Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner Backdoor.Generic_C.MYX bitte um schnelle Hilfe (https://www.trojaner-board.de/173740-trojaner-backdoor-generic_c-myx-bitte-um-schnelle-hilfe.html)

Amanatidis 03.12.2015 21:03
Trojaner Backdoor.Generic_C.MYX bitte um schnelle Hilfe
 
Liste der Anhänge anzeigen (Anzahl: 1)
Nach einem AVG Scan hat er mir 4 Trojaner angezeigt. Immer der selbe. Bitte helft mir. Bin leider ein Noob bei sowas.
Habe ihn in AVG gesichert und anschließend aus der Quarantäne gelöscht.

schrauber 03.12.2015 21:50
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Amanatidis 03.12.2015 21:57
FRST Additions Logfile:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015
durchgeführt von acer (2015-12-03 21:53:38)
Gestartet von C:\Users\acer\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-16 16:17:45)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

acer (S-1-5-21-3039150130-2540550290-118931370-1000 - Administrator - Enabled) => C:\Users\acer
Administrator (S-1-5-21-3039150130-2540550290-118931370-500 - Administrator - Disabled)
Gast (S-1-5-21-3039150130-2540550290-118931370-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Donation-Tracker (HKLM-x32\...\Donation-Tracker) (Version:  - )
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elgato Game Capture HD (HKLM-x32\...\{60A1D74D-539F-4ED3-8A87-761F1D657BD7}) (Version: 1.42.24.539 - Elgato Systems GmbH)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.1.5 - Kobo Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 296.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 296.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.12 - NVIDIA Corporation)
NVIDIA Grafiktreiber 296.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
The War Z (HKLM-x32\...\Steam App 226700) (Version:  - )
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wondershare Vivideo(Build 2.0.0.12) (HKLM-x32\...\Wondershare Vivideo_is1) (Version:  - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version:  - Team17 Digital Ltd)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

19-11-2015 18:52:00 Geplanter Prüfpunkt
20-11-2015 00:23:32 Wiederherstellungsvorgang
27-11-2015 17:46:09 Geplanter Prüfpunkt
28-11-2015 11:36:39 DirectX wurde installiert
28-11-2015 12:47:36 DirectX wurde installiert

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1467165F-1063-497D-AE81-A59BE0861947} - System32\Tasks\{3FE33FB6-5FCD-4D51-A319-FFBC99DFF30C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {213E6C59-3CB1-4840-ACF9-109DE3CD63F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {63277B56-CD3F-4B86-9EBC-FE1A777FBCB8} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {7AB94187-EC2F-4D8E-B12E-D5A8902A901A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {7CCB106D-9711-434A-B438-0FC6F6DE1B63} - System32\Tasks\0 => Iexplore.exe  <==== ACHTUNG
Task: {832998F8-5251-47AE-A9BA-BF4F1FF7385F} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {8B77F6B2-3A2F-49BE-9FA4-063255728649} - System32\Tasks\{A1736B77-BC0E-4B9E-92F6-E784560E2490} => pcalua.exe -a "C:\Users\acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PTBJ1DJ1\Install_CopyTrans_Suite.exe" -d C:\Users\acer\Desktop
Task: {90025EC9-CC61-40B9-883D-2E294FB3D1F7} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {905A5953-E21A-421A-AEA0-F1E99D463CFD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {91676BC2-8B21-46AD-AB6C-216C3652C521} - System32\Tasks\4592 => C:\Windows\system32\wscript.exe [2013-10-12] (Microsoft Corporation) <==== ACHTUNG
Task: {AC706A06-4003-40F3-9115-35ED358D777D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {BD242E9D-7275-4A94-928F-E3C0792CF183} - System32\Tasks\{701B3F71-B848-468D-B6D3-E0D87FA7653B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsMain
Task: {BEFAB5D0-D1FA-47D1-8542-28C15FAACF8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CDC3B2FC-6322-4232-9876-8895A9E93799} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {D301D7A3-41D0-4509-B726-2AA267D54F7E} - System32\Tasks\{3D8D634A-A0AA-4936-A1D7-DE5896BBA04A} => C:\Users\acer\AppData\Roaming\Spotify\spotify.exe [2015-12-03] (Spotify Ltd)
Task: {D51A20E0-6B12-4E18-8BAA-EAD1EF598D37} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {DF12B91B-FCB1-4146-84D2-D4A258BEA5F5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E3C16862-B5ED-415D-9183-D03DE51F9AB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {E81CB724-8B10-42E6-B36D-359F03FB9FEF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-27 17:10 - 2014-04-27 17:10 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-02-07 03:17 - 2012-02-07 03:17 - 00636520 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2012-02-07 03:18 - 2012-02-07 03:18 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2015-10-26 10:03 - 2015-10-26 10:03 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-01-25 18:15 - 2015-01-25 18:15 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-08-15 16:36 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-08-15 16:39 - 2012-02-07 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-12-03 20:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-03 20:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-03 20:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-03 20:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-12-03 20:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-11-11 19:05 - 2015-11-11 19:05 - 17604296 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\sony.com -> sony.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{1AED610E-D9F6-4C39-80CA-70B87BB46A13}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E8C12FFF-82BA-4B3F-B30D-20D6A3E62D8B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6AF4AFF7-514A-4AAA-A62D-8BA3FD8C5D25}] => (Allow) LPort=2869
FirewallRules: [{EF8A74DA-43FE-4184-84F7-13A0F315DC24}] => (Allow) LPort=1900
FirewallRules: [{BE33CCDB-CFE7-472E-BB99-A0B2A6BB5036}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B7FE3F04-A6B2-4EA3-B691-B660F68065DD}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{95F24661-795B-439F-9DC1-156829B78CB8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{DC20DAA6-6F51-4854-A6C4-32E5388556F1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{EE621363-DB39-40C9-ADC8-DEEE1E760E7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{AC12B6E7-B327-4CC3-8E4B-DBB8F94D6882}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{654E40B1-CE68-438A-BB3C-8900ABC11112}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{5D3B3AEE-3789-45E0-8003-FBE72CDFE36B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{0D5C3EBB-4665-4BAB-ABEB-41018C58E893}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{61B051FF-6108-42D2-B135-CE500FCE543B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{5AC0B0F4-28EA-4EBF-91D4-069442DB679B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{7E6A970C-A8B0-43A6-B275-8CCEA63E8E2F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{2568209E-B42E-4EB8-8607-3C6F6045ED6E}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{E9BEA2C2-779B-469E-B4E7-66E8490D7E41}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{A055ACA7-DCD7-450F-88DC-F30098067A2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{02EB3E91-7BA6-4238-B4CD-49D108651596}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E86F49F-508F-4DA1-BFCF-99FD27BD6AB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{092473BA-2744-4147-BA01-1E14A5AB367E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{018E2D1E-18A1-4286-860F-3DE312AE52E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34A47A72-8338-40BA-87C8-3765D7CC6563}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B348E2B1-E846-4622-BD3D-CD04B74FC427}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{6409D2A7-1AFB-4014-A75C-A053824A7654}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{2594B1C7-8FF7-4735-A18C-6FF654D27B62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{954DEE75-DBBB-494A-8C20-5F8798795107}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{89D0F56B-18D8-4E60-A27B-0F4ED2A9D964}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{6269AF89-87FC-49E4-87F2-C2D1103A77E2}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{B22F75A7-AF68-461E-8E30-E6AF45D41D08}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{C3C9B330-D459-40D4-B379-6046DCDC86C6}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DD7BC221-C359-4C6B-8143-8DA2974B3199}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0F9206ED-3175-4670-93DA-9B2356AF3462}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{2105A800-828F-44C8-B3BB-CD157DA3EDA7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{81D194B7-ED2F-4553-AC60-68CA2908DD14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{D6EA4BAF-D29A-44FB-811C-BAD4DFE63066}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{C2E3569E-7CCB-4E62-96F5-6662A0409E0E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{27B278E1-AA16-4E15-9037-CFBDBC480F2F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{661FF8D5-E9D9-4385-8459-0706BD7310C5}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CFE2BFF4-C2B0-4C44-8865-CC6E088CF1B8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{192DBEC7-48F2-4067-8549-FC5BE1F74509}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{2B8C03A8-E3E2-4785-BF4D-7324C15D7B39}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{CF21F67C-24F3-4C3E-A0FF-22E833E49F84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{73A950EC-0BFE-4EA6-8B39-1102699BFE60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7346F1B1-42D0-4F37-9F98-D46F66A77F42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FDE191FF-31F5-462F-B35D-FB60EB138053}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8F373DBF-0E37-4B6E-8F80-DF1AC78AC4D3}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{F6260692-54C3-4DF5-B857-5F807667888F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{20EE303D-36F1-4DF2-98B6-A63DBDAD893B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8898E32E-666C-4937-AC65-C2A82ACFC4F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{55D9D81A-B529-47B3-B9B4-1EE5C3135BC7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BF510A0B-2175-4B59-A984-E0B708775EA0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{7BE607F4-70F6-4AF1-98EE-CFBBEDE3F7B7}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [UDP Query User{362C9040-D5B5-4232-BD14-26DDFB3AA375}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [TCP Query User{8389083C-E3E6-4E5F-81E0-231F9B1B5B07}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Block) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [UDP Query User{6DACFDBB-EC63-4366-BAF4-410694DA6184}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Block) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [{BE5D559B-DA0F-4DD9-98B8-18A22B0E5ED9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B93B91F0-2E94-4D17-8910-A90C8C27CBE6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B036BA33-FA11-4A48-842D-5A9BE48A656D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F6D8D0C-D917-4B51-A767-A613F4233B11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9F1DE5F2-1470-446B-A7BC-B1B3E73DCECF}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\acer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D122B178-CC1B-4A69-B3DD-EF4F61CECB45}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\acer\appdata\roaming\spotify\spotify.exe
FirewallRules: [{89B025ED-BE96-4F96-BCEF-A81E7CD4DB03}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{0F4920AF-3280-47FB-B3E6-9AC1055B9DAF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{B7DECA69-9CC6-442E-9C9C-CD2B5A25EE18}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{D8DC284E-A64C-4983-A3C1-06BE1BB8E0A1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{E80494CD-C2D0-40D5-B494-D84631A31413}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4FD68238-DB44-4ABC-A0C6-27CA341C7FB6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C962D28B-F98C-466A-A46C-1EB92A518933}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5F561FB5-8477-4CE3-A5A7-BA4E58359B73}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{2EE52464-1A00-4D8B-BA17-AC1CC5482616}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{34B8BFE0-CD77-4ABC-89CE-BE37606FF50E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{8C323103-E114-46A2-B67D-1C4BB7BC1DC2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{71C37C4D-31B9-4D94-B720-83B12E8C67ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{351DD570-FAEB-4C7F-BEC4-EB8CB6A72740}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F3C6D244-9721-4C82-9DEF-216430B2672A}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{FB433EFF-6B16-426A-B08E-6F183BD92907}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [TCP Query User{F6DFF595-81E2-42D0-B62D-2A0EEAE52C7B}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1B0C3ED5-698B-478E-B945-7CB179EAA258}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8AD93BA9-294B-434C-9D5B-50B8309F1038}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B7CFADDF-1F74-46BC-BC33-2AD9394E9D0F}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [{E301E185-D821-4626-8BB9-F5711B2E540D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{16B247CB-23DB-42D0-990F-0414B1B92F1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{99F78680-2F46-4DE9-B28A-E3CCC3F70F6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{85A6AE51-5F5C-4966-AE45-32850D8FCBDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsRevolution\WormsRevolution.exe
StandardProfile\AuthorizedApplications: [C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe] => Enabled:NEXON_EU_Downloader_Engine.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/03/2015 04:46:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (12/03/2015 04:37:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2015 07:03:16 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (12/03/2015 06:54:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 04:47:33 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (12/02/2015 04:38:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 01:39:02 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (12/02/2015 01:30:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 07:07:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (12/02/2015 06:58:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (12/03/2015 05:21:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/03/2015 05:21:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/03/2015 04:36:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/03/2015 06:53:08 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/02/2015 04:37:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/02/2015 01:28:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/02/2015 06:57:38 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/01/2015 05:54:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/30/2015 07:20:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/30/2015 09:38:31 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


CodeIntegrity:
===================================
  Date: 2014-11-14 12:47:59.615
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 13:15:29.894
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-12 16:29:05.573
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-12 15:52:50.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 8140.59 MB
Verfügbarer physikalischer RAM: 4400.33 MB
Summe virtueller Speicher: 16279.39 MB
Verfügbarer virtueller Speicher: 12980.05 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:455.95 GB) (Free:119.76 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.46 GB) (Free:411.82 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BB6E739E)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
--- --- ---



FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
durchgeführt von acer (Administrator) auf ACER-PC (03-12-2015 21:53:07)
Gestartet von C:\Users\acer\Downloads
Geladene Profile: acer (Verfügbare Profile: acer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Spotify Web Helper] => C:\Users\acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-03] (Spotify Ltd)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50143872 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Spotify] => C:\Users\acer\AppData\Roaming\Spotify\Spotify.exe [8270448 2015-12-03] (Spotify Ltd)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{715EE5B1-0B76-4024-9548-24C80F0F9B40}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://acer.msn.com
hxxp://www.google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3039150130-2540550290-118931370-1000 -> DefaultScope {1BEFBE56-722F-45AD-A1E4-E9E86ED59D8B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
SearchScopes: HKU\S-1-5-21-3039150130-2540550290-118931370-1000 -> {1BEFBE56-722F-45AD-A1E4-E9E86ED59D8B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\to5mpujo.default-1446899271829
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2013-05-31] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-03-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-03-01] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-06-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-06-14]
FF Extension: Adblock Plus - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\to5mpujo.default-1446899271829\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-14] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-27] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2014-03-06] (Windows (R) Win 7 DDK provider)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-18] () [Datei ist nicht signiert]
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-03 21:53 - 2015-12-03 21:53 - 00018200 _____ C:\Users\acer\Downloads\FRST.txt
2015-12-03 21:52 - 2015-12-03 21:53 - 00000000 ____D C:\FRST
2015-12-03 21:52 - 2015-12-03 21:52 - 02350080 _____ (Farbar) C:\Users\acer\Downloads\FRST64.exe
2015-12-03 21:07 - 2015-12-03 21:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-03 21:07 - 2015-12-03 21:07 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-03 21:07 - 2015-12-03 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-03 21:07 - 2015-12-03 21:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-03 21:07 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-03 21:07 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-03 21:07 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-03 21:06 - 2015-12-03 21:06 - 01466656 _____ C:\Users\acer\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-12-03 20:36 - 2015-12-03 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-12-03 20:36 - 2015-12-03 20:36 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-12-03 20:36 - 2015-12-03 20:36 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-12-03 20:36 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-12-03 20:35 - 2015-12-03 20:35 - 01466656 _____ C:\Users\acer\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-11-30 11:14 - 2015-11-30 11:14 - 00000000 ____D C:\Users\acer\AppData\LocalLow\Italic Pig
2015-11-28 12:43 - 2015-11-28 12:43 - 00000222 _____ C:\Users\acer\Desktop\Worms Revolution.url
2015-11-28 11:22 - 2015-11-28 11:25 - 00000222 _____ C:\Users\acer\Desktop\Worms Clan Wars.url
2015-11-27 00:01 - 2015-11-27 00:01 - 00259428 _____ C:\Users\acer\AppData\Local\census.cache
2015-11-27 00:01 - 2015-11-27 00:01 - 00122364 _____ C:\Users\acer\AppData\Local\ars.cache
2015-11-26 23:48 - 2015-11-26 23:48 - 00000036 _____ C:\Users\acer\AppData\Local\housecall.guid.cache
2015-11-26 23:46 - 2015-11-27 10:29 - 00000000 ____D C:\Users\acer\AppData\Roaming\QuickScan
2015-11-20 12:43 - 2015-11-20 12:43 - 00298816 _____ C:\Windows\system32\cc_20151120_124323.reg
2015-11-20 00:32 - 2015-11-20 00:32 - 00000000 ____D C:\AdwCleaner
2015-11-20 00:06 - 2015-11-26 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-11-07 11:33 - 2015-11-20 00:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-03 21:52 - 2007-07-12 02:48 - 00000000 ____D C:\Windows
2015-12-03 21:05 - 2013-02-10 20:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 20:37 - 2013-02-11 07:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-03 20:36 - 2013-02-11 07:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-03 20:15 - 2012-12-21 14:35 - 00000000 ____D C:\Users\acer\AppData\Roaming\Skype
2015-12-03 19:02 - 2012-12-15 15:00 - 00000000 ____D C:\ProgramData\MFAData
2015-12-03 17:52 - 2013-10-12 13:35 - 00000000 ____D C:\Users\acer\AppData\Local\Battle.net
2015-12-03 17:05 - 2014-10-22 10:19 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-12-03 16:58 - 2015-02-03 08:26 - 00000000 ____D C:\Users\acer\AppData\Local\Spotify
2015-12-03 16:51 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 16:51 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 16:46 - 2013-10-12 13:35 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-03 16:42 - 2015-02-03 08:26 - 00000000 ____D C:\Users\acer\AppData\Roaming\Spotify
2015-12-03 16:37 - 2013-02-26 15:40 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-03 16:36 - 2012-10-16 17:17 - 00000000 ____D C:\Users\acer
2015-12-03 16:36 - 2012-08-15 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-03 16:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-02 06:57 - 2014-04-25 10:46 - 00000000 ____D C:\Program Files (x86)\Razer
2015-11-30 21:50 - 2012-12-15 17:46 - 00000000 ____D C:\Users\acer\AppData\Roaming\TS3Client
2015-11-30 19:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-11-30 11:30 - 2013-02-26 16:12 - 00000000 ____D C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-27 20:42 - 2015-08-04 09:07 - 00000000 ____D C:\Users\acer\dwhelper
2015-11-27 00:02 - 2013-05-20 14:45 - 00002879 _____ C:\Windows\WinInit.Ini
2015-11-21 19:21 - 2014-10-20 14:03 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 19:21 - 2014-02-17 12:41 - 00000000 ____D C:\ProgramData\Oracle
2015-11-21 19:20 - 2015-08-28 17:10 - 00000000 ____D C:\Users\acer\.oracle_jre_usage
2015-11-21 19:20 - 2014-10-20 14:03 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-21 19:20 - 2014-10-20 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 15:13 - 2012-08-10 02:19 - 00699868 _____ C:\Windows\system32\perfh007.dat
2015-11-21 15:13 - 2012-08-10 02:19 - 00149750 _____ C:\Windows\system32\perfc007.dat
2015-11-21 15:13 - 2009-07-14 06:13 - 01622164 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 12:42 - 2014-10-10 16:17 - 00000000 ____D C:\Windows\Minidump
2015-11-20 12:42 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2015-11-20 10:20 - 2015-06-17 11:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-20 01:03 - 2013-04-03 19:46 - 00000000 ____D C:\Program Files (x86)\Conduit
2015-11-20 00:26 - 2013-10-12 13:35 - 00000000 ____D C:\Users\acer\AppData\Roaming\Battle.net
2015-11-20 00:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-11-19 18:02 - 2012-03-06 11:37 - 00000000 ____D C:\ProgramData\Skype
2015-11-17 20:35 - 2015-07-14 11:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2015-11-15 11:53 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-11 19:05 - 2013-02-10 20:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 19:05 - 2012-03-06 12:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 19:05 - 2012-03-06 12:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:49 - 2013-10-12 13:36 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-07 14:03 - 2014-12-10 18:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 18:36 - 2015-10-26 10:06 - 00000940 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-11-04 18:36 - 2014-08-06 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-04 18:35 - 2012-12-15 15:01 - 00000000 ___HD C:\$AVG

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-27 00:01 - 2015-11-27 00:01 - 0122364 _____ () C:\Users\acer\AppData\Local\ars.cache
2015-11-27 00:01 - 2015-11-27 00:01 - 0259428 _____ () C:\Users\acer\AppData\Local\census.cache
2012-10-16 17:26 - 2012-10-16 17:26 - 0003072 _____ () C:\Users\acer\AppData\Local\file__0.localstorage
2015-11-26 23:48 - 2015-11-26 23:48 - 0000036 _____ () C:\Users\acer\AppData\Local\housecall.guid.cache
2013-06-20 19:58 - 2013-06-20 20:08 - 0017408 _____ () C:\Users\acer\AppData\Local\WebpageIcons.db
2013-08-26 10:10 - 2013-08-26 10:10 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-03-06 12:12 - 2012-08-15 16:52 - 0002472 _____ () C:\ProgramData\clear.fiSDK20.log
2014-10-13 16:00 - 2014-10-13 16:00 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-03-06 12:13 - 2012-08-15 16:51 - 0000032 _____ () C:\ProgramData\PS.log

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-30 13:15

==================== Ende von FRST.txt ============================
--- --- ---

Ich hoffe das war richtig.

schrauber 04.12.2015 16:28
hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Amanatidis 04.12.2015 17:18
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2015.12.04.03
rootkit: v2015.11.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
acer :: ACER-PC [administrator]

04.12.2015 16:40:51
mbar-log-2015-12-04 (16-40-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 390406
Time elapsed: 25 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

