlüssel nicht gefunden. 

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========

EmptyTemp: => 2.1 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.. 

==== Ende von Fixlog 19:49:49 ====

Hier die ESET-log.txt:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=90ceacd4060c5b4dba88d0e3b70c6d56
# end=init
# utc_time=2015-08-25 05:57:04
# local_time=2015-08-25 07:57:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 25427
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=90ceacd4060c5b4dba88d0e3b70c6d56
# end=updated
# utc_time=2015-08-25 06:04:09
# local_time=2015-08-25 08:04:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=90ceacd4060c5b4dba88d0e3b70c6d56
# engine=25427
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-25 06:15:11
# local_time=2015-08-25 08:15:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 1633 4316081 0 0
# scanned=20942
# found=1
# cleaned=0
# scan_time=661
sh=84BE2D977A7F9CE80682A1B9BE9A0F66DCCDDF1E ft=1 fh=ef4e80c2ddfdd544 vn="Variante von Win64/Systweak.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\Sysnative\roboot64.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=90ceacd4060c5b4dba88d0e3b70c6d56
# end=init
# utc_time=2015-08-25 06:16:39
# local_time=2015-08-25 08:16:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 25445
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=90ceacd4060c5b4dba88d0e3b70c6d56
# end=updated
# utc_time=2015-08-25 06:17:22
# local_time=2015-08-25 08:17:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=90ceacd4060c5b4dba88d0e3b70c6d56
# engine=25445
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-25 08:10:09
# local_time=2015-08-25 10:10:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8531 4322979 0 0
# scanned=316353
# found=1
# cleaned=0
# scan_time=6767
sh=84BE2D977A7F9CE80682A1B9BE9A0F66DCCDDF1E ft=1 fh=ef4e80c2ddfdd544 vn="Variante von Win64/Systweak.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\Sysnative\roboot64.exe.vir"

Checkup.txt:

Code:

ATTFilter

 Results of screen317's Security Check version 1.006  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (44.0.2403.130) 
 Google Chrome (44.0.2403.157) 
 Google Chrome (wtsapi32.dll..) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST-Addition.txt:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-08-2015
durchgeführt von Juan (2015-08-25 22:30:07)
Gestartet von C:\Users\Juan\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-994889132-872104614-2419786447-500 - Administrator - Disabled)
Gast (S-1-5-21-994889132-872104614-2419786447-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-994889132-872104614-2419786447-1006 - Limited - Enabled)
Juan (S-1-5-21-994889132-872104614-2419786447-1002 - Administrator - Enabled) => C:\Users\Juan

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-994889132-872104614-2419786447-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mp3tag v2.61a (HKLM-x32\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.31 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-994889132-872104614-2419786447-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

05-08-2015 16:06:12 Geplanter Prüfpunkt
12-08-2015 05:06:11 Windows Update
15-08-2015 11:12:54 Windows Update
22-08-2015 13:57:44 Windows Update
24-08-2015 18:21:54 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {16D2A44E-6C65-498E-ACC6-A08ECBF30002} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {1CF33A71-ED76-4BAE-9D86-CA3B5BA2A719} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {2ED6F8E5-595F-4AA0-B6D3-A7D17B44E2E3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {45788018-7A97-44BF-B245-78A0D0D5A404} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {51CDA476-333D-4682-AC8F-FED407439FBD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {72AA2B51-7B41-483E-89FD-4EFF915F8478} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {79EF303A-364B-4AD8-A1A1-B7CD68906334} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7BEA3986-3709-487D-A4EC-3EFF832C9C8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {85793506-5F12-4695-96CD-5104C5D3575C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {8883418B-82EC-49FC-B9F1-B840710B0ABC} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {99F0A56C-5002-47F1-B053-BD800B977B82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {BA66737C-91D9-4609-9186-2D3750474D4B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {CFD335E3-D842-4439-B977-88FB4B95EA6C} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {E40B9D6D-C471-42A3-A24A-FEA40585E4EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-15] (Microsoft Corporation)
Task: {ED1DF44E-4C93-4FA2-B158-06A602E347AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {FC00C62B-A29B-4FCC-9191-904B97C9AB0B} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-03 23:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-05 18:42 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-06-13 11:37 - 2015-06-13 11:37 - 00528384 _____ () C:\Program Files\WindowsApps\7digitalLtd.7digitalMusicStore_2.1.8.0_neutral__qv1vc61z2t2b4\SevenDigital.Win8.App.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-23 00:47 - 2015-08-23 00:47 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2013-09-05 18:42 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-08-22 13:57 - 2015-08-18 07:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-22 13:57 - 2015-08-18 07:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2013-09-05 18:00 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Juan\OneDrive:ms-properties

