Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7 mehrfache conhost.exe + cmd.exe + reg.exe

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Log-Analyse und Auswertung: Win7 mehrfache conhost.exe + cmd.exe + reg.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.11.2014, 14:55   #1
Deadfly
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Moin und hallo erstmal

Seit kurzem hat mein PC folgende Probleme:
Nach dem start habe ich mehrfach conhost.exe, cmd.exe und reg.exe im Taskmanager. Auch wenn ich zB Chrome starte, erscheint er 3-6fach im Taskmanager. Bei jedem Start wird ausserdem gesagt, dass mein Windows Fax-Viewer nicht mehr funktioniert. Alle Symptome traten gleichzeitig auf.

Momentan läuft hier nur TrojanHunter Guard. Trend Micro Housecall hat einiges gefunden, aber da kann ich irgendwie kein Log speichern. Die anderen Logs hänge ich an.

Vielen Dank im Vorraus!

FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by purzelchen (administrator) on PURZELCHEN-PC on 10-11-2014 14:22:41
Running from C:\Users\purzelchen\Downloads
Loaded Profile: purzelchen (Available profiles: purzelchen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\reg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\reg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\reg.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4285952 2011-06-19] (Sentelic Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [RoccatKone+] => C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [552960 2011-07-12] (ROCCAT GmbH)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security)
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\Run: [Windows Update Service] => C:\ProgramData\Windows Update Service0\bjrwzmzis.exe [266240 2014-10-28] (Inhsallcaiesa)
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\Run: [UsenetServices] => C:\Users\purzelchen\AppData\Roaming\UseServe.exe [738816 2014-11-09] (Microsoft Coporation)
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\RunOnce: [Windows Update Service] => C:\ProgramData\Windows Update Service0\bjrwzmzis.exe [266240 2014-10-28] (Inhsallcaiesa)
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\MountPoints2: {03dfc079-11ac-11e4-830d-742f687924cb} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\MountPoints2: {03dfc111-11ac-11e4-830d-742f687924cb} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\MountPoints2: {27a0081f-11a6-11e4-be64-742f687924cb} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\MountPoints2: {31ffcb3a-10f0-11e4-89d4-742f687924cb} - H:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\MountPoints2: {58545718-2a99-11e3-b225-806e6f6e6963} - I:\setup.exe
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\MountPoints2: {d62c880b-deb3-11e3-ab98-742f6878b112} - H:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\MountPoints2: {d62c881d-deb3-11e3-ab98-742f6878b112} - H:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\MountPoints2: {f95922cf-d35e-11e3-88b5-742f6878b112} - H:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\MountPoints2: {f959238e-d35e-11e3-88b5-742f6878b112} - H:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-01] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\purzelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> C:\Users\purzelchen\Documents\UseNeXT\alt.binaries.multimedia.erotica\PlayboyPlus.12.12.11.Branae.Hestily.50.Shades.of.Branae.XXX.1080p.MP4-GAGViD\    PlayboyPlus.12.12.11.Branae.Hestily.50.Shades.of.Branae.XXX.1080p.MP4-GAGViD.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.max-start.com/?babsrc=HP_ss_mib2&mntrId=A6F0162F6878B112&affID=127690&tsp=5183
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x35D63A38C2BECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST95005620AS_5YX0ZDG9XXXX5YX0ZDG9&ts=1380647340&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST95005620AS_5YX0ZDG9XXXX5YX0ZDG9&ts=1380647340&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST95005620AS_5YX0ZDG9XXXX5YX0ZDG9&ts=1380647340&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST95005620AS_5YX0ZDG9XXXX5YX0ZDG9&ts=1380647340&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-ie-21&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_ie_ds_adppi15&query={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A6F0162F6878B112&affID=127690&tsp=5183
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://en.eazel.com/results.php?id=AAAd34a72296200112a760eee59c295c2e9&oid=1&cat=web&co=&lg=en&q={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-ie-21&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_ie_ds_adppi15&query={searchTerms}
SearchScopes: HKCU - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST95005620AS_5YX0ZDG9XXXX5YX0ZDG9&ts=1380647340&type=default&q={searchTerms}
BHO: V-bates -> {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} -> C:\Program Files\V-bates\Extension64.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: V-bates -> {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} -> C:\Program Files\V-bates\Extension32.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_ff_nt_adppi15
FF DefaultSearchUrl: hxxp://en.eazel.com/results.php?oid=1&id=DAF5A5AA5F624549881415CE11CE2A69&cat=web&co=&lg=en&q={searchTerms}
FF SearchEngineOrder.1: Amazon 
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-ff-21&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_ff_ab_adppi15&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\search-with-eazelbar.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: No Name - C:\Program Files\V-bates\Firefox [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_cr_sp_adppi15"
CHR DefaultSearchURL: Default -> hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-cr-21&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_cr_ds_adppi15&query={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}&output=chrome
CHR Profile: C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Buenosearch Toolbar) - C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (V-bates) - C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2013-11-11]
CHR Extension: (Google Wallet) - C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]
CHR HKLM-x32\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - C:\Users\purzelchen\AppData\Roaming\BabSolution\CR\bueno.crx [2014-03-11]
CHR HKLM-x32\...\Chrome\Extension: [iidmoehhpbghchkaogkhmcckhlhebekn] - C:\Program Files (x86)\iRobinHood\iRobinHood Addon\iRobinHoodPartnersVExtension1_58.crx [2014-03-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-30] (Atheros Commnucations) [File not signed]
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-09-30] (Atheros) [File not signed]
S2 srvBrowserProtect; C:\Program Files (x86)\BrowserProtect\srvBrowserProtect.exe [X]
S2 V-bates Updater; C:\Program Files\V-bates\ExtensionUpdaterService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-15] (Disc Soft Ltd)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2014-05-18] (Huawei Technologies Co., Ltd.) [File not signed]
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-19] (Fresco Logic)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [53760 2011-06-19] (Windows (R) Win 7 DDK provider)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2014-05-18] (Huawei Technologies Co., Ltd.) [File not signed]
R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ALSysIO; \??\C:\Users\PURZEL~1\AppData\Local\Temp\ALSysIO64.sys [X]
S1 wStLibG64; system32\drivers\wStLibG64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 14:22 - 2014-11-10 14:23 - 00019250 _____ () C:\Users\purzelchen\Downloads\FRST.txt
2014-11-10 14:22 - 2014-11-10 14:22 - 00000000 ___DC () C:\FRST
2014-11-10 14:21 - 2014-11-10 14:21 - 00000482 _____ () C:\Users\purzelchen\Downloads\defogger_disable.log
2014-11-10 14:21 - 2014-11-10 14:21 - 00000000 _____ () C:\Users\purzelchen\defogger_reenable
2014-11-10 14:15 - 2014-11-10 14:15 - 00380416 _____ () C:\Users\purzelchen\Downloads\rv3wvh5j.exe
2014-11-10 14:15 - 2014-11-10 14:15 - 00050477 _____ () C:\Users\purzelchen\Downloads\Defogger.exe
2014-11-10 14:14 - 2014-11-10 14:14 - 02116096 _____ (Farbar) C:\Users\purzelchen\Downloads\FRST64.exe
2014-11-09 15:07 - 2011-06-21 05:09 - 00200976 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2014-11-09 15:06 - 2014-11-09 15:06 - 03437368 _____ (tuneuppro.com ) C:\Users\purzelchen\Downloads\setup (2).exe
2014-11-09 15:06 - 2014-11-09 15:06 - 02002376 _____ (Trend Micro Inc.) C:\Users\purzelchen\Downloads\HousecallLauncher.exe
2014-11-09 14:33 - 2014-11-10 14:18 - 00001835 _____ () C:\Users\purzelchen\AppData\Roaming\jullli_2012
2014-11-09 14:32 - 2014-11-09 14:32 - 00738816 _____ (Microsoft Coporation) C:\Users\purzelchen\AppData\Roaming\UseServe.exe
2014-11-02 12:16 - 2014-11-02 12:16 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\TrojanHunter
2014-11-02 10:23 - 2014-11-02 12:26 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2014-11-02 10:23 - 2014-11-02 10:23 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-11-02 10:23 - 2014-11-02 10:23 - 00001047 _____ () C:\Users\purzelchen\Desktop\TrojanHunter.lnk
2014-11-02 10:23 - 2014-11-02 10:23 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-11-02 10:23 - 2014-11-02 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2014-11-01 13:47 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-01 13:46 - 2014-11-01 13:47 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\NVIDIA Corporation