17:13:11.0540 0x16d4 TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
17:13:11.0743 0x16d4 ============================================================
17:13:11.0743 0x16d4 Current date / time: 2015/12/04 17:13:11.0743
17:13:11.0743 0x16d4 SystemInfo:
17:13:11.0743 0x16d4
17:13:11.0743 0x16d4 OS Version: 6.1.7601 ServicePack: 1.0
17:13:11.0743 0x16d4 Product type: Workstation
17:13:11.0743 0x16d4 ComputerName: ACER-PC
17:13:11.0743 0x16d4 UserName: acer
17:13:11.0743 0x16d4 Windows directory: C:\Windows
17:13:11.0743 0x16d4 System windows directory: C:\Windows
17:13:11.0743 0x16d4 Running under WOW64
17:13:11.0743 0x16d4 Processor architecture: Intel x64
17:13:11.0743 0x16d4 Number of processors: 8
17:13:11.0743 0x16d4 Page size: 0x1000
17:13:11.0743 0x16d4 Boot type: Normal boot
17:13:11.0743 0x16d4 ============================================================
17:13:11.0743 0x16d4 BG loaded
17:13:12.0398 0x16d4 System UUID: {88AB77F7-1C24-07E3-7D28-982DF6789C16}
17:13:13.0037 0x16d4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:13.0067 0x16d4 ============================================================
17:13:13.0067 0x16d4 \Device\Harddisk0\DR0:
17:13:13.0067 0x16d4 MBR partitions:
17:13:13.0067 0x16d4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
17:13:13.0067 0x16d4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x38FE7000
17:13:13.0067 0x16d4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B619800, BlocksNum 0x390EC800
17:13:13.0067 0x16d4 ============================================================
17:13:13.0087 0x16d4 C: <-> \Device\Harddisk0\DR0\Partition2
17:13:16.0148 0x16d4 D: <-> \Device\Harddisk0\DR0\Partition3
17:13:16.0148 0x16d4 ============================================================
17:13:16.0148 0x16d4 Initialize success
17:13:16.0148 0x16d4 ============================================================
17:14:40.0128 0x179c ============================================================
17:14:40.0129 0x179c Scan started
17:14:40.0129 0x179c Mode: Manual; SigCheck; TDLFS;
17:14:40.0129 0x179c ============================================================
17:14:40.0129 0x179c KSN ping started
17:14:42.0459 0x179c KSN ping finished: true
17:14:51.0664 0x179c ================ Scan system memory ========================
17:14:51.0664 0x179c System memory - ok
17:14:51.0665 0x179c ================ Scan services =============================
17:14:53.0410 0x179c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:14:53.0537 0x179c 1394ohci - ok
17:14:53.0601 0x179c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:14:53.0623 0x179c ACPI - ok
17:14:53.0650 0x179c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:14:53.0929 0x179c AcpiPmi - ok
17:14:54.0349 0x179c [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:14:54.0364 0x179c AdobeARMservice - ok
17:14:55.0372 0x179c [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:14:55.0393 0x179c AdobeFlashPlayerUpdateSvc - ok
17:14:55.0522 0x179c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:14:55.0577 0x179c adp94xx - ok
17:14:55.0624 0x179c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:14:55.0648 0x179c adpahci - ok
17:14:55.0730 0x179c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:14:55.0750 0x179c adpu320 - ok
17:14:55.0840 0x179c [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:14:55.0937 0x179c AeLookupSvc - ok
17:14:56.0065 0x179c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
17:14:56.0150 0x179c AFD - ok
17:14:56.0187 0x179c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
17:14:56.0202 0x179c agp440 - ok
17:14:56.0253 0x179c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
17:14:56.0372 0x179c ALG - ok
17:14:56.0467 0x179c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
17:14:56.0480 0x179c aliide - ok
17:14:56.0516 0x179c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
17:14:56.0536 0x179c amdide - ok
17:14:56.0597 0x179c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:14:56.0648 0x179c AmdK8 - ok
17:14:56.0673 0x179c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:14:56.0682 0x179c AmdPPM - ok
17:14:56.0714 0x179c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:14:56.0729 0x179c amdsata - ok
17:14:56.0845 0x179c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:14:56.0892 0x179c amdsbs - ok
17:14:56.0924 0x179c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:14:56.0932 0x179c amdxata - ok
17:14:57.0050 0x179c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
17:14:57.0156 0x179c AppID - ok
17:14:57.0202 0x179c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:14:57.0309 0x179c AppIDSvc - ok
17:14:57.0390 0x179c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
17:14:57.0444 0x179c Appinfo - ok
17:14:57.0795 0x179c [ 6EB87FDB59AABF6D19C927492DEA0D36, 36168F8CC75D16917A30FA1FACF57659BC2ADF870D20DEE93F851D5348E605BB ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:14:57.0806 0x179c Apple Mobile Device Service - ok
17:14:57.0906 0x179c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
17:14:57.0923 0x179c arc - ok
17:14:57.0970 0x179c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:14:57.0986 0x179c arcsas - ok
17:14:58.0511 0x179c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:14:58.0671 0x179c aspnet_state - ok
17:14:58.0731 0x179c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:14:59.0562 0x179c AsyncMac - ok
17:14:59.0628 0x179c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
17:14:59.0642 0x179c atapi - ok
17:14:59.0811 0x179c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:14:59.0867 0x179c AudioEndpointBuilder - ok
17:14:59.0903 0x179c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:14:59.0921 0x179c AudioSrv - ok
17:15:00.0186 0x179c [ 843A45EBB934EB33992CE8C72927DA21, B65E0FA7E654908B72544E4236A0A534AA53153A321877A6CC3A01876FA6FB6D ] AvgAMPS C:\Program Files (x86)\AVG\Av\avgamps.exe
17:15:00.0268 0x179c AvgAMPS - ok
17:15:00.0396 0x179c [ 0047D8CDD760C85F0FCEE46FB10F7AF5, 312039D91C71819A58E1970330ED6443CFA462FAA0B2E00B55AC25D523C65722 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
17:15:00.0414 0x179c Avgdiska - ok
17:15:00.0727 0x179c [ 279A6B916711B54DA2B2913250E5AFF1, 16BE31BB009079AE0C8C3E9CF14354F87578C8AD6502AB2F22D918B174A51EC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\Av\avgidsagent.exe
17:15:00.0795 0x179c AVGIDSAgent - ok
17:15:00.0900 0x179c [ 788FA68A9319CC73413AFE97EFD642A1, C6DF7D4A64D64A6BEAF185CDE7D910ED712A3873786EBCCF28E7E0B95A8E7905 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:15:00.0945 0x179c AVGIDSDriver - ok
17:15:01.0035 0x179c [ E9796E2C69DC0D3AEE77EC82B80F83F3, E89011A5CC74AE9FDCCD094C50289E7875A014E537A05338EA6B0152B6E992F4 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
17:15:01.0052 0x179c AVGIDSHA - ok
17:15:01.0129 0x179c [ D2E83AA008426FC9408272035E50D40B, 6F3B3385C5E1BDBF29343737C5A72A3C8B671016BC805EC51B4C0728807726E3 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
17:15:01.0143 0x179c Avgldx64 - ok
17:15:01.0268 0x179c [ 6BB3E78DE490503540DD93B9A733794D, 18832B066A10EF2CF0A02F0B834B91771DD95CC3FAB24CBACB7B60E46D280B25 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
17:15:01.0290 0x179c Avgloga - ok
17:15:01.0384 0x179c [ 0D853D9B288298D3C61D7FC94A659DB2, B4B7C19EDE805B49645EF8A310EB6CED41E46CC606AB57D7496E0CA845161AE1 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
17:15:01.0404 0x179c Avgmfx64 - ok
17:15:01.0428 0x179c [ B4551FA74295B9629B8F63B1D54EF4FB, 3C0C798D98AC8B50098ACE634ED4733A2A245D2C03B8C92397899767C11C24DD ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
17:15:01.0436 0x179c Avgrkx64 - ok
17:15:01.0714 0x179c [ 5E3C595A18B70417858BB37A3B3F6039, 374D76D2D7C684881501A48FF00CE6E0742FE75E411212EAA72543CC94CE184F ] avgsvc C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
17:15:01.0744 0x179c avgsvc - ok
17:15:02.0064 0x179c [ E78505E4A45999570F380EAA87571239, B1A22691ABCA55C68EBCF7C68E34028735B48BB6BDBEED02DA37E03752A7328A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
17:15:02.0087 0x179c Avgtdia - ok
17:15:02.0395 0x179c [ F328F131751BBFC9BBB5EDFE4080158F, 080F05CA0B6F600C27015A0572717FC94C5828847B816F8AEEFFE14A1F1E90C7 ] avgwd C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
17:15:02.0425 0x179c avgwd - ok
17:15:02.0702 0x179c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:15:02.0879 0x179c AxInstSV - ok
17:15:03.0015 0x179c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:15:03.0110 0x179c b06bdrv - ok
17:15:03.0223 0x179c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:15:03.0278 0x179c b57nd60a - ok
17:15:03.0357 0x179c [ 87F3BCF82A63E900AF896CD930BF7E05, A68141E81D0541DDC1863FAC0DDBF0362641B8B0DBE06D645D00CC0DB36B30BB ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:15:03.0387 0x179c BBSvc - ok
17:15:03.0436 0x179c [ 78779EE07231C658B483B1F38B5088DF, 42DE06151DA17C218067CA3A22509BC626CB505F87238E39D024CE29554EF47D ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:15:03.0456 0x179c BBUpdate - ok
17:15:03.0511 0x179c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
17:15:03.0633 0x179c BDESVC - ok
17:15:03.0718 0x179c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
17:15:03.0776 0x179c Beep - ok
17:15:03.0880 0x179c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
17:15:03.0988 0x179c BFE - ok
17:15:04.0164 0x179c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
17:15:04.0702 0x179c BITS - ok
17:15:04.0744 0x179c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:15:04.0782 0x179c blbdrive - ok
17:15:04.0922 0x179c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:15:04.0944 0x179c Bonjour Service - ok
17:15:04.0974 0x179c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:15:05.0115 0x179c bowser - ok
17:15:05.0157 0x179c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:15:05.0255 0x179c BrFiltLo - ok
17:15:05.0314 0x179c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:15:05.0408 0x179c BrFiltUp - ok
17:15:05.0441 0x179c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
17:15:05.0560 0x179c Browser - ok
17:15:05.0617 0x179c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:15:05.0694 0x179c Brserid - ok
17:15:05.0760 0x179c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:15:05.0783 0x179c BrSerWdm - ok
17:15:05.0820 0x179c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:15:05.0837 0x179c BrUsbMdm - ok
17:15:05.0866 0x179c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:15:05.0900 0x179c BrUsbSer - ok
17:15:05.0951 0x179c [ 832B121E4532919CC49F2438F1DCAA21, 70FFDD505A64D3CF03220D6422EDD47CA2E0DF711BBF2ED057F32A688CB2E2E8 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
17:15:05.0999 0x179c BthAvrcp - ok
17:15:06.0086 0x179c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:15:06.0143 0x179c BthEnum - ok
17:15:06.0215 0x179c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:15:06.0239 0x179c BTHMODEM - ok
17:15:06.0292 0x179c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:15:06.0356 0x179c BthPan - ok
17:15:06.0463 0x179c [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:15:06.0593 0x179c BTHPORT - ok
17:15:06.0643 0x179c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
17:15:06.0722 0x179c bthserv - ok
17:15:06.0739 0x179c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:15:06.0805 0x179c BTHUSB - ok
17:15:06.0826 0x179c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:15:06.0886 0x179c cdfs - ok
17:15:06.0937 0x179c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:15:06.0975 0x179c cdrom - ok
17:15:07.0025 0x179c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
17:15:07.0093 0x179c CertPropSvc - ok
17:15:07.0140 0x179c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
17:15:07.0205 0x179c circlass - ok
17:15:07.0379 0x179c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
17:15:07.0433 0x179c CLFS - ok
17:15:07.0526 0x179c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:07.0536 0x179c clr_optimization_v2.0.50727_32 - ok
17:15:07.0604 0x179c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:15:07.0652 0x179c clr_optimization_v2.0.50727_64 - ok
17:15:07.0822 0x179c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:15:08.0025 0x179c clr_optimization_v4.0.30319_32 - ok
17:15:08.0117 0x179c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:15:08.0139 0x179c clr_optimization_v4.0.30319_64 - ok
17:15:08.0178 0x179c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:15:08.0241 0x179c CmBatt - ok
17:15:08.0297 0x179c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:15:08.0303 0x179c cmdide - ok
17:15:08.0418 0x179c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
17:15:08.0452 0x179c CNG - ok
17:15:08.0480 0x179c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:15:08.0490 0x179c Compbatt - ok
17:15:08.0525 0x179c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:15:08.0610 0x179c CompositeBus - ok
17:15:08.0623 0x179c COMSysApp - ok
17:15:08.0652 0x179c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:15:08.0661 0x179c crcdisk - ok
17:15:08.0767 0x179c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:15:08.0819 0x179c CryptSvc - ok
17:15:08.0994 0x179c [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:15:09.0011 0x179c cvhsvc - ok
17:15:09.0090 0x179c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:15:09.0157 0x179c DcomLaunch - ok
17:15:09.0211 0x179c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
17:15:09.0257 0x179c defragsvc - ok
17:15:09.0289 0x179c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:15:09.0320 0x179c DfsC - ok
17:15:09.0371 0x179c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:15:09.0447 0x179c Dhcp - ok
17:15:09.0799 0x179c [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
17:15:09.0839 0x179c DiagTrack - ok
17:15:09.0871 0x179c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
17:15:09.0906 0x179c discache - ok
17:15:09.0953 0x179c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
17:15:09.0972 0x179c Disk - ok
17:15:10.0036 0x179c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:15:10.0167 0x179c Dnscache - ok
17:15:10.0220 0x179c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
17:15:10.0259 0x179c dot3svc - ok
17:15:10.0293 0x179c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
17:15:10.0338 0x179c DPS - ok
17:15:10.0432 0x179c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:15:10.0469 0x179c drmkaud - ok
17:15:10.0572 0x179c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:15:10.0595 0x179c DXGKrnl - ok
17:15:10.0718 0x179c [ 5DB7CEB8FB44ABF01614E33BAD2056E0, BF4A66F57340183B731F0C4409930E35AB44A5CA4A6BB9EA78BCDBAF558B53D9 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
17:15:10.0748 0x179c e1cexpress - ok
17:15:10.0804 0x179c EagleX64 - ok
17:15:10.0900 0x179c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
17:15:10.0972 0x179c EapHost - ok
17:15:11.0527 0x179c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:15:11.0650 0x179c ebdrv - ok
17:15:11.0707 0x179c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS C:\Windows\System32\lsass.exe
17:15:11.0756 0x179c EFS - ok
17:15:11.0814 0x179c [ 5332EC2BA1C112BD4BB1F38127848FEF, 156585CE4011546B20EDD20D04E639A0788B1DE6455B23B94E2CD31BA725FE3C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
17:15:11.0831 0x179c EgisTec Ticket Service - ok
17:15:11.0970 0x179c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:15:12.0100 0x179c ehRecvr - ok
17:15:12.0123 0x179c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
17:15:12.0170 0x179c ehSched - ok
17:15:12.0280 0x179c [ 551B74D84F9EAE4B03544CE107BC2745, C261B3C4414A90958CD5CA6019F0DDBAD624020E7EA02A589BD6FFBFA489E16F ] ElgatoGC658Y C:\Windows\system32\Drivers\ElgatoGC658.sys
17:15:12.0296 0x179c ElgatoGC658Y - ok
17:15:12.0381 0x179c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:15:12.0423 0x179c elxstor - ok
17:15:12.0454 0x179c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:15:12.0534 0x179c ErrDev - ok
17:15:12.0665 0x179c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
17:15:12.0795 0x179c EventSystem - ok
17:15:12.0870 0x179c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
17:15:12.0932 0x179c exfat - ok
17:15:12.0973 0x179c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:15:13.0025 0x179c fastfat - ok
17:15:13.0095 0x179c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
17:15:13.0157 0x179c Fax - ok
17:15:13.0176 0x179c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
17:15:13.0187 0x179c fdc - ok
17:15:13.0239 0x179c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
17:15:13.0312 0x179c fdPHost - ok
17:15:13.0327 0x179c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
17:15:13.0359 0x179c FDResPub - ok
17:15:13.0447 0x179c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:15:13.0462 0x179c FileInfo - ok
17:15:13.0489 0x179c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:15:13.0535 0x179c Filetrace - ok
17:15:13.0571 0x179c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:15:13.0597 0x179c flpydisk - ok
17:15:13.0668 0x179c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:15:13.0677 0x179c FltMgr - ok
17:15:13.0832 0x179c [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
17:15:13.0914 0x179c FontCache - ok
17:15:13.0983 0x179c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:15:14.0000 0x179c FontCache3.0.0.0 - ok
17:15:14.0016 0x179c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:15:14.0029 0x179c FsDepends - ok
17:15:14.0162 0x179c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:15:14.0172 0x179c Fs_Rec - ok
17:15:14.0238 0x179c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:15:14.0248 0x179c fvevol - ok
17:15:14.0287 0x179c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:15:14.0295 0x179c gagp30kx - ok
17:15:14.0452 0x179c [ 4A336C92A790A3F7C2D9952C73FCFA16, 2EB400EBAA2B50A97F442D18107316A172A92660F5D712D1C58D39172C9CD80C ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
17:15:14.0471 0x179c GamesAppIntegrationService - ok
17:15:14.0610 0x179c [ A404AE536DD73FC8118A15BFF0BD4FC0, EA24D7866FEB40DD72713601E14DBDA60497324222196B8E0791DA656DBF5DA7 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:15:14.0627 0x179c GamesAppService - ok
17:15:14.0689 0x179c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:15:14.0701 0x179c GEARAspiWDM - ok
17:15:14.0800 0x179c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
17:15:14.0834 0x179c gpsvc - ok
17:15:14.0900 0x179c [ 32096F187020A54D29C95B3A1467D963, 2A50686C1FC921B02F6B7472AC09B2CFD9DE290D22DD0342A94AB8E95AC3DC6C ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
17:15:14.0911 0x179c GREGService - ok
17:15:14.0985 0x179c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:15:15.0060 0x179c hcw85cir - ok
17:15:15.0134 0x179c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:15:15.0178 0x179c HdAudAddService - ok
17:15:15.0214 0x179c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:15:15.0251 0x179c HDAudBus - ok
17:15:15.0261 0x179c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:15:15.0279 0x179c HidBatt - ok
17:15:15.0294 0x179c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:15:15.0317 0x179c HidBth - ok
17:15:15.0332 0x179c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
17:15:15.0344 0x179c HidIr - ok
17:15:15.0380 0x179c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
17:15:15.0443 0x179c hidserv - ok
17:15:15.0535 0x179c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:15:15.0561 0x179c HidUsb - ok
17:15:15.0634 0x179c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:15:15.0680 0x179c hkmsvc - ok
17:15:15.0711 0x179c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:15:15.0745 0x179c HomeGroupListener - ok
17:15:15.0764 0x179c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:15:15.0787 0x179c HomeGroupProvider - ok
17:15:15.0809 0x179c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:15:15.0827 0x179c HpSAMD - ok
17:15:15.0948 0x179c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:15:16.0024 0x179c HTTP - ok
17:15:16.0048 0x179c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:15:16.0061 0x179c hwpolicy - ok
17:15:16.0109 0x179c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:15:16.0129 0x179c i8042prt - ok
17:15:16.0283 0x179c [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:15:16.0310 0x179c iaStor - ok
17:15:16.0386 0x179c [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:15:16.0397 0x179c IAStorDataMgrSvc - ok
17:15:16.0444 0x179c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:15:16.0469 0x179c iaStorV - ok
17:15:16.0649 0x179c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:15:16.0703 0x179c idsvc - ok
17:15:16.0737 0x179c IEEtwCollectorService - ok
17:15:16.0761 0x179c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:15:16.0777 0x179c iirsp - ok
17:15:16.0944 0x179c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
17:15:16.0992 0x179c IKEEXT - ok