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-994889132-872104614-2419786447-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{69187A02-3A7A-44DF-AE6C-4B51680234DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B4387CEC-44D6-44BD-B827-20C59CD8F23F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB75A681-D599-4929-AD66-808C78DEB882}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{07EE9EDC-DC34-4CDD-AE3B-043B957BDE24}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{3E461B85-F750-4CB8-854E-D183C2BF2F5F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{E61A3D33-5BDF-4F53-974D-4B94782299C0}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{1DBB89DC-1515-4982-AC5A-5A7796F0039C}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9B667351-B64F-42F4-81E1-B935736FE8B1}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1C4E1032-E586-4833-84A2-A4C14A54B930}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{E98ED4CA-2307-4691-A091-E7F260A6D1BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{CDC6BA53-1E74-48A7-BBC6-089303C47362}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{514715CB-36B7-4C93-8BD3-BC3E392B0DD6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{5CB750C9-E639-44B6-9118-9C6356961B70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{10E1D93F-8473-4D5F-AF29-1F305B4B47D7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{03BDBADA-5DEE-42C5-91D4-EDA418312C0F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{B4D65B67-4C01-4041-917B-EFF33B69EF70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{62044434-5CD1-4FC8-B2FA-C3A97673630A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BC6C08A9-BC0A-4E81-8963-B8791C711F46}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{4B3D55A0-A788-41E9-9F13-F061D421ED86}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{75FE2E88-F1F7-47CF-8CB2-64CEA11831A9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{4E39C88B-3BB2-49D4-A7B1-20334C10E9D1}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{704BC8DF-1D18-4A02-9C2D-3CC10196EB21}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{D81312B6-D82E-4CFF-A5C3-E32AA625AE6E}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{AB0D0C1A-F2C6-4A2F-A433-8ED1F053C885}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{74E97420-0447-414A-8FBD-CB53E734EFDD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8335732E-F2D8-4697-ACED-17A2380A3B63}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2A0321B6-C86E-4A1A-960F-43C4D93C6614}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F9887015-8EF8-4140-9F10-C8BEB56DC707}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{806CD66C-C1C4-4D7F-AF3D-3FA7451D6949}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{7C8FCBF5-D46D-41D0-AD5C-328CBB02AC34}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{682702DF-26DA-44CB-A47C-88D8AE200791}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{22074F6A-CEFB-47A2-830E-B9D44A0B39E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8EB278A8-983A-4693-BD33-9AB09B4580C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1792074B-6436-4A8B-94A6-E608AEB99D1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF085B80-2102-4EE5-8590-E2C9AF2ECE0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A12F69AA-E324-41DF-AAF8-1B3E44703AF6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{C266802D-F25B-47E7-9BD5-DC3408681422}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{9CFA7166-0428-4A81-9246-BEBC8FA7913A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{1CF139D3-F4FD-46CE-A910-DDFC989DA0D9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{96108BE6-6FF0-4786-AA8A-E8F35443CD88}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{53175C7E-14A2-4875-B4BF-8567D4A6D373}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{03DD5E90-63C9-45F1-BC2D-6A765872D862}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{20618D90-923D-4954-BD3D-CFEE22B8C13F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8C309626-7DC3-4BF6-B5B2-1000786EF252}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{87949DB4-52F2-4055-87A6-3C141064087F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{99E37507-5983-46FC-8810-CD895A20B31A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{D4914DC1-6524-4403-8723-5F5A813E6D98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{36D4E665-2865-4926-9821-B9B1EB3FBEDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{DA834FD4-7849-403C-AB81-3193F929C043}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{029AF522-B226-4AA1-9163-6A6B0E79E0EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{D3C3ADC2-E99C-4C88-BA90-3BAE85C69EC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{AFA484CF-A0F3-41D6-BF1F-3BF30F7634A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{24D4076B-394A-4061-BB83-1C41B993AD8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{843EE1C5-CBB2-4214-934A-AA8D4B6C071F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{A26CDE6B-C4E4-48C5-BD5A-C971EADD2789}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{E0FC80F0-70F4-4F31-A628-5CA9404A856C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB373F64-822E-4705-9A4B-CC1D6CC24D1B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5959E4F9-38A9-4F60-87BE-087CD2030AF9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{8C879BE9-89EB-4E18-A1B5-6E4CFD443DC3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{589A1B66-2CD4-4D11-AF87-7C1665F40922}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{217E164A-86E8-4D6B-8E5C-9F7CC7E35B4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{D1766152-C802-4853-A891-1F25EC9C63FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5ABD3774-BA30-4AF9-83B0-F782BA45FABF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5F215DE-5B06-4C90-A205-3AEA85DB984E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89A02835-C4BF-4909-8A60-B4E71B49632E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F774AAD-E0C7-4C2B-BF01-5403950B3C2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{287AE324-497B-40F0-B1BD-79C14462D81C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{298F585C-AC3D-47EA-A11F-355D00F347C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{FDADB525-0AEC-4EF1-A1E0-CC5FF72DEC0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{C87C2A67-5EA4-4AD6-AA78-FDC6FDCD7941}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{5F4702C9-B5A9-4641-9921-67E94BFA360F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0CAF1D47-7844-4A67-ADB9-35A6D582BA87}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5696ED1A-17DB-4F28-A35C-2C0811C16CA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{BBF2FA5C-790B-41AA-B460-659EC7AE2819}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{AAF2577C-DEFD-4215-B7F5-5B8E614643B8}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [UDP