2014-11-01 13:46 - 2014-11-01 13:46 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-01 13:46 - 2014-10-16 17:54 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-01 13:46 - 2014-10-16 17:54 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-01 13:46 - 2014-10-16 17:54 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-01 13:46 - 2014-10-16 17:54 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-01 13:46 - 2014-10-16 13:27 - 00614544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-01 13:45 - 2014-10-16 15:11 - 06883136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 00933064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-01 13:45 - 2014-10-16 15:11 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-01 13:45 - 2014-10-15 01:48 - 04047877 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-01 13:44 - 2014-10-16 17:54 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 24555840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 20968040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 18499648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 17260864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 13190288 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-01 13:44 - 2014-10-16 17:54 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00962376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00931984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00921928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00895176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-01 13:44 - 2014-10-16 17:54 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-01 13:44 - 2014-10-16 17:54 - 00034976 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-11-01 13:42 - 2014-11-01 13:43 - 306270552 _____ (NVIDIA Corporation) C:\Users\purzelchen\Downloads\344.48-notebook-win8-win7-64bit-international-whql.exe
2014-11-01 13:39 - 2014-11-01 13:39 - 00791000 _____ () C:\Users\purzelchen\Downloads\Setup (1).exe
2014-10-30 20:40 - 2014-10-30 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-30 20:40 - 2014-10-30 20:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-30 15:17 - 2014-11-10 14:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 15:17 - 2014-11-01 13:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 15:17 - 2014-11-01 13:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-30 15:17 - 2014-11-01 13:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-30 15:17 - 2014-10-30 15:17 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-29 19:23 - 2014-11-09 14:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-29 19:23 - 2014-10-30 20:40 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-29 19:23 - 2014-10-30 20:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-29 19:23 - 2014-10-29 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-28 19:41 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-28 19:41 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-28 19:41 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-28 19:41 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-28 19:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-28 19:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-28 19:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-28 19:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-28 19:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-28 19:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-28 19:41 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-28 19:41 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-28 19:41 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-28 19:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-28 19:41 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-28 19:41 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-28 19:41 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-28 19:41 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-28 19:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-28 19:41 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-28 19:41 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-28 19:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-28 19:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-28 19:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-28 19:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-28 19:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-28 19:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-28 19:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-28 19:41 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-28 19:41 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-28 19:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-28 19:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-28 19:41 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-28 19:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-28 19:41 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-28 19:41 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-28 19:41 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-28 19:41 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-28 19:41 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-28 19:41 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-28 19:41 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-28 19:40 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-28 19:40 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-28 19:40 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-28 19:40 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-28 19:40 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-28 19:40 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-28 19:40 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-28 19:40 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-28 19:40 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-28 19:40 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-28 19:40 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-28 19:40 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-28 19:40 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-28 19:40 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-28 19:40 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-28 19:40 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-28 19:40 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-28 19:40 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-28 19:40 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-28 19:40 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-28 19:40 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-28 19:40 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-28 19:40 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-28 19:40 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-28 19:40 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-28 19:40 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-28 19:40 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-28 19:40 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-28 19:40 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-28 19:40 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-28 19:40 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-28 19:40 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-28 19:40 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-28 19:40 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-28 19:40 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-28 19:38 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-28 19:38 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-28 19:38 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-28 19:38 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-28 16:22 - 2014-10-30 15:08 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-10-28 16:21 - 2014-11-01 13:56 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\Adobe
2014-10-28 14:50 - 2014-10-28 14:50 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 14:50 - 2014-10-28 14:50 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-28 14:50 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-28 14:50 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-28 14:39 - 2014-10-28 16:53 - 00000000 __SHD () C:\ProgramData\Windows Update Service0
2014-10-16 16:01 - 2014-10-16 16:00 - 00608737 _____ () C:\Users\purzelchen\Desktop\shadowrunchartab.jpeg
2014-10-16 09:59 - 2014-10-16 10:06 - 00000000 ____D () C:\Users\purzelchen\Desktop\adn
2014-10-16 09:59 - 2014-10-16 09:59 - 00000000 ____D () C:\Users\purzelchen\Desktop\Neuer Ordner
2014-10-15 23:44 - 2014-10-15 23:44 - 00001608 _____ () C:\Windows\DCEBOOT.RST
2014-10-15 23:44 - 2014-10-15 23:44 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-10-15 23:40 - 2014-10-15 23:41 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2014-10-15 23:40 - 2014-10-15 23:41 - 00025136 _____ (Trend Micro Inc.) C:\Windows\DCEBoot64.exe
2014-10-15 18:08 - 2014-11-10 00:46 - 00232154 _____ () C:\Users\purzelchen\AppData\Local\census.cache
2014-10-15 18:08 - 2014-11-10 00:46 - 00095598 _____ () C:\Users\purzelchen\AppData\Local\ars.cache
2014-10-15 17:55 - 2014-10-15 17:55 - 00000036 _____ () C:\Users\purzelchen\AppData\Local\housecall.guid.cache
2014-10-15 11:12 - 2014-10-15 11:12 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\dvdcss
2014-10-13 22:07 - 2014-10-13 22:07 - 00292848 _____ () C:\Windows\Minidump\101314-27190-01.dmp
2014-10-12 10:31 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-12 10:31 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-11 12:26 - 2014-10-11 12:26 - 00000000 ___HD () C:\ProgramData\CanonIJScan