17:15:17.0309 0x179c [ ABA41EE6F5EEFC034F3BBD025506B37E, 06751C79C4390555292FAB994B7D4CB8B55DDF0846D0CC8900215A65758332EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:15:17.0353 0x179c IntcAzAudAddService - ok
17:15:17.0488 0x179c [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:15:17.0512 0x179c Intel(R) Capability Licensing Service Interface - ok
17:15:17.0552 0x179c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
17:15:17.0566 0x179c intelide - ok
17:15:17.0621 0x179c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:15:17.0672 0x179c intelppm - ok
17:15:17.0759 0x179c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:15:17.0794 0x179c IPBusEnum - ok
17:15:17.0809 0x179c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:15:17.0890 0x179c IpFilterDriver - ok
17:15:18.0031 0x179c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:15:18.0115 0x179c iphlpsvc - ok
17:15:18.0179 0x179c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:15:18.0230 0x179c IPMIDRV - ok
17:15:18.0257 0x179c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:15:18.0317 0x179c IPNAT - ok
17:15:18.0505 0x179c [ 2208D673C5D4B22EB0235EA1EC6269CC, 3E73032D67B3B740E11CEA0748CDFFBE35619CBF1AC1C3D86EF089CA326D7918 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:15:18.0530 0x179c iPod Service - ok
17:15:18.0557 0x179c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:15:18.0594 0x179c IRENUM - ok
17:15:18.0675 0x179c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:15:18.0694 0x179c isapnp - ok
17:15:18.0747 0x179c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:15:18.0773 0x179c iScsiPrt - ok
17:15:18.0815 0x179c [ DC0DBA5164F657DE2AE94B9D1FF75DA4, 8A98283BB6DA44C55CC3936ACE45FD45B47641684A5C11CBEE007E8B97970279 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
17:15:18.0826 0x179c iusb3hcs - ok
17:15:18.0931 0x179c [ BA4F3A70F03584E5B907DA815677727D, 36081727AFCD51E0F20BA18BC2F310779BD33ACA975576F55E7294DF13CB13CF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
17:15:18.0952 0x179c iusb3hub - ok
17:15:19.0081 0x179c [ E6130F70D61867C7EFC13A2F808EDC58, 622F8AD2C5361D8F05091D4FF6BE69E006D8B4AEDA7BF7FC5B4F101FF57DF38E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:15:19.0108 0x179c iusb3xhc - ok
17:15:19.0173 0x179c [ 468F7516B4030603BA9D1427CCEACDF9, 939A0DF80F5E1B63A5B4703971F22E6FC079CC2135BA229DB88CB0425A2903BB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:15:19.0188 0x179c jhi_service - ok
17:15:19.0239 0x179c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:15:19.0253 0x179c kbdclass - ok
17:15:19.0278 0x179c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:15:19.0307 0x179c kbdhid - ok
17:15:19.0333 0x179c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso C:\Windows\system32\lsass.exe
17:15:19.0347 0x179c KeyIso - ok
17:15:19.0377 0x179c [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:15:19.0390 0x179c KSecDD - ok
17:15:19.0449 0x179c [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:15:19.0466 0x179c KSecPkg - ok
17:15:19.0535 0x179c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:15:19.0577 0x179c ksthunk - ok
17:15:19.0602 0x179c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
17:15:19.0649 0x179c KtmRm - ok
17:15:19.0699 0x179c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:15:19.0781 0x179c LanmanServer - ok
17:15:19.0803 0x179c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:15:19.0841 0x179c LanmanWorkstation - ok
17:15:19.0925 0x179c [ 6BB516A31DE232DAB436FF3A117E1E80, 1B91633C9D2FDD27B1712557E95D5642973105F0161D57E074A0601B666F1221 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:15:19.0942 0x179c Live Updater Service - ok
17:15:19.0967 0x179c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:15:20.0033 0x179c lltdio - ok
17:15:20.0053 0x179c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:15:20.0077 0x179c lltdsvc - ok
17:15:20.0107 0x179c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:15:20.0170 0x179c lmhosts - ok
17:15:20.0256 0x179c [ B114B200CCDEBC7EBD8EF5D783819386, BB717C97EB058D01F34A08AE64265FBF13580404184624EA2249ACBCFC163F76 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:15:20.0273 0x179c LMS - ok
17:15:20.0322 0x179c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:15:20.0339 0x179c LSI_FC - ok
17:15:20.0387 0x179c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:15:20.0405 0x179c LSI_SAS - ok
17:15:20.0446 0x179c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:15:20.0461 0x179c LSI_SAS2 - ok
17:15:20.0492 0x179c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:15:20.0509 0x179c LSI_SCSI - ok
17:15:20.0549 0x179c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
17:15:20.0590 0x179c luafv - ok
17:15:20.0677 0x179c [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
17:15:20.0740 0x179c LVRS64 - ok
17:15:21.0184 0x179c [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
17:15:21.0287 0x179c LVUVC64 - ok
17:15:21.0338 0x179c [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:15:21.0351 0x179c MBAMProtector - ok
17:15:21.0502 0x179c [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
17:15:21.0527 0x179c MBAMService - ok
17:15:21.0542 0x179c [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
17:15:21.0548 0x179c MBAMWebAccessControl - ok
17:15:21.0572 0x179c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:15:21.0587 0x179c Mcx2Svc - ok
17:15:21.0608 0x179c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
17:15:21.0614 0x179c megasas - ok
17:15:21.0731 0x179c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:15:21.0780 0x179c MegaSR - ok
17:15:21.0813 0x179c [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:15:21.0821 0x179c MEIx64 - ok
17:15:21.0835 0x179c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
17:15:21.0882 0x179c MMCSS - ok
17:15:21.0894 0x179c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
17:15:21.0917 0x179c Modem - ok
17:15:21.0938 0x179c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:15:21.0947 0x179c monitor - ok
17:15:22.0012 0x179c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:15:22.0026 0x179c mouclass - ok
17:15:22.0045 0x179c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:15:22.0082 0x179c mouhid - ok
17:15:22.0172 0x179c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:15:22.0182 0x179c mountmgr - ok
17:15:22.0348 0x179c [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:15:22.0369 0x179c MozillaMaintenance - ok
17:15:22.0431 0x179c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
17:15:22.0477 0x179c mpio - ok
17:15:22.0505 0x179c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:15:22.0550 0x179c mpsdrv - ok
17:15:22.0638 0x179c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:15:22.0685 0x179c MpsSvc - ok
17:15:22.0731 0x179c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:15:22.0806 0x179c MRxDAV - ok
17:15:22.0835 0x179c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:15:22.0892 0x179c mrxsmb - ok
17:15:22.0942 0x179c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:15:22.0990 0x179c mrxsmb10 - ok
17:15:23.0009 0x179c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:15:23.0049 0x179c mrxsmb20 - ok
17:15:23.0078 0x179c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
17:15:23.0092 0x179c msahci - ok
17:15:23.0110 0x179c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:15:23.0127 0x179c msdsm - ok
17:15:23.0170 0x179c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
17:15:23.0245 0x179c MSDTC - ok
17:15:23.0265 0x179c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:15:23.0333 0x179c Msfs - ok
17:15:23.0371 0x179c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:15:23.0420 0x179c mshidkmdf - ok
17:15:23.0433 0x179c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:15:23.0439 0x179c msisadrv - ok
17:15:23.0508 0x179c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:15:23.0577 0x179c MSiSCSI - ok
17:15:23.0579 0x179c msiserver - ok
17:15:23.0602 0x179c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:15:23.0627 0x179c MSKSSRV - ok
17:15:23.0666 0x179c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:15:23.0741 0x179c MSPCLOCK - ok
17:15:23.0757 0x179c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:15:23.0798 0x179c MSPQM - ok
17:15:23.0865 0x179c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:15:23.0889 0x179c MsRPC - ok
17:15:23.0928 0x179c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:15:23.0940 0x179c mssmbios - ok
17:15:23.0958 0x179c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:15:24.0003 0x179c MSTEE - ok
17:15:24.0015 0x179c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:15:24.0040 0x179c MTConfig - ok
17:15:24.0051 0x179c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
17:15:24.0061 0x179c Mup - ok
17:15:24.0096 0x179c [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
17:15:24.0103 0x179c mwlPSDFilter - ok
17:15:24.0136 0x179c [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
17:15:24.0145 0x179c mwlPSDNServ - ok
17:15:24.0210 0x179c [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
17:15:24.0222 0x179c mwlPSDVDisk - ok
17:15:24.0367 0x179c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
17:15:24.0399 0x179c napagent - ok
17:15:24.0438 0x179c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:15:24.0494 0x179c NativeWifiP - ok
17:15:24.0584 0x179c [ 7F79DA9E719D0774BDBC3622ABD3AFD9, BA45D9D5C983D85999BF18C6D7F985A8D2E2CA5B2A86FF2B8B0928565E789D61 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
17:15:24.0610 0x179c NAUpdate - ok
17:15:24.0762 0x179c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
17:15:24.0813 0x179c NDIS - ok
17:15:24.0865 0x179c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:15:24.0939 0x179c NdisCap - ok
17:15:24.0997 0x179c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:15:25.0080 0x179c NdisTapi - ok
17:15:25.0101 0x179c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:15:25.0135 0x179c Ndisuio - ok
17:15:25.0159 0x179c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:15:25.0191 0x179c NdisWan - ok
17:15:25.0232 0x179c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:15:25.0265 0x179c NDProxy - ok
17:15:25.0305 0x179c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:15:25.0354 0x179c NetBIOS - ok
17:15:25.0384 0x179c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:15:25.0418 0x179c NetBT - ok
17:15:25.0458 0x179c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon C:\Windows\system32\lsass.exe
17:15:25.0466 0x179c Netlogon - ok
17:15:25.0589 0x179c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
17:15:25.0680 0x179c Netman - ok
17:15:25.0718 0x179c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:15:25.0729 0x179c NetMsmqActivator - ok
17:15:25.0748 0x179c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:15:25.0759 0x179c NetPipeActivator - ok
17:15:25.0849 0x179c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
17:15:25.0893 0x179c netprofm - ok
17:15:25.0897 0x179c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:15:25.0905 0x179c NetTcpActivator - ok
17:15:25.0910 0x179c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:15:25.0918 0x179c NetTcpPortSharing - ok
17:15:25.0969 0x179c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:15:25.0984 0x179c nfrd960 - ok
17:15:26.0037 0x179c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:15:26.0084 0x179c NlaSvc - ok
17:15:26.0400 0x179c [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
17:15:26.0445 0x179c NOBU - ok
17:15:26.0469 0x179c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:15:26.0488 0x179c Npfs - ok
17:15:26.0530 0x179c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
17:15:26.0550 0x179c nsi - ok
17:15:26.0624 0x179c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:15:26.0652 0x179c nsiproxy - ok
17:15:26.0807 0x179c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:15:26.0852 0x179c Ntfs - ok
17:15:26.0875 0x179c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
17:15:26.0905 0x179c Null - ok
17:15:26.0982 0x179c [ 4C31806AD9A8A6F410E4F8308E67AD30, E9FAE5142733E9E3CDFF8AEDADBAFDE89D4DBF6B026F34B95A1EF0A473BD5599 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:15:26.0997 0x179c NVHDA - ok
17:15:28.0421 0x179c [ D5E05CDBE385F16044E104E2ECFCC4FB, 0D8AB0235564DB19E923ACACF393A83AACE750ED53A40D512E7396AF105C5EBD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:15:28.0613 0x179c nvlddmkm - ok
17:15:28.0699 0x179c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:15:28.0736 0x179c nvraid - ok
17:15:28.0784 0x179c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:15:28.0799 0x179c nvstor - ok
17:15:28.0941 0x179c [ D1FB256B53D819E31584009CF4D8868F, EB504593F7BD79E101F01CF893FED42B35D542F63D3674DF3FF36D8C88BE899A ] nvsvc C:\Windows\system32\nvvsvc.exe
17:15:28.0961 0x179c nvsvc - ok
17:15:28.0991 0x179c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:15:28.0999 0x179c nv_agp - ok
17:15:29.0211 0x179c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:15:29.0249 0x179c odserv - ok
17:15:29.0285 0x179c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:15:29.0304 0x179c ohci1394 - ok
17:15:29.0696 0x179c [ 880CD3C9ACE342F29AB2F90C751B91A4, 7882ED604EE443E182B323D9A38E35B49FD8C28EDC1196B65EDFABB22CBF6161 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
17:15:29.0814 0x179c Origin Client Service - ok
17:15:29.0885 0x179c [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:15:29.0902 0x179c ose - ok
17:15:30.0128 0x179c [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:15:30.0257 0x179c osppsvc - ok
17:15:30.0325 0x179c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:15:30.0429 0x179c p2pimsvc - ok
17:15:30.0504 0x179c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
17:15:30.0533 0x179c p2psvc - ok
17:15:30.0549 0x179c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
17:15:30.0558 0x179c Parport - ok
17:15:30.0590 0x179c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:15:30.0597 0x179c partmgr - ok
17:15:30.0625 0x179c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:15:30.0655 0x179c PcaSvc - ok
17:15:30.0664 0x179c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
17:15:30.0673 0x179c pci - ok
17:15:30.0707 0x179c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
17:15:30.0714 0x179c pciide - ok
17:15:30.0732 0x179c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:15:30.0742 0x179c pcmcia - ok
17:15:30.0752 0x179c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
17:15:30.0759 0x179c pcw - ok
17:15:30.0774 0x179c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:15:30.0798 0x179c PEAUTH - ok
17:15:30.0870 0x179c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:15:30.0889 0x179c PerfHost - ok
17:15:30.0951 0x179c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
17:15:30.0996 0x179c pla - ok
17:15:31.0028 0x179c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:15:31.0046 0x179c PlugPlay - ok
17:15:31.0061 0x179c PnkBstrA - ok
17:15:31.0073 0x179c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:15:31.0082 0x179c PNRPAutoReg - ok
17:15:31.0092 0x179c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:15:31.0104 0x179c PNRPsvc - ok
17:15:31.0128 0x179c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:15:31.0154 0x179c PolicyAgent - ok
17:15:31.0177 0x179c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
17:15:31.0198 0x179c Power - ok
17:15:31.0215 0x179c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:15:31.0235 0x179c PptpMiniport - ok
17:15:31.0246 0x179c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
17:15:31.0269 0x179c Processor - ok
17:15:31.0305 0x179c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
17:15:31.0327 0x179c ProfSvc - ok
17:15:31.0333 0x179c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe
17:15:31.0342 0x179c ProtectedStorage - ok
17:15:31.0372 0x179c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:15:31.0411 0x179c Psched - ok
17:15:31.0463 0x179c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:15:31.0501 0x179c ql2300 - ok
17:15:31.0524 0x179c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:15:31.0533 0x179c ql40xx - ok
17:15:31.0548 0x179c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
17:15:31.0562 0x179c QWAVE - ok
17:15:31.0569 0x179c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:15:31.0595 0x179c QWAVEdrv - ok
17:15:31.0609 0x179c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:15:31.0629 0x179c RasAcd - ok
17:15:31.0663 0x179c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:15:31.0707 0x179c RasAgileVpn - ok
17:15:31.0742 0x179c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
17:15:31.0763 0x179c RasAuto - ok
17:15:31.0770 0x179c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:15:31.0790 0x179c Rasl2tp - ok
17:15:31.0816 0x179c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
17:15:31.0855 0x179c RasMan - ok
17:15:31.0874 0x179c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:15:31.0912 0x179c RasPppoe - ok
17:15:31.0931 0x179c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:15:31.0962 0x179c RasSstp - ok
17:15:32.0011 0x179c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:15:32.0046 0x179c rdbss - ok
17:15:32.0066 0x179c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:15:32.0089 0x179c rdpbus - ok
17:15:32.0129 0x179c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:15:32.0170 0x179c RDPCDD - ok
17:15:32.0209 0x179c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:15:32.0229 0x179c RDPENCDD - ok
17:15:32.0254 0x179c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:15:32.0274 0x179c RDPREFMP - ok
17:15:32.0309 0x179c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:15:32.0361 0x179c RDPWD - ok
17:15:32.0379 0x179c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:15:32.0394 0x179c rdyboost - ok
17:15:32.0419 0x179c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:15:32.0455 0x179c RemoteAccess - ok
17:15:32.0473 0x179c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:15:32.0496 0x179c RemoteRegistry - ok
17:15:32.0532 0x179c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:15:32.0543 0x179c RFCOMM - ok
17:15:32.0551 0x179c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:15:32.0572 0x179c RpcEptMapper - ok
17:15:32.0583 0x179c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
17:15:32.0592 0x179c RpcLocator - ok
17:15:32.0611 0x179c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
17:15:32.0637 0x179c RpcSs - ok
17:15:32.0670 0x179c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:15:32.0690 0x179c rspndr - ok
17:15:32.0749 0x179c [ 38B86FD7D19C80C8E78466BF7DAF6EFD, 3E3DC47B659A4BE27702D89C655CD8D10329FFBE6342022FC0868ED648CBA545 ] RZMAELSTROMVADService C:\Windows\system32\drivers\RzMaelstromVAD.sys
17:15:32.0763 0x179c RZMAELSTROMVADService - ok
17:15:32.0831 0x179c [ 2ABDAE282DBC2D2FB11144184517F850, A68C3B0CCB0441C22BD27F69D22ADF2183613B8B3F9317B89279418A02E78384 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
17:15:32.0847 0x179c rzudd - ok
17:15:32.0859 0x179c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs C:\Windows\system32\lsass.exe
17:15:32.0874 0x179c SamSs - ok
17:15:32.0886 0x179c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:15:32.0896 0x179c sbp2port - ok
17:15:32.0908 0x179c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:15:32.0946 0x179c SCardSvr - ok
17:15:32.0959 0x179c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:15:32.0984 0x179c scfilter - ok
17:15:33.0060 0x179c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
17:15:33.0171 0x179c Schedule - ok
17:15:33.0202 0x179c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:15:33.0237 0x179c SCPolicySvc - ok
17:15:33.0284 0x179c [ 490B0B68BB938D5C628EC4A67277BE75, F1883EED0ECCE43B1AB3A1AF67BCE5AB44F42282D8774D5F5CA71494927A3B91 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
17:15:33.0291 0x179c ScreamBAudioSvc - ok
17:15:33.0302 0x179c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:15:33.0323 0x179c SDRSVC - ok
17:15:33.0445 0x179c [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
17:15:33.0472 0x179c SDScannerService - ok
17:15:33.0597 0x179c [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:15:33.0629 0x179c SDUpdateService - ok
17:15:33.0659 0x179c [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:15:33.0667 0x179c SDWSCService - ok
17:15:33.0689 0x179c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:15:33.0709 0x179c secdrv - ok
17:15:33.0716 0x179c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
17:15:33.0746 0x179c seclogon - ok
17:15:33.0769 0x179c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
17:15:33.0800 0x179c SENS - ok
17:15:33.0821 0x179c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:15:33.0834 0x179c SensrSvc - ok
17:15:33.0847 0x179c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:15:33.0866 0x179c Serenum - ok
17:15:33.0906 0x179c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
17:15:33.0924 0x179c Serial - ok
17:15:33.0931 0x179c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:15:33.0942 0x179c sermouse - ok