Query User{89753AAE-F651-4090-AE53-A71B3563E2CB}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exe
FirewallRules: [TCP Query User{777F4B4E-A26A-4A77-9851-CC38DB06322D}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{280D5E90-03A7-4041-B9EB-96FA27400E3B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{2F6206F2-46FB-40B7-B1D1-3FBAC8605AE6}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{259EF262-B4A0-460A-82A1-AFF192D6CD66}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{76AA361F-0B8D-455C-A857-8F4A6E79ED35}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{D8BA06CB-9270-4DBF-BE5B-591BC317FBDD}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{E118B797-C319-4C3A-9678-5D9102E0CD53}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [UDP Query User{374E1A57-5503-4968-AEB8-695A6582C1E6}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [TCP Query User{8F1F9B09-3D03-4464-BBB6-B580D03544FF}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [UDP Query User{2A4E3A67-7695-4FF4-B344-58C280D3C01F}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [{3BD5364E-3937-47AB-9F1A-9C7AD603E922}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2FE8DB03-5209-4FE2-A919-628856931C3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{1E02EBAC-8A87-440F-9C3A-556C52171980}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{75BE6FC2-05CB-46DE-A382-FF3DCB498E4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{A5619A8B-F17E-417A-838C-8847E49F6A00}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A85719C0-704A-42BD-8579-44114E92429D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [TCP Query User{247A1FBE-08CE-4980-80C0-7CA60DF12074}C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{B38B3A90-C98E-46F4-9C49-5B4EC4C05B7C}C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.787\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{A15AC70D-410E-4840-BF70-6CDEE64B312C}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{94E7DCE3-9C5C-4146-91B5-D89CE48163EA}C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [{9A34691E-A378-4B45-ACAF-514E4FAFEB4A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{DA4A4344-B613-4B7C-AE8B-B9A82E20707E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{17250BCA-1C4E-4CF0-A4A3-C6181FAE5C7D}C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{FF5EAF2D-6C38-4375-B271-D582F81522FB}C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.389\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{A9822AC8-E63A-4DBE-909E-ABD99C227262}C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{0FDE9C0F-6339-412E-BF10-98AED56A11E8}C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.580\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{ED8F1C79-40E6-4EED-8EC2-9BEA12D4713D}C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{7EA25382-DBA6-495B-A090-C32F72700EF0}C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.875\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{E8BD1182-D288-49DD-9A04-EE6BAFADC349}C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{08444A27-329D-4BFF-A347-1A1D55365C1B}C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.499\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [TCP Query User{FD5AA5C4-D913-40B6-80DE-9F7ECDF258E9}C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [UDP Query User{DAD92DC9-EC0E-42A3-A058-0AB495C41836}C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin] => (Allow) C:\users\juan\appdata\local\temp\rar$exa0.916\hardcore-reloaded\bin\metin2client.bin
FirewallRules: [{3D5EE7BE-08C8-4AF2-9ED7-8AA18EE749EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{9DE5A7BF-8C91-4AA6-96A6-9C0533D8679F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{4AA320E2-880F-4DAA-A332-B1E9DC99B347}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F904AF00-DE31-4194-B056-8A361D644CAD}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{4B96F101-AEC3-449D-8FCE-75B74F08F513}] => (Allow) C:\Users\Juan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{529CE85B-ECD8-4B0F-8B94-E2127CA4D2B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{F488197C-0CCE-4028-8ACC-21F637AA852A}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{61603ED3-BBEF-48DE-9E70-4B720D27055D}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{22BF79CE-79AE-4912-904F-CF365F9E7E2A}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F83358C8-CB35-449C-B77A-A08AD01043B0}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{1BA147B1-C99F-45EC-9D68-A955EAD34E19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/25/2015 10:18:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/25/2015 08:16:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/25/2015 08:16:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/25/2015 08:16:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/25/2015 07:56:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/25/2015 07:56:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/25/2015 07:56:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/25/2015 07:56:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/25/2015 07:45:57 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (08/24/2015 09:26:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