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 14:22 - 2013-11-19 10:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 14:21 - 2013-10-01 14:20 - 00000000 ____D () C:\Users\purzelchen
2014-11-10 14:09 - 2013-10-01 18:09 - 00000308 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-11-10 12:41 - 2009-07-14 05:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 12:41 - 2009-07-14 05:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 12:40 - 2009-07-14 18:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-11-10 12:40 - 2009-07-14 18:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-11-10 12:40 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 12:37 - 2013-10-01 14:02 - 01738233 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 12:34 - 2013-10-29 21:04 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\CrashDumps
2014-11-10 12:33 - 2013-11-19 10:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 12:33 - 2013-10-29 21:13 - 00000442 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-10 12:33 - 2013-10-01 22:48 - 00185050 _____ () C:\Windows\PFRO.log
2014-11-10 12:33 - 2013-10-01 17:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-10 12:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 12:33 - 2009-07-14 05:51 - 00155373 _____ () C:\Windows\setupact.log
2014-11-09 14:52 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\purzelchen\Documents\UseNeXT
2014-11-09 14:48 - 2013-10-01 18:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 14:45 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\UseNeXT
2014-11-09 14:22 - 2014-08-23 10:41 - 00000000 ____D () C:\Users\purzelchen\Downloads\Musik
2014-11-02 12:19 - 2014-08-25 12:01 - 00000000 ____D () C:\Users\purzelchen\Desktop\whg
2014-11-02 12:14 - 2014-09-09 15:34 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-01 13:47 - 2013-10-01 18:03 - 00001309 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-11-01 13:47 - 2013-10-01 17:33 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-01 13:47 - 2013-10-01 17:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-01 13:46 - 2013-10-25 15:23 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\NVIDIA
2014-11-01 13:46 - 2013-10-01 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-01 13:46 - 2013-10-01 17:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-01 13:46 - 2011-11-20 15:48 - 00000000 ____D () C:\temp
2014-11-01 13:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-10-28 22:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-28 20:17 - 2009-07-14 05:45 - 00297624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 20:16 - 2014-06-24 16:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-28 19:44 - 2013-10-01 22:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-28 19:42 - 2013-10-01 22:32 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-27 22:23 - 2013-11-19 10:09 - 00002137 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-22 16:49 - 2014-08-19 13:06 - 00000000 ____D () C:\Users\purzelchen\Desktop\Paul
2014-10-21 20:17 - 2013-11-19 10:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 20:17 - 2013-11-19 10:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 09:49 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 17:54 - 2013-10-01 17:33 - 00072904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-16 17:54 - 2013-10-01 17:33 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-15 11:13 - 2014-09-09 19:14 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\vlc
2014-10-14 22:23 - 2014-09-11 09:53 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\QuickPar
2014-10-13 22:07 - 2013-10-14 14:05 - 00000000 ____D () C:\Windows\Minidump
2014-10-11 12:26 - 2013-10-22 17:29 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\Canon