17:15:33.0961 0x179c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
17:15:33.0989 0x179c SessionEnv - ok
17:15:33.0997 0x179c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:15:34.0017 0x179c sffdisk - ok
17:15:34.0031 0x179c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:15:34.0055 0x179c sffp_mmc - ok
17:15:34.0057 0x179c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:15:34.0069 0x179c sffp_sd - ok
17:15:34.0080 0x179c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:15:34.0088 0x179c sfloppy - ok
17:15:34.0155 0x179c [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:15:34.0174 0x179c Sftfs - ok
17:15:34.0242 0x179c [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:15:34.0262 0x179c sftlist - ok
17:15:34.0287 0x179c [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:15:34.0299 0x179c Sftplay - ok
17:15:34.0310 0x179c [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:15:34.0318 0x179c Sftredir - ok
17:15:34.0325 0x179c [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:15:34.0332 0x179c Sftvol - ok
17:15:34.0343 0x179c [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:15:34.0354 0x179c sftvsa - ok
17:15:34.0381 0x179c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:15:34.0412 0x179c SharedAccess - ok
17:15:34.0431 0x179c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:15:34.0467 0x179c ShellHWDetection - ok
17:15:34.0487 0x179c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:15:34.0494 0x179c SiSRaid2 - ok
17:15:34.0504 0x179c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:15:34.0512 0x179c SiSRaid4 - ok
17:15:34.0607 0x179c [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:15:34.0624 0x179c SkypeUpdate - ok
17:15:34.0641 0x179c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:15:34.0666 0x179c Smb - ok
17:15:34.0685 0x179c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:15:34.0694 0x179c SNMPTRAP - ok
17:15:34.0701 0x179c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
17:15:34.0707 0x179c spldr - ok
17:15:34.0733 0x179c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
17:15:34.0756 0x179c Spooler - ok
17:15:34.0819 0x179c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
17:15:34.0884 0x179c sppsvc - ok
17:15:34.0889 0x179c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:15:34.0910 0x179c sppuinotify - ok
17:15:34.0925 0x179c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:15:34.0947 0x179c srv - ok
17:15:34.0986 0x179c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:15:35.0007 0x179c srv2 - ok
17:15:35.0029 0x179c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:15:35.0038 0x179c srvnet - ok
17:15:35.0063 0x179c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:15:35.0099 0x179c SSDPSRV - ok
17:15:35.0111 0x179c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:15:35.0132 0x179c SstpSvc - ok
17:15:35.0179 0x179c [ 5852D5FADD589643B6C1B5BE9D257A50, 38DC6CEB0AA6AF4FD046A9CF7571E345E52D30471E248E2B99FC6D5622257145 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:15:35.0194 0x179c Steam Client Service - ok
17:15:35.0236 0x179c [ A557A9C135B6355345D7B7803BF47E25, A63E8A62D48509F0DE86910EB4D5B48F6D3D3E9AA1656CD677D7AB6E8430E5D0 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:15:35.0247 0x179c Stereo Service - ok
17:15:35.0254 0x179c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:15:35.0261 0x179c stexstor - ok
17:15:35.0287 0x179c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
17:15:35.0305 0x179c stisvc - ok
17:15:35.0318 0x179c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
17:15:35.0324 0x179c swenum - ok
17:15:35.0337 0x179c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
17:15:35.0364 0x179c swprv - ok
17:15:35.0401 0x179c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
17:15:35.0446 0x179c SysMain - ok
17:15:35.0472 0x179c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:15:35.0496 0x179c TabletInputService - ok
17:15:35.0509 0x179c tandpl - ok
17:15:35.0541 0x179c [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
17:15:35.0557 0x179c tap0901 - ok
17:15:35.0580 0x179c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
17:15:35.0616 0x179c TapiSrv - ok
17:15:35.0627 0x179c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
17:15:35.0649 0x179c TBS - ok
17:15:35.0728 0x179c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:15:35.0758 0x179c Tcpip - ok
17:15:35.0794 0x179c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:15:35.0823 0x179c TCPIP6 - ok
17:15:35.0856 0x179c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:15:35.0884 0x179c tcpipreg - ok
17:15:35.0902 0x179c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:15:35.0916 0x179c TDPIPE - ok
17:15:35.0933 0x179c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:15:35.0943 0x179c TDTCP - ok
17:15:35.0968 0x179c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:15:35.0992 0x179c tdx - ok
17:15:36.0006 0x179c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
17:15:36.0015 0x179c TermDD - ok
17:15:36.0069 0x179c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
17:15:36.0099 0x179c TermService - ok
17:15:36.0105 0x179c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
17:15:36.0116 0x179c Themes - ok
17:15:36.0129 0x179c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
17:15:36.0150 0x179c THREADORDER - ok
17:15:36.0164 0x179c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
17:15:36.0185 0x179c TrkWks - ok
17:15:36.0228 0x179c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:15:36.0267 0x179c TrustedInstaller - ok
17:15:36.0296 0x179c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:15:36.0304 0x179c tssecsrv - ok
17:15:36.0316 0x179c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:15:36.0335 0x179c TsUsbFlt - ok
17:15:36.0346 0x179c [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:15:36.0355 0x179c TsUsbGD - ok
17:15:36.0372 0x179c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:15:36.0392 0x179c tunnel - ok
17:15:36.0398 0x179c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:15:36.0405 0x179c uagp35 - ok
17:15:36.0421 0x179c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:15:36.0445 0x179c udfs - ok
17:15:36.0457 0x179c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:15:36.0467 0x179c UI0Detect - ok
17:15:36.0477 0x179c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:15:36.0483 0x179c uliagpkx - ok
17:15:36.0504 0x179c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:15:36.0525 0x179c umbus - ok
17:15:36.0553 0x179c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
17:15:36.0562 0x179c UmPass - ok
17:15:36.0610 0x179c [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:15:36.0610 0x1be4 Object required for P2P: [ 279A6B916711B54DA2B2913250E5AFF1 ] AVGIDSAgent
17:15:36.0629 0x179c UMVPFSrv - ok
17:15:36.0706 0x179c [ 6617E7CC9DC6729A11BFF54C47CEA7D0, 637DC1E3F18DF40592ED7E16979097E4A4F3E9F735B9CA3E6DB139DED898BB8B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:15:36.0722 0x179c UNS - ok
17:15:36.0740 0x179c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
17:15:36.0778 0x179c upnphost - ok
17:15:36.0825 0x179c [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:15:36.0849 0x179c USBAAPL64 - ok
17:15:36.0890 0x179c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:15:36.0913 0x179c usbaudio - ok
17:15:36.0951 0x179c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:15:36.0989 0x179c usbccgp - ok
17:15:37.0012 0x179c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:15:37.0033 0x179c usbcir - ok
17:15:37.0056 0x179c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:15:37.0067 0x179c usbehci - ok
17:15:37.0080 0x179c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:15:37.0094 0x179c usbhub - ok
17:15:37.0108 0x179c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:15:37.0126 0x179c usbohci - ok
17:15:37.0140 0x179c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:15:37.0149 0x179c usbprint - ok
17:15:37.0161 0x179c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:15:37.0178 0x179c usbscan - ok
17:15:37.0192 0x179c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:15:37.0209 0x179c USBSTOR - ok
17:15:37.0227 0x179c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:15:37.0236 0x179c usbuhci - ok
17:15:37.0248 0x179c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
17:15:37.0268 0x179c UxSms - ok
17:15:37.0285 0x179c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc C:\Windows\system32\lsass.exe
17:15:37.0292 0x179c VaultSvc - ok
17:15:37.0358 0x179c [ 8CD776EB77695524CCE594AAC3A71569, AEF6F9B0E5F67E87819EB0E9FA5220EEF247A160A2BF8511CEDC8D12A9D4D941 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
17:15:37.0374 0x179c VBoxNetAdp - ok
17:15:37.0377 0x179c VBoxNetFlt - ok
17:15:37.0386 0x179c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:15:37.0396 0x179c vdrvroot - ok
17:15:37.0411 0x179c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
17:15:37.0440 0x179c vds - ok
17:15:37.0454 0x179c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:15:37.0465 0x179c vga - ok
17:15:37.0467 0x179c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:15:37.0489 0x179c VgaSave - ok
17:15:37.0501 0x179c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:15:37.0510 0x179c vhdmp - ok
17:15:37.0532 0x179c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
17:15:37.0539 0x179c viaide - ok
17:15:37.0560 0x179c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:15:37.0567 0x179c volmgr - ok
17:15:37.0583 0x179c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:15:37.0594 0x179c volmgrx - ok
17:15:37.0604 0x179c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:15:37.0614 0x179c volsnap - ok
17:15:37.0624 0x179c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:15:37.0633 0x179c vsmraid - ok
17:15:37.0671 0x179c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
17:15:37.0726 0x179c VSS - ok
17:15:37.0734 0x179c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:15:37.0744 0x179c vwifibus - ok
17:15:37.0762 0x179c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
17:15:37.0798 0x179c W32Time - ok
17:15:37.0810 0x179c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:15:37.0819 0x179c WacomPen - ok
17:15:37.0832 0x179c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:15:37.0862 0x179c WANARP - ok
17:15:37.0878 0x179c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:15:37.0897 0x179c Wanarpv6 - ok
17:15:37.0932 0x179c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
17:15:37.0979 0x179c wbengine - ok
17:15:37.0989 0x179c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:15:38.0003 0x179c WbioSrvc - ok
17:15:38.0014 0x179c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:15:38.0031 0x179c wcncsvc - ok
17:15:38.0038 0x179c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:15:38.0056 0x179c WcsPlugInService - ok
17:15:38.0062 0x179c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
17:15:38.0068 0x179c Wd - ok
17:15:38.0105 0x179c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:15:38.0122 0x179c Wdf01000 - ok
17:15:38.0134 0x179c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:15:38.0190 0x179c WdiServiceHost - ok
17:15:38.0195 0x179c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:15:38.0215 0x179c WdiSystemHost - ok
17:15:38.0247 0x179c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
17:15:38.0273 0x179c WebClient - ok
17:15:38.0302 0x179c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:15:38.0362 0x179c Wecsvc - ok
17:15:38.0377 0x179c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:15:38.0398 0x179c wercplsupport - ok
17:15:38.0418 0x179c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
17:15:38.0439 0x179c WerSvc - ok
17:15:38.0445 0x179c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:15:38.0464 0x179c WfpLwf - ok
17:15:38.0480 0x179c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:15:38.0486 0x179c WIMMount - ok
17:15:38.0500 0x179c WinDefend - ok
17:15:38.0513 0x179c WinHttpAutoProxySvc - ok
17:15:38.0679 0x179c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:15:38.0743 0x179c Winmgmt - ok
17:15:38.0818 0x179c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
17:15:38.0882 0x179c WinRM - ok
17:15:38.0919 0x179c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
17:15:38.0934 0x179c WinUsb - ok
17:15:38.0950 0x179c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:15:38.0981 0x179c Wlansvc - ok
17:15:39.0044 0x1be4 Object send P2P result: true
17:15:39.0044 0x1be4 Object required for P2P: [ F328F131751BBFC9BBB5EDFE4080158F ] avgwd
17:15:39.0059 0x179c [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:15:39.0075 0x179c wlcrasvc - ok
17:15:39.0153 0x179c [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:15:39.0215 0x179c wlidsvc - ok
17:15:39.0231 0x179c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:15:39.0231 0x179c WmiAcpi - ok
17:15:39.0246 0x179c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:15:39.0262 0x179c wmiApSrv - ok
17:15:39.0278 0x179c WMPNetworkSvc - ok
17:15:39.0293 0x179c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:15:39.0324 0x179c WPCSvc - ok
17:15:39.0324 0x179c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:15:39.0356 0x179c WPDBusEnum - ok
17:15:39.0371 0x179c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:15:39.0387 0x179c ws2ifsl - ok
17:15:39.0402 0x179c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
17:15:39.0434 0x179c wscsvc - ok
17:15:39.0434 0x179c WSearch - ok
17:15:39.0527 0x179c [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
17:15:39.0574 0x179c wuauserv - ok
17:15:39.0605 0x179c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:15:39.0652 0x179c WudfPf - ok
17:15:39.0668 0x179c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
17:15:39.0683 0x179c WUDFRd - ok
17:15:39.0683 0x179c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:15:39.0699 0x179c wudfsvc - ok
17:15:39.0746 0x179c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
17:15:39.0792 0x179c WwanSvc - ok
17:15:39.0839 0x179c [ AAAF81690C24E2F1EE59F1B2AED5B632, 446AE85300FCB1CDEBFF2BDD69F6B322922F40EB688EF152F853B3AB6F4D4A6A ] xb1usb C:\Windows\system32\DRIVERS\xb1usb.sys
17:15:39.0886 0x179c xb1usb - ok
17:15:39.0902 0x179c ================ Scan global ===============================
17:15:39.0917 0x179c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:15:39.0964 0x179c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
17:15:39.0980 0x179c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
17:15:39.0995 0x179c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:15:40.0042 0x179c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
17:15:40.0042 0x179c [ Global ] - ok
17:15:40.0042 0x179c ================ Scan MBR ==================================
17:15:40.0058 0x179c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:15:40.0401 0x179c \Device\Harddisk0\DR0 - ok
17:15:40.0401 0x179c ================ Scan VBR ==================================
17:15:40.0432 0x179c [ 76ED2E5E6D746F378F2537AF0DFE31A5 ] \Device\Harddisk0\DR0\Partition1
17:15:40.0463 0x179c \Device\Harddisk0\DR0\Partition1 - ok
17:15:40.0479 0x179c [ F38CD613A27567260594739B106CF59B ] \Device\Harddisk0\DR0\Partition2
17:15:40.0510 0x179c \Device\Harddisk0\DR0\Partition2 - ok
17:15:40.0510 0x179c [ FB0B3F27184CA0B99AD6485E42EC5BBC ] \Device\Harddisk0\DR0\Partition3
17:15:40.0510 0x179c \Device\Harddisk0\DR0\Partition3 - ok
17:15:40.0510 0x179c ================ Scan generic autorun ======================
17:15:40.0791 0x179c [ AB34D68B955025BC26741EEF891FDCF0, 9584F85E1F719CB46ADE8698E82B0A148296ED77FC6396CA2A198D8A3DAD05DB ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:15:40.0962 0x179c RTHDVCPL - ok
17:15:41.0040 0x179c [ 02A27FC0972181EF743160BE9F62F2B4, 0E5B5684E892B1CE83C8A50A23F8478E8D01E2DD283337B5B263FDA4C2654E9F ] C:\Program Files\iTunes\iTunesHelper.exe
17:15:41.0056 0x179c iTunesHelper - ok
17:15:41.0087 0x179c [ 4A80B3C030178E65CF0BECFF1BB20905, EBBB74B0597D1884D279C77248A818A6D9300DDE06BCE498945B82715ABE0196 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
17:15:41.0118 0x179c SuiteTray - ok
17:15:41.0181 0x179c [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
17:15:41.0196 0x179c Norton Online Backup - ok
17:15:41.0228 0x179c [ 7E4E3EE20FF5D10A60E6267A8EE67786, 43543E39AD57F43D1CA08C2A7AAB6B76102F8D4A4F57E659F39FCA5EAE0291B3 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
17:15:41.0228 0x179c USB3MON - ok
17:15:41.0274 0x179c [ 265B74F227EF875CB15158E872BFFAA9, 809D6DC752D440C321358D64B4E564D22AF98363FE008355A392754D2AFD5608 ] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
17:15:41.0306 0x179c Hotkey Utility - ok
17:15:41.0352 0x179c [ 0080EB1CDD83F14C01534B1DC754234D, D0FC9B95A12D0C92730F8031B3DB287D1309008CF15EA0C02FC14B56FAE8C320 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:15:41.0352 0x179c APSDaemon - ok
17:15:41.0508 0x179c [ BB1597F99D85047CC586F58C5C72A552, 788392F22ABA3131EE1250AF3237205D6D5E2E0E3E1A6C492E82F936B6FCE272 ] C:\Program Files (x86)\AVG\Av\avgui.exe
17:15:41.0508 0x1be4 Object send P2P result: true
17:15:41.0571 0x179c AVG_UI - ok
17:15:41.0633 0x179c [ B2D3666199175389D771DD94F5C98594, 4238DC200F718DC425F2CF4C2716289845EF207ADFDB1CAC154271FFF8528D9B ] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
17:15:41.0664 0x179c AvgUi - ok
17:15:41.0711 0x179c [ 793D7221E5EC69EA615349A13B702B8C, 1545C9634A6599FE4B35419B1B40932797FE2E7DF0B5F27D6698810CC075CF86 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
17:15:41.0727 0x179c SunJavaUpdateSched - ok
17:15:41.0727 0x179c Malwarebytes Anti-Exploit - ok
17:15:41.0836 0x179c [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
17:15:41.0883 0x179c SDTray - ok
17:15:41.0930 0x179c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:15:41.0992 0x179c Sidebar - ok
17:15:42.0008 0x179c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:15:42.0039 0x179c mctadmin - ok
17:15:42.0039 0x179c IsMyWinLockerReboot - ok
17:15:42.0070 0x179c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:15:42.0086 0x179c Sidebar - ok
17:15:42.0101 0x179c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:15:42.0101 0x179c mctadmin - ok
17:15:42.0101 0x179c IsMyWinLockerReboot - ok
17:15:42.0273 0x179c [ 5353A34090BABE3CD48B70569AF0DD12, A211D0B06DC05BFCBD13EBC71275C644B7616E95485ED8336DEFF257B7AE7E80 ] C:\Program Files (x86)\Steam\steam.exe
17:15:42.0320 0x179c Steam - ok
17:15:42.0554 0x179c [ A1BAEE2F2AA71318D08A81EB1AE60F1F, 8CEE7310553205E2047B2168CA7C578FBD80B403D644EC3E2DE7E4CECC9717FC ] C:\Users\acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe
17:15:42.0585 0x179c Spotify Web Helper - ok
17:15:42.0616 0x179c Skype - ok
17:15:42.0788 0x179c [ E9D5B153D89878EA4A0A73DB229649F9, DB19A242CDA809BA53EBA0577244B1678A5B2689EC1CA26B6F3707E171D5A893 ] C:\Users\acer\AppData\Roaming\Spotify\Spotify.exe
17:15:42.0897 0x179c Spotify - ok
17:15:43.0022 0x179c [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
17:15:43.0037 0x179c SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
17:15:45.0400 0x179c Detect skipped due to KSN trusted
17:15:45.0400 0x179c SpybotPostWindows10UpgradeReInstall - ok
17:15:45.0400 0x179c KSS - ok
17:15:45.0402 0x179c Waiting for KSN requests completion. In queue: 136
17:15:46.0402 0x179c Waiting for KSN requests completion. In queue: 136
17:15:47.0402 0x179c Waiting for KSN requests completion. In queue: 136
17:15:47.0822 0x1bf8 Object required for P2P: [ 5353A34090BABE3CD48B70569AF0DD12 ] C:\Program Files (x86)\Steam\steam.exe
17:15:48.0402 0x179c Waiting for KSN requests completion. In queue: 3
17:15:49.0402 0x179c Waiting for KSN requests completion. In queue: 3
17:15:50.0241 0x1bf8 Object send P2P result: true
17:15:50.0241 0x1bf8 Object required for P2P: [ A1BAEE2F2AA71318D08A81EB1AE60F1F ] C:\Users\acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe
17:15:50.0402 0x179c Waiting for KSN requests completion. In queue: 2
17:15:51.0402 0x179c Waiting for KSN requests completion. In queue: 2
17:15:52.0402 0x179c Waiting for KSN requests completion. In queue: 2
17:15:52.0666 0x1bf8 Object send P2P result: true
17:15:52.0666 0x1bf8 Object required for P2P: [ E9D5B153D89878EA4A0A73DB229649F9 ] C:\Users\acer\AppData\Roaming\Spotify\Spotify.exe
17:15:53.0402 0x179c Waiting for KSN requests completion. In queue: 1
17:15:54.0402 0x179c Waiting for KSN requests completion. In queue: 1
17:15:55.0120 0x1bf8 Object send P2P result: true
17:15:55.0449 0x179c AV detected via SS2: AVG AntiVirus Free Edition, C:\Program Files (x86)\AVG\Av\avgwsc.exe ( 16.7.0.7227 ), 0x41000 ( enabled : updated )
17:15:55.0455 0x179c Win FW state via NFP2: enabled ( trusted )
17:15:57.0817 0x179c ============================================================
17:15:57.0817 0x179c Scan finished
17:15:57.0817 0x179c ============================================================
17:15:57.0826 0x1b7c Detected object count: 0
17:15:57.0826 0x1b7c Actual detected object count: 0