Systemfehler:
=============
Error: (08/25/2015 08:06:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Home

Error: (08/25/2015 07:58:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/25/2015 07:58:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Juan\AppData\Local\Temp\ehdrv.sys

Error: (08/25/2015 07:58:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/25/2015 07:58:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Juan\AppData\Local\Temp\ehdrv.sys

Error: (08/25/2015 07:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/25/2015 07:58:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Juan\AppData\Local\Temp\ehdrv.sys

Error: (08/25/2015 07:49:19 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (08/25/2015 07:48:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/25/2015 07:48:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (08/25/2015 10:18:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/25/2015 08:16:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Juan\Downloads\esetsmartinstaller_deu.exe

Error: (08/25/2015 08:16:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Juan\Downloads\esetsmartinstaller_deu.exe

Error: (08/25/2015 08:16:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Juan\Downloads\esetsmartinstaller_deu.exe

Error: (08/25/2015 07:56:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Juan\Downloads\esetsmartinstaller_deu.exe

Error: (08/25/2015 07:56:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Juan\Downloads\esetsmartinstaller_deu.exe

Error: (08/25/2015 07:56:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Juan\Downloads\esetsmartinstaller_deu.exe

Error: (08/25/2015 07:56:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Juan\Downloads\esetsmartinstaller_deu.exe

Error: (08/25/2015 07:45:57 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (08/24/2015 09:26:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


CodeIntegrity:
===================================
  Date: 2015-08-25 22:21:54.177
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 22:21:54.050
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 22:21:53.891
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 22:21:53.761
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 22:21:53.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 22:21:53.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 22:21:38.008
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-25 22:21:37.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-24 18:25:26.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-24 18:25:26.371
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 7848.27 MB
Verfügbarer physikalischer RAM: 5763.83 MB
Summe virtueller Speicher: 21160.27 MB
Verfügbarer virtueller Speicher: 18916.75 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:914.76 GB) (Free:789.53 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D91B93BA)

Partition: GPT.