Some content of TEMP:
====================
C:\Users\purzelchen\AppData\Local\Temp\8whstgkf.dll
C:\Users\purzelchen\AppData\Local\Temp\a-f3hci0.dll
C:\Users\purzelchen\AppData\Local\Temp\BgCSDetect.dll
C:\Users\purzelchen\AppData\Local\Temp\Checkupdate.exe
C:\Users\purzelchen\AppData\Local\Temp\Difx64.exe
C:\Users\purzelchen\AppData\Local\Temp\eit9skww.dll
C:\Users\purzelchen\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\purzelchen\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\purzelchen\AppData\Local\Temp\gcapi_dll.dll
C:\Users\purzelchen\AppData\Local\Temp\gtapi_signed.dll
C:\Users\purzelchen\AppData\Local\Temp\hUYA.difxapi.dll
C:\Users\purzelchen\AppData\Local\Temp\iminent_nonsearch.exe
C:\Users\purzelchen\AppData\Local\Temp\mfc80.dll
C:\Users\purzelchen\AppData\Local\Temp\mfc80u.dll
C:\Users\purzelchen\AppData\Local\Temp\mfcm80.dll
C:\Users\purzelchen\AppData\Local\Temp\mfcm80u.dll
C:\Users\purzelchen\AppData\Local\Temp\MSETUP4.EXE
C:\Users\purzelchen\AppData\Local\Temp\msvcm80.dll
C:\Users\purzelchen\AppData\Local\Temp\msvcp80.dll
C:\Users\purzelchen\AppData\Local\Temp\msvcr80.dll
C:\Users\purzelchen\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\purzelchen\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\purzelchen\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\purzelchen\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\purzelchen\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\purzelchen\AppData\Local\Temp\nvStInst.exe
C:\Users\purzelchen\AppData\Local\Temp\OSU.exe
C:\Users\purzelchen\AppData\Local\Temp\SpOrder.dll
C:\Users\purzelchen\AppData\Local\Temp\uninstall.exe
C:\Users\purzelchen\AppData\Local\Temp\Uninstaller.exe
C:\Users\purzelchen\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\purzelchen\AppData\Local\Temp\WTGXMLUtil.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-25 23:59