Sieht doch gut aus oder?

schrauber 05.12.2015 22:03
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Amanatidis 06.12.2015 09:11
Liste der Anhänge anzeigen (Anzahl: 1)
Ich hoffe ich habe es dieses Mal richtig gepostet. Leider weiß ich nicht wo ich aufs Rautensymbol klicken soll. :( Habe alle Menüpunkte im Editor durchgesucht.

schrauber 07.12.2015 16:01
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Amanatidis 07.12.2015 16:40
Code:
ComboFix 15-12-03.01 - acer 06.12.2015  8:48.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8141.5838 [GMT 1:00]
ausgeführt von:: c:\users\acer\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-11-06 bis 2015-12-06  ))))))))))))))))))))))))))))))
.
.
2015-12-06 07:56 . 2015-12-06 07:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-12-04 15:40 . 2015-12-04 16:08        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-12-04 08:53 . 2015-12-04 08:53        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2015-12-04 08:13 . 2015-12-04 08:33        --------        d-----w-        C:\EEK
2015-12-03 20:52 . 2015-12-03 20:54        --------        d-----w-        C:\FRST
2015-12-03 20:07 . 2015-12-04 15:40        192216        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-03 20:07 . 2015-12-04 16:19        109272        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-12-03 20:07 . 2015-12-03 20:07        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-12-03 20:07 . 2015-10-05 08:50        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-12-03 20:07 . 2015-10-05 08:50        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-11-26 22:46 . 2015-12-04 07:52        --------        d-----w-        c:\users\acer\AppData\Roaming\QuickScan
2015-11-21 18:20 . 2015-11-21 18:20        --------        d-----w-        c:\program files (x86)\Common Files\Java
2015-11-20 11:43 . 2015-11-20 11:43        298816        ----a-w-        c:\windows\system32\cc_20151120_124323.reg
2015-11-19 23:32 . 2015-11-19 23:32        --------        d-----w-        C:\AdwCleaner
2015-11-19 23:06 . 2015-11-26 21:56        --------        d-----w-        c:\programdata\Malwarebytes Anti-Exploit
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-21 18:20 . 2014-10-20 13:03        97888        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-11-11 18:05 . 2012-03-06 11:11        780488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 18:05 . 2012-03-06 11:11        142536        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-21 15:16 . 2015-10-21 15:16        284080        ----a-w-        c:\windows\system32\drivers\avgldx64.sys
2015-10-21 15:15 . 2015-10-21 15:15        255408        ----a-w-        c:\windows\system32\drivers\avgmfx64.sys
2015-10-19 07:03 . 2015-10-19 07:03        313776        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys
2015-10-08 06:46 . 2015-10-08 06:46        302000        ----a-w-        c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-11-10 3011152]
"Spotify Web Helper"="c:\users\acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-12-03 2345584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-11-30 50509440]
"Spotify"="c:\users\acer\AppData\Roaming\Spotify\Spotify.exe" [2015-12-03 8270448]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-04 291096]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2012-02-07 636520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
"AVG_UI"="c:\program files (x86)\AVG\Av\avgui.exe" [2015-10-30 3826600]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguix.exe" [2015-11-12 1136552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\Av\avgidsagent.exe;c:\program files (x86)\AVG\Av\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AvgAMPS;AvgAMPS;c:\program files (x86)\AVG\Av\avgamps.exe;c:\program files (x86)\AVG\Av\avgamps.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 ElgatoGC658Y;Elgato Game Capture;c:\windows\system32\Drivers\ElgatoGC658.sys;c:\windows\SYSNATIVE\Drivers\ElgatoGC658.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\Av\avgwdsvcx.exe;c:\program files (x86)\AVG\Av\avgwdsvcx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-06 18:05]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-07-11 170280]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8080
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\to5mpujo.default-1446899271829\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KSS - c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
Wow6432Node-HKLM-Run-Malwarebytes Anti-Exploit - c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe
SafeBoot-40288791.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-12-06  09:01:08
ComboFix-quarantined-files.txt  2015-12-06 08:01
.
Vor Suchlauf: 15 Verzeichnis(se), 130.566.062.080 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 130.311.102.464 Bytes frei
.
- - End Of File - - FD92030E8042F16D8F9E00C2F25C831C
So richtig, habe das # Symbol bei mir im Editor gesucht, nicht im Forum ^^?

schrauber 08.12.2015 20:01
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Amanatidis 08.12.2015 21:37
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 08.12.2015
Suchlaufzeit: 20:59
Protokolldatei: Malwarebyt.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.12.08.03
Rootkit-Datenbank: v2015.12.07.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: acer

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 401998
Abgelaufene Zeit: 17 Min., 29 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Code:
# AdwCleaner v5.024 - Bericht erstellt am 08/12/2015 um 21:23:14
# Aktualisiert am 07/12/2015 von Xplode
# Datenbank : 2015-12-07.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : acer - ACER-PC
# Gestartet von : C:\Users\acer\Downloads\AdwCleaner_5.024.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
[-] Ordner Gelöscht : C:\Program Files (x86)\World of Warcraft Beta
[-] Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FCA0E497-33D1-4DBE-8FDB-7F9A597C8BC2}]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Schlüssel Gelöscht : HKCU\Software\APN PIP
[-] Schlüssel Gelöscht : HKCU\Software\AVG Nation toolbar
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\videosaver
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Nation toolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2479 Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by acer (Administrator) on 08.12.2015 at 21:28:04,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\Users\acer\AppData\Local\{17BE2DAC-CCA7-4027-8F87-421FA92D243F} (Empty Folder)
Successfully deleted: C:\Users\acer\AppData\Local\{1C3DAB11-D917-4C76-8B9F-5F3A95EA4202} (Empty Folder)
Successfully deleted: C:\Users\acer\AppData\Local\{389F1299-9208-44F0-8CED-48D4DB5C2842} (Empty Folder)
Successfully deleted: C:\Users\acer\AppData\Local\{43055ABD-5CA9-4195-B2D1-376D3C164162} (Empty Folder)
Successfully deleted: C:\Users\acer\AppData\Local\{6F340FCF-A763-4A50-B95A-D362052C98DD} (Empty Folder)
Successfully deleted: C:\Users\acer\AppData\Local\{71828A6F-DFFD-43A7-ACD3-B117AA17118E} (Empty Folder)
Successfully deleted: C:\Users\acer\AppData\Local\{948B1D5F-14EA-48B9-B2CC-5F05D17EBD72} (Empty Folder)
Successfully deleted: C:\Users\acer\AppData\Local\{CD4DD234-2559-49F3-B86F-41B3FCDA7BF0} (Empty Folder)
Successfully deleted: C:\Users\acer\AppData\Local\{E02D1642-2B25-46DE-89E9-16B12C15C489} (Empty Folder)
Successfully deleted: C:\Users\acer\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Windows\system32\Tasks\? (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.12.2015 at 21:29:58,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
durchgeführt von acer (Administrator) auf ACER-PC (08-12-2015 21:32:22)
Gestartet von C:\Users\acer\Downloads
Geladene Profile: acer (Verfügbare Profile: acer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Spotify Web Helper] => C:\Users\acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-03] (Spotify Ltd)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-30] (Skype Technologies S.A.)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Spotify] => C:\Users\acer\AppData\Roaming\Spotify\Spotify.exe [8270448 2015-12-03] (Spotify Ltd)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{715EE5B1-0B76-4024-9548-24C80F0F9B40}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://acer.msn.com
hxxp://www.google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3039150130-2540550290-118931370-1000 -> DefaultScope {1BEFBE56-722F-45AD-A1E4-E9E86ED59D8B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
SearchScopes: HKU\S-1-5-21-3039150130-2540550290-118931370-1000 -> {1BEFBE56-722F-45AD-A1E4-E9E86ED59D8B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\to5mpujo.default-1446899271829
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2013-05-31] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-03-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-03-01] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-06-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\to5mpujo.default-1446899271829\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-14] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-27] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2014-03-06] (Windows (R) Win 7 DDK provider)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-18] () [Datei ist nicht signiert]
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-08 21:32 - 2015-12-08 21:32 - 00000000 ____D C:\Users\acer\Downloads\FRST-OlderVersion
2015-12-08 21:29 - 2015-12-08 21:29 - 00001627 _____ C:\Users\acer\Desktop\JRT.txt
2015-12-08 21:27 - 2015-12-08 21:27 - 01599336 _____ (Malwarebytes) C:\Users\acer\Downloads\JRT.exe
2015-12-08 21:25 - 2015-12-08 21:25 - 00002565 _____ C:\Users\acer\Desktop\AdwCleaner[C1].txt
2015-12-08 21:18 - 2015-12-08 21:18 - 01738240 _____ C:\Users\acer\Downloads\AdwCleaner_5.024.exe
2015-12-08 21:17 - 2015-12-08 21:17 - 00001215 _____ C:\Users\acer\Desktop\Malwarebyt.txt
2015-12-06 09:02 - 2015-12-06 09:02 - 00022725 _____ C:\Users\acer\Desktop\Combofix scann.txt
2015-12-06 09:01 - 2015-12-06 09:01 - 00022725 _____ C:\ComboFix.txt
2015-12-06 08:46 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-06 08:46 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-06 08:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-06 08:40 - 2015-12-06 09:01 - 00000000 ____D C:\Qoobox
2015-12-06 08:40 - 2015-12-06 08:59 - 00000000 ____D C:\Windows\erdnt
2015-12-06 08:39 - 2015-12-06 08:39 - 05639148 ____R (Swearware) C:\Users\acer\Downloads\ComboFix.exe
2015-12-04 17:13 - 2015-12-04 17:18 - 00223718 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_17.13.11_log.txt
2015-12-04 17:10 - 2015-12-04 17:11 - 00004658 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_17.10.26_log.txt
2015-12-04 17:10 - 2015-12-04 17:10 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\acer\Downloads\tdsskiller.exe
2015-12-04 16:40 - 2015-12-04 17:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-04 16:39 - 2015-12-04 17:08 - 00000000 ____D C:\Users\acer\Desktop\mbar
2015-12-04 16:36 - 2015-12-04 16:39 - 16563352 _____ (Malwarebytes Corp.) C:\Users\acer\Downloads\mbar-1.09.3.1001.exe
2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-12-04 09:45 - 2015-12-04 09:45 - 01988928 _____ (Kaspersky Lab) C:\Users\acer\Downloads\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7695.exe
2015-12-04 09:13 - 2015-12-04 09:33 - 00000000 ____D C:\EEK
2015-12-04 09:12 - 2015-12-04 09:13 - 170692880 _____ C:\Users\acer\Downloads\EmsisoftEmergencyKit.exe
2015-12-03 21:53 - 2015-12-08 21:32 - 00016157 _____ C:\Users\acer\Downloads\FRST.txt
2015-12-03 21:53 - 2015-12-03 21:54 - 00049610 _____ C:\Users\acer\Downloads\Addition.txt
2015-12-03 21:52 - 2015-12-08 21:32 - 02369024 _____ (Farbar) C:\Users\acer\Downloads\FRST64.exe
2015-12-03 21:52 - 2015-12-08 21:32 - 00000000 ____D C:\FRST
2015-12-03 21:07 - 2015-12-08 20:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-03 21:07 - 2015-12-04 17:19 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-03 21:07 - 2015-12-03 21:07 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-03 21:07 - 2015-12-03 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-03 21:07 - 2015-12-03 21:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-03 21:07 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-03 21:07 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-03 21:06 - 2015-12-03 21:06 - 01466656 _____ C:\Users\acer\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-12-03 20:35 - 2015-12-03 20:35 - 01466656 _____ C:\Users\acer\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-11-30 11:14 - 2015-11-30 11:14 - 00000000 ____D C:\Users\acer\AppData\LocalLow\Italic Pig
2015-11-28 12:43 - 2015-11-28 12:43 - 00000222 _____ C:\Users\acer\Desktop\Worms Revolution.url
2015-11-28 11:22 - 2015-11-28 11:25 - 00000222 _____ C:\Users\acer\Desktop\Worms Clan Wars.url
2015-11-27 00:01 - 2015-11-27 00:01 - 00259428 _____ C:\Users\acer\AppData\Local\census.cache
2015-11-27 00:01 - 2015-11-27 00:01 - 00122364 _____ C:\Users\acer\AppData\Local\ars.cache
2015-11-26 23:48 - 2015-11-26 23:48 - 00000036 _____ C:\Users\acer\AppData\Local\housecall.guid.cache
2015-11-26 23:46 - 2015-12-04 08:52 - 00000000 ____D C:\Users\acer\AppData\Roaming\QuickScan
2015-11-20 12:43 - 2015-11-20 12:43 - 00298816 _____ C:\Windows\system32\cc_20151120_124323.reg
2015-11-20 00:32 - 2015-12-08 21:23 - 00000000 ____D C:\AdwCleaner
2015-11-20 00:06 - 2015-11-26 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-08 21:26 - 2015-02-03 08:26 - 00000000 ____D C:\Users\acer\AppData\Local\Spotify
2015-12-08 21:26 - 2012-12-21 14:35 - 00000000 ____D C:\Users\acer\AppData\Roaming\Skype
2015-12-08 21:25 - 2015-02-03 08:26 - 00000000 ____D C:\Users\acer\AppData\Roaming\Spotify
2015-12-08 21:25 - 2013-02-26 15:40 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-08 21:24 - 2012-08-15 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-08 21:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-08 21:05 - 2013-02-10 20:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-08 19:55 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-08 19:55 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-08 18:00 - 2012-12-15 15:00 - 00000000 ____D C:\ProgramData\MFAData
2015-12-07 21:32 - 2012-10-16 17:17 - 00000000 ____D C:\Users\acer
2015-12-07 16:54 - 2013-10-12 13:35 - 00000000 ____D C:\Users\acer\AppData\Local\Battle.net
2015-12-07 16:44 - 2013-10-12 13:35 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-07 11:51 - 2014-10-22 10:19 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-12-07 09:56 - 2015-10-26 10:06 - 00000940 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-12-07 09:56 - 2014-08-06 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-06 09:14 - 2013-02-11 07:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-06 09:01 - 2007-07-12 02:48 - 00000000 ____D C:\Windows
2015-12-06 08:56 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-12-06 08:46 - 2013-02-11 07:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-05 09:58 - 2013-10-12 13:36 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-04 18:29 - 2012-03-06 11:37 - 00000000 ____D C:\ProgramData\Skype
2015-12-02 06:57 - 2014-04-25 10:46 - 00000000 ____D C:\Program Files (x86)\Razer
2015-11-30 21:50 - 2012-12-15 17:46 - 00000000 ____D C:\Users\acer\AppData\Roaming\TS3Client
2015-11-30 19:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-11-30 11:30 - 2013-02-26 16:12 - 00000000 ____D C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-27 20:42 - 2015-08-04 09:07 - 00000000 ____D C:\Users\acer\dwhelper
2015-11-21 19:21 - 2014-10-20 14:03 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 19:21 - 2014-02-17 12:41 - 00000000 ____D C:\ProgramData\Oracle
2015-11-21 19:20 - 2015-08-28 17:10 - 00000000 ____D C:\Users\acer\.oracle_jre_usage
2015-11-21 19:20 - 2014-10-20 14:03 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-21 19:20 - 2014-10-20 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 15:13 - 2012-08-10 02:19 - 00699868 _____ C:\Windows\system32\perfh007.dat
2015-11-21 15:13 - 2012-08-10 02:19 - 00149750 _____ C:\Windows\system32\perfc007.dat
2015-11-21 15:13 - 2009-07-14 06:13 - 01622164 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 12:42 - 2014-10-10 16:17 - 00000000 ____D C:\Windows\Minidump
2015-11-20 12:42 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2015-11-20 10:20 - 2015-06-17 11:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-20 00:26 - 2015-11-07 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-20 00:26 - 2013-10-12 13:35 - 00000000 ____D C:\Users\acer\AppData\Roaming\Battle.net
2015-11-20 00:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-11-17 20:35 - 2015-07-14 11:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2015-11-15 11:53 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-11 19:05 - 2013-02-10 20:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 19:05 - 2012-03-06 12:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 19:05 - 2012-03-06 12:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-27 00:01 - 2015-11-27 00:01 - 0122364 _____ () C:\Users\acer\AppData\Local\ars.cache
2015-11-27 00:01 - 2015-11-27 00:01 - 0259428 _____ () C:\Users\acer\AppData\Local\census.cache
2012-10-16 17:26 - 2012-10-16 17:26 - 0003072 _____ () C:\Users\acer\AppData\Local\file__0.localstorage
2015-11-26 23:48 - 2015-11-26 23:48 - 0000036 _____ () C:\Users\acer\AppData\Local\housecall.guid.cache
2013-06-20 19:58 - 2013-06-20 20:08 - 0017408 _____ () C:\Users\acer\AppData\Local\WebpageIcons.db
2013-08-26 10:10 - 2013-08-26 10:10 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-03-06 12:12 - 2012-08-15 16:52 - 0002472 _____ () C:\ProgramData\clear.fiSDK20.log
2014-10-13 16:00 - 2014-10-13 16:00 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-03-06 12:13 - 2012-08-15 16:51 - 0000032 _____ () C:\ProgramData\PS.log