==================== Ende von Addition.txt ============================

FRST.txt:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-08-2015
durchgeführt von Juan (Administrator) auf JUAN-PC (25-08-2015 22:29:28)
Gestartet von C:\Users\Juan\Desktop
Geladene Profile: Juan (Verfügbare Profile: Juan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\7digitalLtd.7digitalMusicStore_2.1.8.0_neutral__qv1vc61z2t2b4\SevenDigital.Win8.App.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Atheros Communications)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74DAB17B-C890-4B64-BD96-F7415F53E187}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E0C75E5A-8B49-4FB5-9619-40444B88458A}: [DhcpNameServer] 40.32.1.201 40.32.1.202

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Keine Datei]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-03] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-23]
CHR Extension: (Google Search) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-23]
CHR Extension: (Google Sheets) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Juan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-28] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-25 22:29 - 2015-08-25 22:29 - 00017280 _____ C:\Users\Juan\Desktop\FRST.txt
2015-08-25 22:20 - 2015-08-25 22:20 - 00852684 _____ C:\Users\Juan\Downloads\SecurityCheck.exe
2015-08-25 19:56 - 2015-08-25 19:56 - 02870984 _____ (ESET) C:\Users\Juan\Downloads\esetsmartinstaller_deu.exe
2015-08-24 18:33 - 2015-08-25 19:47 - 00000000 ____D C:\Users\Juan\Downloads\FRST-OlderVersion
2015-08-24 18:24 - 2015-08-24 18:24 - 00001259 _____ C:\Users\Juan\Desktop\JRT.txt
2015-08-24 18:18 - 2015-08-24 18:18 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Juan\Downloads\JRT.exe
2015-08-24 18:11 - 2015-08-24 18:12 - 00000000 ____D C:\AdwCleaner
2015-08-24 18:11 - 2015-08-24 18:11 - 01605632 _____ C:\Users\Juan\Downloads\AdwCleaner_5.003.exe
2015-08-24 17:57 - 2015-08-24 17:57 - 00226304 _____ C:\Users\Juan\Desktop\DownloadProtectCleaner-reboot.exe
2015-08-24 17:56 - 2015-08-24 17:56 - 00327168 _____ C:\Users\Juan\Desktop\DownloadProtectCleaner.exe
2015-08-24 17:56 - 2015-08-24 17:56 - 00226304 _____ C:\Users\Juan\Downloads\DownloadProtectCleaner-reboot.exe
2015-08-23 18:26 - 2015-08-23 18:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Juan\Downloads\tdsskiller.exe
2015-08-23 18:22 - 2015-08-23 18:22 - 00050380 _____ C:\Users\Juan\Downloads\Addition.txt
2015-08-23 18:21 - 2015-08-23 18:22 - 00039738 _____ C:\Users\Juan\Downloads\FRST.txt
2015-08-23 18:20 - 2015-08-25 22:29 - 00000000 ____D C:\FRST
2015-08-23 18:19 - 2015-08-25 19:47 - 02186752 _____ (Farbar) C:\Users\Juan\Desktop\FRST64.exe
2015-08-23 14:27 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-23 14:27 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-23 14:21 - 2015-08-23 14:21 - 00001197 _____ C:\Users\Juan\Desktop\mbam2.txt
2015-08-23 05:51 - 2015-08-23 05:51 - 00024441 _____ C:\Users\Juan\Desktop\mbam.txt
2015-08-23 05:24 - 2015-08-23 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-08-23 05:24 - 2015-08-23 19:02 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-23 05:24 - 2015-08-23 13:42 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 05:24 - 2015-08-23 05:24 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-23 05:24 - 2015-08-23 05:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 05:24 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-23 05:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-23 05:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 05:23 - 2015-08-23 05:24 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Juan\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 00:54 - 2015-08-23 00:54 - 00000000 ____D C:\Users\Juan\AppData\Roaming\TuneUp Software
2015-08-23 00:54 - 2015-08-23 00:54 - 00000000 ____D C:\Users\Juan\AppData\Local\TuneUp Software
2015-08-23 00:52 - 2015-08-23 00:54 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-08-23 00:51 - 2015-08-23 05:18 - 00000000 ____D C:\Users\Juan\AppData\Roaming\DVDVideoSoft
2015-08-23 00:50 - 2015-08-23 00:51 - 30800040 _____ (DVDVideoSoft Ltd. ) C:\Users\Juan\Downloads\FreeVideoToMP3Converter5.0.61.805.exe
2015-08-23 00:44 - 2015-08-23 00:46 - 00000000 ____D C:\Users\Juan\AppData\Roaming\AdvertismentImages
2015-08-23 00:34 - 2015-08-25 19:51 - 00000000 ____D C:\Users\Juan\Desktop\Er Ist Wieder Da
2015-08-23 00:27 - 2015-08-23 05:16 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Opera Software
2015-08-23 00:27 - 2015-08-23 05:16 - 00000000 ____D C:\Users\Juan\AppData\Local\Opera Software
2015-08-23 00:26 - 2015-08-23 05:17 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-23 00:25 - 2015-08-23 00:25 - 00001206 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-08-23 00:25 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL
2015-08-23 00:23 - 2015-08-23 00:24 - 17089408 _____ (DsNET Corp ) C:\Users\Juan\Downloads\aTube_Catcher_3.8.7980.exe
2015-08-14 02:58 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-14 02:58 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-14 02:58 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-14 02:58 - 2015-06-09 20:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-14 02:57 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-14 02:57 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-14 02:57 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-14 02:57 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-14 02:57 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-14 02:57 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-14 02:57 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-14 02:57 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-14 02:57 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-14 02:57 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 05:09 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:09 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:42 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 04:42 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 04:42 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 04:42 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 04:42 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 04:42 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 04:42 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 04:42 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 04:42 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 04:42 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 04:42 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 04:42 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 04:41 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 04:41 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 04:41 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 04:41 