==================== End Of Log ============================
Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by purzelchen at 2014-11-10 14:23:33
Running from C:\Users\purzelchen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\Amazon Browser Settings) (Version: 3.0 - Amazon)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.04.000.98 - Atheros)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BrowserProtect (HKLM-x32\...\BrowserProtect) (Version:  - ) <==== ATTENTION
Bueno Chrome Toolbar (HKLM-x32\...\Bueno Chrome Toolbar) (Version:  - BuenoSearch) <==== ATTENTION
buenosearch toolbar   (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION
Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version:  - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.31.1111 - Foxit Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DDBAC (HKLM-x32\...\{8E1246B9-9F66-4303-BF11-212EC2672BBE}) (Version: 5.3.13 - DataDesign)
Extended Update (HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\UpdaterEX) (Version:  - ) <==== ATTENTION
File Extractor (HKLM-x32\...\Tweaks File Extractor) (Version: 1.1.1 - Tweaks) <==== ATTENTION
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.1.3.5 - Sentelic)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
Fresco Logic USB3.0 Host Controller (HKLM\...\{FFF6BB59-380A-4338-AEFB-226F511C0713}) (Version: 3.5.73.0 - Fresco Logic Inc.)
GMX ProfiFax (HKLM-x32\...\GMX ProfiFax) (Version: 2.00.236 - 1&1 Mail & Media GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.1 - Mozilla)
NVIDIA 3D Vision Treiber 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.48 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
ROCCAT Kone[+] Mouse Driver (HKLM-x32\...\{B99CB207-4704-4C51-9309-0FA90AA26DD4}) (Version:  - Roccat GmbH)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