Einige Dateien in TEMP:
====================
C:\Users\acer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-30 13:15

==================== Ende von FRST.txt ============================

cosinus 10.12.2015 15:43
schrauber ist verhindert. Ich spring hiermal für ihn ein.


Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Untersuchen klicken.

http://www.trojaner-board.de/picture...&pictureid=611

Amanatidis 10.12.2015 16:27
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
durchgeführt von acer (Administrator) auf ACER-PC (10-12-2015 16:24:15)
Gestartet von C:\Users\acer\Downloads
Geladene Profile: acer (Verfügbare Profile: acer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Spotify Web Helper] => C:\Users\acer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-03] (Spotify Ltd)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Spotify] => C:\Users\acer\AppData\Roaming\Spotify\Spotify.exe [8270448 2015-12-03] (Spotify Ltd)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{715EE5B1-0B76-4024-9548-24C80F0F9B40}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://acer.msn.com
hxxp://www.google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3039150130-2540550290-118931370-1000 -> DefaultScope {1BEFBE56-722F-45AD-A1E4-E9E86ED59D8B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
SearchScopes: HKU\S-1-5-21-3039150130-2540550290-118931370-1000 -> {1BEFBE56-722F-45AD-A1E4-E9E86ED59D8B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\to5mpujo.default-1446899271829
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2013-05-31] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-03-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-03-01] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-06-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\to5mpujo.default-1446899271829\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-14] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-27] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2014-03-06] (Windows (R) Win 7 DDK provider)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-18] () [Datei ist nicht signiert]
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-10 16:21 - 2015-12-10 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-08 21:37 - 2015-12-08 21:38 - 00000000 ____D C:\Users\acer\Desktop\Trojaboard
2015-12-08 21:32 - 2015-12-08 21:32 - 00000000 ____D C:\Users\acer\Downloads\FRST-OlderVersion
2015-12-08 21:27 - 2015-12-08 21:27 - 01599336 _____ (Malwarebytes) C:\Users\acer\Downloads\JRT.exe
2015-12-08 21:18 - 2015-12-08 21:18 - 01738240 _____ C:\Users\acer\Downloads\AdwCleaner_5.024.exe
2015-12-06 09:02 - 2015-12-06 09:02 - 00022725 _____ C:\Users\acer\Desktop\Combofix scann.txt
2015-12-06 09:01 - 2015-12-06 09:01 - 00022725 _____ C:\ComboFix.txt
2015-12-06 08:46 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-06 08:46 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-06 08:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-06 08:46 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-06 08:40 - 2015-12-06 09:01 - 00000000 ____D C:\Qoobox
2015-12-06 08:40 - 2015-12-06 08:59 - 00000000 ____D C:\Windows\erdnt
2015-12-06 08:39 - 2015-12-06 08:39 - 05639148 ____R (Swearware) C:\Users\acer\Downloads\ComboFix.exe
2015-12-04 17:13 - 2015-12-04 17:18 - 00223718 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_17.13.11_log.txt
2015-12-04 17:10 - 2015-12-04 17:11 - 00004658 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_17.10.26_log.txt
2015-12-04 17:10 - 2015-12-04 17:10 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\acer\Downloads\tdsskiller.exe
2015-12-04 16:40 - 2015-12-04 17:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-04 16:39 - 2015-12-04 17:08 - 00000000 ____D C:\Users\acer\Desktop\mbar
2015-12-04 16:36 - 2015-12-04 16:39 - 16563352 _____ (Malwarebytes Corp.) C:\Users\acer\Downloads\mbar-1.09.3.1001.exe
2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-12-04 09:45 - 2015-12-04 09:45 - 01988928 _____ (Kaspersky Lab) C:\Users\acer\Downloads\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7695.exe
2015-12-04 09:13 - 2015-12-04 09:33 - 00000000 ____D C:\EEK
2015-12-04 09:12 - 2015-12-04 09:13 - 170692880 _____ C:\Users\acer\Downloads\EmsisoftEmergencyKit.exe
2015-12-03 21:53 - 2015-12-10 16:24 - 00017207 _____ C:\Users\acer\Downloads\FRST.txt
2015-12-03 21:53 - 2015-12-03 21:54 - 00049610 _____ C:\Users\acer\Downloads\Addition.txt
2015-12-03 21:52 - 2015-12-10 16:24 - 00000000 ____D C:\FRST
2015-12-03 21:52 - 2015-12-08 21:32 - 02369024 _____ (Farbar) C:\Users\acer\Downloads\FRST64.exe
2015-12-03 21:07 - 2015-12-08 20:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-03 21:07 - 2015-12-04 17:19 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-03 21:07 - 2015-12-03 21:07 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-03 21:07 - 2015-12-03 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-03 21:07 - 2015-12-03 21:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-03 21:07 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-03 21:07 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-03 21:06 - 2015-12-03 21:06 - 01466656 _____ C:\Users\acer\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-12-03 20:35 - 2015-12-03 20:35 - 01466656 _____ C:\Users\acer\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-11-30 11:14 - 2015-11-30 11:14 - 00000000 ____D C:\Users\acer\AppData\LocalLow\Italic Pig
2015-11-28 12:43 - 2015-11-28 12:43 - 00000222 _____ C:\Users\acer\Desktop\Worms Revolution.url
2015-11-28 11:22 - 2015-11-28 11:25 - 00000222 _____ C:\Users\acer\Desktop\Worms Clan Wars.url
2015-11-27 00:01 - 2015-11-27 00:01 - 00259428 _____ C:\Users\acer\AppData\Local\census.cache
2015-11-27 00:01 - 2015-11-27 00:01 - 00122364 _____ C:\Users\acer\AppData\Local\ars.cache
2015-11-26 23:48 - 2015-11-26 23:48 - 00000036 _____ C:\Users\acer\AppData\Local\housecall.guid.cache
2015-11-26 23:46 - 2015-12-04 08:52 - 00000000 ____D C:\Users\acer\AppData\Roaming\QuickScan
2015-11-20 12:43 - 2015-11-20 12:43 - 00298816 _____ C:\Windows\system32\cc_20151120_124323.reg
2015-11-20 00:32 - 2015-12-08 21:23 - 00000000 ____D C:\AdwCleaner
2015-11-20 00:06 - 2015-11-26 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-10 16:22 - 2012-12-21 14:35 - 00000000 ____D C:\Users\acer\AppData\Roaming\Skype
2015-12-10 16:21 - 2015-08-19 16:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-10 16:21 - 2014-02-27 07:45 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-10 16:21 - 2014-02-27 07:45 - 00000000 ____D C:\Users\acer\AppData\Local\Skype
2015-12-10 16:21 - 2012-12-15 15:00 - 00000000 ____D C:\ProgramData\MFAData
2015-12-10 16:21 - 2012-03-06 11:37 - 00000000 ____D C:\ProgramData\Skype
2015-12-10 16:20 - 2015-02-03 08:26 - 00000000 ____D C:\Users\acer\AppData\Roaming\Spotify
2015-12-10 16:20 - 2015-02-03 08:26 - 00000000 ____D C:\Users\acer\AppData\Local\Spotify
2015-12-10 16:20 - 2013-02-26 15:40 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-10 16:18 - 2012-10-16 17:17 - 00000000 ____D C:\Users\acer
2015-12-10 16:18 - 2012-08-15 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-10 16:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-09 21:05 - 2013-02-10 20:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-09 20:05 - 2013-02-10 20:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 20:05 - 2012-03-06 12:11 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 20:05 - 2012-03-06 12:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 17:18 - 2013-10-12 13:35 - 00000000 ____D C:\Users\acer\AppData\Local\Battle.net
2015-12-09 16:19 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-09 16:19 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-09 16:16 - 2014-10-22 10:19 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-12-09 16:15 - 2013-10-12 13:35 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-07 09:56 - 2015-10-26 10:06 - 00000940 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-12-07 09:56 - 2014-08-06 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-06 09:14 - 2013-02-11 07:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-06 09:01 - 2007-07-12 02:48 - 00000000 ____D C:\Windows
2015-12-06 08:56 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-12-06 08:46 - 2013-02-11 07:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-05 09:58 - 2013-10-12 13:36 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-02 06:57 - 2014-04-25 10:46 - 00000000 ____D C:\Program Files (x86)\Razer
2015-11-30 21:50 - 2012-12-15 17:46 - 00000000 ____D C:\Users\acer\AppData\Roaming\TS3Client
2015-11-30 19:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-11-30 11:30 - 2013-02-26 16:12 - 00000000 ____D C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-27 20:42 - 2015-08-04 09:07 - 00000000 ____D C:\Users\acer\dwhelper
2015-11-21 19:21 - 2014-10-20 14:03 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 19:21 - 2014-02-17 12:41 - 00000000 ____D C:\ProgramData\Oracle
2015-11-21 19:20 - 2015-08-28 17:10 - 00000000 ____D C:\Users\acer\.oracle_jre_usage
2015-11-21 19:20 - 2014-10-20 14:03 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-21 19:20 - 2014-10-20 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 15:13 - 2012-08-10 02:19 - 00699868 _____ C:\Windows\system32\perfh007.dat
2015-11-21 15:13 - 2012-08-10 02:19 - 00149750 _____ C:\Windows\system32\perfc007.dat
2015-11-21 15:13 - 2009-07-14 06:13 - 01622164 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 12:42 - 2014-10-10 16:17 - 00000000 ____D C:\Windows\Minidump
2015-11-20 12:42 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2015-11-20 10:20 - 2015-06-17 11:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-20 00:26 - 2015-11-07 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-20 00:26 - 2013-10-12 13:35 - 00000000 ____D C:\Users\acer\AppData\Roaming\Battle.net
2015-11-20 00:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-11-17 20:35 - 2015-07-14 11:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2015-11-15 11:53 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-27 00:01 - 2015-11-27 00:01 - 0122364 _____ () C:\Users\acer\AppData\Local\ars.cache
2015-11-27 00:01 - 2015-11-27 00:01 - 0259428 _____ () C:\Users\acer\AppData\Local\census.cache
2012-10-16 17:26 - 2012-10-16 17:26 - 0003072 _____ () C:\Users\acer\AppData\Local\file__0.localstorage
2015-11-26 23:48 - 2015-11-26 23:48 - 0000036 _____ () C:\Users\acer\AppData\Local\housecall.guid.cache
2013-06-20 19:58 - 2013-06-20 20:08 - 0017408 _____ () C:\Users\acer\AppData\Local\WebpageIcons.db
2013-08-26 10:10 - 2013-08-26 10:10 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-03-06 12:12 - 2012-08-15 16:52 - 0002472 _____ () C:\ProgramData\clear.fiSDK20.log
2014-10-13 16:00 - 2014-10-13 16:00 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-03-06 12:13 - 2012-08-15 16:51 - 0000032 _____ () C:\ProgramData\PS.log

Einige Dateien in TEMP:
====================
C:\Users\acer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\acer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-30 13:15

==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015
durchgeführt von acer (2015-12-10 16:24:47)
Gestartet von C:\Users\acer\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-16 16:17:45)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

acer (S-1-5-21-3039150130-2540550290-118931370-1000 - Administrator - Enabled) => C:\Users\acer
Administrator (S-1-5-21-3039150130-2540550290-118931370-500 - Administrator - Disabled)
Gast (S-1-5-21-3039150130-2540550290-118931370-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG (Version: 16.12.7294 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4483 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.12.7294 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Donation-Tracker (HKLM-x32\...\Donation-Tracker) (Version:  - )
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Elgato Game Capture HD (HKLM-x32\...\{60A1D74D-539F-4ED3-8A87-761F1D657BD7}) (Version: 1.42.24.539 - Elgato Systems GmbH)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.1.5 - Kobo Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 296.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 296.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.12 - NVIDIA Corporation)
NVIDIA Grafiktreiber 296.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
The War Z (HKLM-x32\...\Steam App 226700) (Version:  - )
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wondershare Vivideo(Build 2.0.0.12) (HKLM-x32\...\Wondershare Vivideo_is1) (Version:  - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version:  - Team17 Digital Ltd)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