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 04:41 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 04:41 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 04:41 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 04:41 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 04:41 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 04:41 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 04:41 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 04:41 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 04:41 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 04:41 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 04:41 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 04:41 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 04:41 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 04:41 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 04:41 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 04:41 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 04:41 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 04:41 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 04:41 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 04:41 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 04:41 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 04:41 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 04:41 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 04:41 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 04:41 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 04:39 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 04:39 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 04:39 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 04:39 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 04:39 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 04:39 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 04:39 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 04:39 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 04:39 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 04:36 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 04:36 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 04:35 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 04:35 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 04:35 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 04:35 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 04:35 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 04:35 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 04:35 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 04:35 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 04:35 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 04:35 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 04:35 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 04:35 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 04:35 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 04:35 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 04:35 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 04:35 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 04:35 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 04:35 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 04:35 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 04:35 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-25 22:16 - 2014-07-19 09:35 - 02698752 ___SH C:\Users\Juan\Downloads\Thumbs.db
2015-08-25 22:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-25 21:04 - 2014-07-08 04:41 - 01894983 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-25 19:55 - 2014-07-08 05:21 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-25 19:53 - 2014-07-08 04:50 - 00000000 ___DO C:\Users\Juan\OneDrive
2015-08-25 19:51 - 2014-10-24 22:31 - 00568320 ___SH C:\Users\Juan\Desktop\Thumbs.db
2015-08-25 19:50 - 2014-07-27 08:14 - 00000340 _____ C:\WINDOWS\Tasks\GlaryInitialize.job
2015-08-25 19:50 - 2014-03-18 03:50 - 00043814 _____ C:\WINDOWS\PFRO.log
2015-08-25 19:50 - 2013-08-22 16:46 - 00366167 _____ C:\WINDOWS\setupact.log
2015-08-25 19:50 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-25 19:50 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-25 19:47 - 2014-07-08 05:02 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F967FD8-5853-43BB-AD22-2750CCFD930B}
2015-08-24 17:57 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-24 17:55 - 2014-07-08 04:49 - 00000000 ____D C:\Users\Juan\Documents\Bluetooth Folder
2015-08-24 17:55 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-23 19:02 - 2014-09-21 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-08-23 19:02 - 2014-07-27 08:13 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2015-08-23 19:02 - 2014-07-08 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-23 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-23 19:01 - 2014-12-12 14:52 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-23 19:01 - 2014-07-27 08:42 - 00000000 ____D C:\Users\Juan\AppData\Roaming\Mp3tag
2015-08-23 19:01 - 2014-07-10 23:10 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-23 19:01 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-23 19:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-23 19:01 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-23 14:28 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-23 14:27 - 2014-07-08 00:16 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-994889132-872104614-2419786447-1002
2015-08-23 13:45 - 2014-03-18 12:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-23 13:45 - 2014-03-18 11:25 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-08-23 13:45 - 2014-03-18 11:25 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-08-23 05:52 - 2014-07-08 05:21 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-23 05:52 - 2014-07-08 04:48 - 00001454 _____ C:\Users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-23 05:08 - 2013-08-22 16:44 - 00482240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 05:03 - 2014-07-08 04:32 - 00000000 ____D C:\Users\Juan
2015-08-23 04:29 - 2015-03-01 18:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-23 00:25 - 2014-09-21 20:05 - 00000049 _____ C:\WINDOWS\SysWOW64\ScrRecX.log
2015-08-15 18:02 - 2014-11-01 05:09 - 00000000 ____D C:\Users\Juan\Desktop\Norman
2015-08-15 11:20 - 2014-07-08 00:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-15 11:15 - 2014-07-08 00:43 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-08 15:55 - 2015-04-17 21:00 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 15:55 - 2015-04-17 21:00 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-01 22:34 - 2014-07-08 05:23 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-01 22:30 - 2015-07-10 19:28 - 00000000 ___HD C:\$Windows.~BT
2015-07-26 23:56 - 2015-04-05 20:42 - 00000000 ___SD C:\WINDOWS\system32\GWX

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-09-05 18:22 - 2013-09-05 18:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-25 22:11

==================== Ende von FRST.txt ============================

Gruß Juan

M-K-D-B · 26.08.2015, 09:07

Servus,

du warst mit Adware infiziert, ist zwar lästig, aber nicht gefährlich.

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	MSE

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Juan94 · 26.08.2015, 21:26

Hallo Matthias,

ich möchte mich vielmals für deine kompetente und professionelle Hilfe bedanken!!

Ich werde deine Ratschläge befolgen und mir eins der Anti-Viren Programme herunterladen und benutzen.

Bisher habe ich fast ausschließlich die Firewall und Windows-Defender benutzt..

Eine Frage hätte ich noch.. warum hat ESET noch eine Bedrohung angezeigt?

EDIT: Nach einem Scan mit EMSISoft, ergaben sich 2 "Bedrohungen":

Code:

ATTFilter

Emsisoft Anti-Malware - Version 10.0.0.5641
Letztes Update: 26.08.2015 22:41:46
Benutzerkonto: 

Scaneinstellungen:

Scantyp: Schnelltest
Objekte: Rootkits, Speicher, Traces

Erkenne PUPs: An
Archive scannen: Aus
ADS-Scan: An
Dateierweiterungen: Aus
Advanced Caching: An
Direct Disk Access: Aus

Scan Beginn:	26.08.2015 22:42:54
Value: HKEY_USERS\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	 Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-994889132-872104614-2419786447-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	 Setting.DisableRegistryTools (A)

Gescannt	60757
Gefunden	2

Scan Ende:	26.08.2015 22:43:23
Scanzeit:	0:00:29

Sollte ich diese Löschen oder in Quarantäne verschieben?

Ich wünsche noch einen schönen Abend!

Gruß Juan

M-K-D-B · 27.08.2015, 12:30

Servus,

die Funde von EST zeigen lediglich auf die Quarantäne von AdwCleaner, keine Gefahr mehr.

Die zwei Funde von Emsi kannst du entfernen lassen, obwohl das keine "Bedrohungen" sind.

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Windows 8 Download Protect 2.2.12 hat sich eingenistet

Log-Analyse und Auswertung: Windows 8 Download Protect 2.2.12 hat sich eingenistet