27-11-2015 17:46:09 Geplanter Prüfpunkt
28-11-2015 11:36:39 DirectX wurde installiert
28-11-2015 12:47:36 DirectX wurde installiert
06-12-2015 08:46:28 ComboFix created restore point
08-12-2015 21:28:08 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-12-06 08:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1      localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1467165F-1063-497D-AE81-A59BE0861947} - System32\Tasks\{3FE33FB6-5FCD-4D51-A319-FFBC99DFF30C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {63277B56-CD3F-4B86-9EBC-FE1A777FBCB8} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {7CCB106D-9711-434A-B438-0FC6F6DE1B63} - System32\Tasks\0 => Iexplore.exe  <==== ACHTUNG
Task: {832998F8-5251-47AE-A9BA-BF4F1FF7385F} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {8B77F6B2-3A2F-49BE-9FA4-063255728649} - System32\Tasks\{A1736B77-BC0E-4B9E-92F6-E784560E2490} => pcalua.exe -a "C:\Users\acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PTBJ1DJ1\Install_CopyTrans_Suite.exe" -d C:\Users\acer\Desktop
Task: {90025EC9-CC61-40B9-883D-2E294FB3D1F7} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {905A5953-E21A-421A-AEA0-F1E99D463CFD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {91676BC2-8B21-46AD-AB6C-216C3652C521} - System32\Tasks\4592 => C:\Windows\system32\wscript.exe [2013-10-12] (Microsoft Corporation) <==== ACHTUNG
Task: {AC706A06-4003-40F3-9115-35ED358D777D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {BD242E9D-7275-4A94-928F-E3C0792CF183} - System32\Tasks\{701B3F71-B848-468D-B6D3-E0D87FA7653B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsMain
Task: {BEFAB5D0-D1FA-47D1-8542-28C15FAACF8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CDC3B2FC-6322-4232-9876-8895A9E93799} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {D301D7A3-41D0-4509-B726-2AA267D54F7E} - System32\Tasks\{3D8D634A-A0AA-4936-A1D7-DE5896BBA04A} => C:\Users\acer\AppData\Roaming\Spotify\spotify.exe [2015-12-03] (Spotify Ltd)
Task: {D51A20E0-6B12-4E18-8BAA-EAD1EF598D37} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {E3C16862-B5ED-415D-9183-D03DE51F9AB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {E81CB724-8B10-42E6-B36D-359F03FB9FEF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-27 17:10 - 2014-04-27 17:10 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-02-07 03:17 - 2012-02-07 03:17 - 00636520 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2012-02-07 03:18 - 2012-02-07 03:18 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2015-10-26 10:03 - 2015-10-26 10:03 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-01-25 18:15 - 2015-01-25 18:15 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-08-15 16:36 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-08-15 16:39 - 2012-02-07 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3039150130-2540550290-118931370-1000\...\sony.com -> sony.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3039150130-2540550290-118931370-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{1AED610E-D9F6-4C39-80CA-70B87BB46A13}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E8C12FFF-82BA-4B3F-B30D-20D6A3E62D8B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6AF4AFF7-514A-4AAA-A62D-8BA3FD8C5D25}] => (Allow) LPort=2869
FirewallRules: [{EF8A74DA-43FE-4184-84F7-13A0F315DC24}] => (Allow) LPort=1900
FirewallRules: [{BE33CCDB-CFE7-472E-BB99-A0B2A6BB5036}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B7FE3F04-A6B2-4EA3-B691-B660F68065DD}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{95F24661-795B-439F-9DC1-156829B78CB8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{DC20DAA6-6F51-4854-A6C4-32E5388556F1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{EE621363-DB39-40C9-ADC8-DEEE1E760E7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{AC12B6E7-B327-4CC3-8E4B-DBB8F94D6882}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{654E40B1-CE68-438A-BB3C-8900ABC11112}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{5D3B3AEE-3789-45E0-8003-FBE72CDFE36B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{0D5C3EBB-4665-4BAB-ABEB-41018C58E893}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{61B051FF-6108-42D2-B135-CE500FCE543B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{5AC0B0F4-28EA-4EBF-91D4-069442DB679B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{7E6A970C-A8B0-43A6-B275-8CCEA63E8E2F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{2568209E-B42E-4EB8-8607-3C6F6045ED6E}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{E9BEA2C2-779B-469E-B4E7-66E8490D7E41}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{A055ACA7-DCD7-450F-88DC-F30098067A2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{02EB3E91-7BA6-4238-B4CD-49D108651596}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E86F49F-508F-4DA1-BFCF-99FD27BD6AB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{092473BA-2744-4147-BA01-1E14A5AB367E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{018E2D1E-18A1-4286-860F-3DE312AE52E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34A47A72-8338-40BA-87C8-3765D7CC6563}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B348E2B1-E846-4622-BD3D-CD04B74FC427}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{6409D2A7-1AFB-4014-A75C-A053824A7654}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{2594B1C7-8FF7-4735-A18C-6FF654D27B62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{954DEE75-DBBB-494A-8C20-5F8798795107}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{89D0F56B-18D8-4E60-A27B-0F4ED2A9D964}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{6269AF89-87FC-49E4-87F2-C2D1103A77E2}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{B22F75A7-AF68-461E-8E30-E6AF45D41D08}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{C3C9B330-D459-40D4-B379-6046DCDC86C6}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DD7BC221-C359-4C6B-8143-8DA2974B3199}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0F9206ED-3175-4670-93DA-9B2356AF3462}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{2105A800-828F-44C8-B3BB-CD157DA3EDA7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{81D194B7-ED2F-4553-AC60-68CA2908DD14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{D6EA4BAF-D29A-44FB-811C-BAD4DFE63066}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{C2E3569E-7CCB-4E62-96F5-6662A0409E0E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{27B278E1-AA16-4E15-9037-CFBDBC480F2F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{661FF8D5-E9D9-4385-8459-0706BD7310C5}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CFE2BFF4-C2B0-4C44-8865-CC6E088CF1B8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{192DBEC7-48F2-4067-8549-FC5BE1F74509}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{2B8C03A8-E3E2-4785-BF4D-7324C15D7B39}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{CF21F67C-24F3-4C3E-A0FF-22E833E49F84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{73A950EC-0BFE-4EA6-8B39-1102699BFE60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7346F1B1-42D0-4F37-9F98-D46F66A77F42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FDE191FF-31F5-462F-B35D-FB60EB138053}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8F373DBF-0E37-4B6E-8F80-DF1AC78AC4D3}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{F6260692-54C3-4DF5-B857-5F807667888F}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{20EE303D-36F1-4DF2-98B6-A63DBDAD893B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8898E32E-666C-4937-AC65-C2A82ACFC4F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{55D9D81A-B529-47B3-B9B4-1EE5C3135BC7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BF510A0B-2175-4B59-A984-E0B708775EA0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{7BE607F4-70F6-4AF1-98EE-CFBBEDE3F7B7}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [UDP Query User{362C9040-D5B5-4232-BD14-26DDFB3AA375}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe
FirewallRules: [TCP Query User{8389083C-E3E6-4E5F-81E0-231F9B1B5B07}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Block) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [UDP Query User{6DACFDBB-EC63-4366-BAF4-410694DA6184}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Block) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [{BE5D559B-DA0F-4DD9-98B8-18A22B0E5ED9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B93B91F0-2E94-4D17-8910-A90C8C27CBE6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B036BA33-FA11-4A48-842D-5A9BE48A656D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F6D8D0C-D917-4B51-A767-A613F4233B11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9F1DE5F2-1470-446B-A7BC-B1B3E73DCECF}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\acer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D122B178-CC1B-4A69-B3DD-EF4F61CECB45}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\acer\appdata\roaming\spotify\spotify.exe
FirewallRules: [{89B025ED-BE96-4F96-BCEF-A81E7CD4DB03}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{0F4920AF-3280-47FB-B3E6-9AC1055B9DAF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{B7DECA69-9CC6-442E-9C9C-CD2B5A25EE18}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{D8DC284E-A64C-4983-A3C1-06BE1BB8E0A1}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{E80494CD-C2D0-40D5-B494-D84631A31413}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4FD68238-DB44-4ABC-A0C6-27CA341C7FB6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C962D28B-F98C-466A-A46C-1EB92A518933}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{71C37C4D-31B9-4D94-B720-83B12E8C67ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{351DD570-FAEB-4C7F-BEC4-EB8CB6A72740}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F3C6D244-9721-4C82-9DEF-216430B2672A}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{FB433EFF-6B16-426A-B08E-6F183BD92907}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [TCP Query User{F6DFF595-81E2-42D0-B62D-2A0EEAE52C7B}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1B0C3ED5-698B-478E-B945-7CB179EAA258}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8AD93BA9-294B-434C-9D5B-50B8309F1038}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B7CFADDF-1F74-46BC-BC33-2AD9394E9D0F}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [{E301E185-D821-4626-8BB9-F5711B2E540D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{16B247CB-23DB-42D0-990F-0414B1B92F1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{99F78680-2F46-4DE9-B28A-E3CCC3F70F6B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{85A6AE51-5F5C-4966-AE45-32850D8FCBDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{5F561FB5-8477-4CE3-A5A7-BA4E58359B73}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{2EE52464-1A00-4D8B-BA17-AC1CC5482616}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{34B8BFE0-CD77-4ABC-89CE-BE37606FF50E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{8C323103-E114-46A2-B67D-1C4BB7BC1DC2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [TCP Query User{FE8F9151-42AB-41C2-9F9F-C810B6CB51D8}C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AFB71915-36E9-4E5F-BD12-81503FDB2DC7}C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
StandardProfile\AuthorizedApplications: [C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe] => Enabled:NEXON_EU_Downloader_Engine.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/10/2015 04:19:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 04:21:53 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (12/09/2015 04:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 02:31:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (12/09/2015 02:22:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 07:30:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2015 09:34:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (12/08/2015 09:26:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2015 06:07:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (12/08/2015 05:58:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (12/10/2015 04:18:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/09/2015 04:11:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/09/2015 02:21:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/09/2015 07:29:32 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/08/2015 09:28:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/08/2015 09:24:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/08/2015 09:23:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (12/08/2015 09:23:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/08/2015 09:23:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/08/2015 09:23:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2015-12-06 08:54:59.640
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-12-06 08:54:59.624
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-14 12:47:59.615
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 13:15:29.894
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-12 16:29:05.573
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-12 15:52:50.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8140.59 MB
Verfügbarer physikalischer RAM: 5894.34 MB
Summe virtueller Speicher: 16279.39 MB
Verfügbarer virtueller Speicher: 13896.95 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:455.95 GB) (Free:118.99 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.46 GB) (Free:411.82 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BB6E739E)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

cosinus 10.12.2015 23:19
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {7CCB106D-9711-434A-B438-0FC6F6DE1B63} - System32\Tasks\0 => Iexplore.exe  <==== ACHTUNG
Task: {91676BC2-8B21-46AD-AB6C-216C3652C521} - System32\Tasks\4592 => C:\Windows\system32\wscript.exe [2013-10-12] (Microsoft Corporation) <==== ACHTUNG
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Amanatidis 11.12.2015 09:40
Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015
durchgeführt von acer (2015-12-11 09:32:13) Run:1
Gestartet von C:\Users\acer\Downloads
Geladene Profile: acer (Verfügbare Profile: acer)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Task: {7CCB106D-9711-434A-B438-0FC6F6DE1B63} - System32\Tasks\0 => Iexplore.exe  <==== ACHTUNG
Task: {91676BC2-8B21-46AD-AB6C-216C3652C521} - System32\Tasks\4592 => C:\Windows\system32\wscript.exe [2013-10-12] (Microsoft Corporation) <==== ACHTUNG
emptytemp:
       
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CCB106D-9711-434A-B438-0FC6F6DE1B63}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CCB106D-9711-434A-B438-0FC6F6DE1B63}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\0 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91676BC2-8B21-46AD-AB6C-216C3652C521}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91676BC2-8B21-46AD-AB6C-216C3652C521}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\4592 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4592" => Schlüssel erfolgreich entfernt
EmptyTemp: => 1.8 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 09:32:31 ====

cosinus 11.12.2015 09:44
Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: MBAM

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: ESET

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Amanatidis 11.12.2015 15:45
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 11.12.2015
Suchlaufzeit: 12:57
Protokolldatei: Malwarebyte.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.12.11.03
Rootkit-Datenbank: v2015.12.07.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: acer

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 402003
Abgelaufene Zeit: 21 Min., 2 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3bbc05c626ffce49b2f9e911b24675bb
# end=init
# utc_time=2015-12-11 12:25:42
# local_time=2015-12-11 01:25:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27152
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3bbc05c626ffce49b2f9e911b24675bb
# end=updated
# utc_time=2015-12-11 12:29:45
# local_time=2015-12-11 01:29:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3bbc05c626ffce49b2f9e911b24675bb
# engine=27152
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-11 02:12:07
# local_time=2015-12-11 03:12:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus'
# compatibility_mode=1059 16777213 100 98 82212 1911967 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 48838452 201472977 0 0
# scanned=385398
# found=2
# cleaned=0
# scan_time=6142
sh=AE1C977EA28458CCD1E168B7EBD4704D58E4EC5B ft=1 fh=b651d2632b8c01f0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\acer\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=B7F9C5DE178FA02ABB3C1E3B61E61C1F9DFE3E87 ft=1 fh=a26cab4eed720f95 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\acer\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe"
Code:
Results of screen317's Security Check version 1.009 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 66 
 Java version 32-bit out of Date!
 Adobe Flash Player 20.0.0.235 
 Adobe Reader 10.1.16 Adobe Reader out of Date! 
 Mozilla Firefox (42.0)
````````Process Check: objlist.exe by Laurent```````` 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

cosinus 11.12.2015 15:51
Java und Adobe Reader deinstallieren.

Und in Zukunft NIX mehr von chip.de laden!!! :kloppen:

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\acer\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Users\acer\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Amanatidis 11.12.2015 16:04
Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015
durchgeführt von acer (2015-12-11 15:59:37) Run:2
Gestartet von C:\Users\acer\Downloads
Geladene Profile: acer (Verfügbare Profile: acer)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Users\acer\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Users\acer\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
emptytemp:
*****************

C:\Users\acer\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\acer\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe => erfolgreich verschoben
EmptyTemp: => 365.4 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 15:59:48 ====
Kann ich die Programme jetzt wieder installieren, brauche sie um PDFs zu öffnen und zum zocken? Und wo könnte ich alternativ runterladen? Mein erster Anlaufpunkt war immer Chip.

cosinus 11.12.2015 22:57
Filepony oder direkt vom Anbieter der Software.

Statt Adobe Reader empfehle ich einen anderen PDF-Viewer. Meistens reicht der interne PDF-Betrachter vom Firefox schon aus. Ansonsten: PDF-X-Change Viewer.

Du brauchst Java zum Zocken?

Amanatidis 12.12.2015 09:33
Ok danke. Die Seite kannte ich noch gar nicht. Ja brauche ich u.a. für Minecraft.
Ist mit meinen PC wieder alles in Ordnung? Schon mal vielen Dank für eure kompetente Beratung. Ihr macht wirklich einen tollen Job hier.

cosinus 13.12.2015 01:53
Dann wären wir durch! :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Abschließend müssen wir noch ein paar Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
   


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. NoScript kann gerade bei technisch nicht allzu versierten Nutzern beim Surfen zum Nervfaktor werden; ob das Tool geeignet ist, muss jeder selbst mal ausprobieren und dann für sich entscheiden. Alternativen zu NoScript (wenn um das das Verhindern von Usertracking und Werbung auf Webseiten) geht wären da Ghostery oder uBlock. Ghostery ist eine sehr bekannte Erweiterung, die aber auch in Kritik geraten ist, vgl. dazu bitte diesen Thread => Ghostery schleift Werbung durch

http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Amanatidis 17.12.2015 19:25
Ich war sehr zufrieden mit dir und auch mit Schrauber. Ihr macht hier echt einen tollen Job.
Vielen Dank für eure kompetente Hilfe.
Mein Thema kann zu. :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131