30-10-2014 05:12:25 Geplanter Prüfpunkt
01-11-2014 12:46:52 DirectX wurde installiert
08-11-2014 15:36:01 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00DD8671-D3B2-421C-BEE5-55302D69E57D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-01] (Adobe Systems Incorporated)
Task: {1727BBFF-BEB0-4930-81BD-0B887E6C4613} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.)
Task: {33F7BCBA-DA6B-4BF6-A92A-7E0FA84D2330} - System32\Tasks\UpdaterEX => C:\Users\PURZEL~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {853700F4-437E-46A0-9B2F-8A2D8D68E4B5} - System32\Tasks\EPUpdater => C:\Users\purzelchen\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION
Task: {FFCF4711-6713-4B61-AD14-AF207D00CC99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\PURZEL~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-11-01 13:45 - 2014-10-16 15:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-19 13:03 - 2011-06-19 13:03 - 00044032 _____ () C:\Program Files\FSP\KbdHook.dll
2011-06-19 13:03 - 2011-06-19 13:03 - 00072704 _____ () C:\Program Files\FSP\FspLib.dll
2013-10-04 16:28 - 2010-06-22 12:50 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
2014-10-27 22:23 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 22:23 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 22:23 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 22:23 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\purzelchen\Desktop\Krankmeldung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\purzelchen\Desktop\Krankmeldung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\purzelchen\Desktop\PO-Lohnab.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\purzelchen\Desktop\PO-Lohnab.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\purzelchen\Desktop\shadowrunchartab.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\purzelchen\Desktop\shadowrunchartab.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ALDITALKVerbindungsassistent_Service => 2
MSCONFIG\Services: Allin1Convert_8hService => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: bonanzadealslive => 2
MSCONFIG\Services: bonanzadealslivem => 3
MSCONFIG\Services: BsBackup => 2
MSCONFIG\Services: BsBhvScan => 2
MSCONFIG\Services: BsFileScan => 2
MSCONFIG\Services: BsFire => 2
MSCONFIG\Services: BsMailProxy => 2
MSCONFIG\Services: BsMain => 2
MSCONFIG\Services: BsScanner => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BsUpdate => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\startupreg: Allin1Convert Home Page Guard 64 bit => "C:\PROGRA~2\ALLIN1~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Allin1Convert Search Scope Monitor => "C:\PROGRA~2\ALLIN1~2\bar\1.bin\8hsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Allin1Convert_8h Browser Plugin Loader => C:\PROGRA~2\ALLIN1~2\bar\1.bin\8hbrmon.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BullGuard => "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
MSCONFIG\startupreg: BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Driver Whiz => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: MyDriveConnect.exe => "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

========================= Accounts: ==========================

Administrator (S-1-5-21-432217040-4276816697-2371958446-500 - Administrator - Disabled)
Gast (S-1-5-21-432217040-4276816697-2371958446-501 - Limited - Disabled)
purzelchen (S-1-5-21-432217040-4276816697-2371958446-1000 - Administrator - Enabled) => C:\Users\purzelchen

==================== Faulty Device Manager Devices =============

Name: Atheros AR9002WB-1NG Wireless Network Adapter
Description: Atheros AR9002WB-1NG Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: wStLibG64
Description: wStLibG64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: wStLibG64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 02:22:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/10/2014 02:01:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 38.0.2125.111 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14b4

Startzeit: 01cffcde7cd8003c

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: b9c9293b-68d9-11e4-895f-742f687924cb

Error: (11/10/2014 01:22:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/10/2014 00:35:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 38.0.2125.111 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 135c

Startzeit: 01cffcda5eff4604

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: aa8994e3-68cd-11e4-895f-742f687924cb

Error: (11/10/2014 00:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UseServe.exe, Version: 1.2.0.0, Zeitstempel: 0x4fef52dc
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xc80
Startzeit der fehlerhaften Anwendung: 0xUseServe.exe0
Pfad der fehlerhaften Anwendung: UseServe.exe1
Pfad des fehlerhaften Moduls: UseServe.exe2
Berichtskennung: UseServe.exe3

Error: (11/10/2014 01:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 38.0.2125.111, Zeitstempel: 0x5447163b
Name des fehlerhaften Moduls: chrome.dll, Version: 38.0.2125.111, Zeitstempel: 0x54471342
Ausnahmecode: 0x80000003
Fehleroffset: 0x004dc123
ID des fehlerhaften Prozesses: 0x1fdc
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (11/10/2014 01:22:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/10/2014 00:22:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/09/2014 11:22:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/09/2014 10:22:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.


System errors:
=============
Error: (11/10/2014 00:34:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (11/10/2014 00:33:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
wStLibG64

Error: (11/10/2014 00:33:57 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.24192.168.137.0255.255.255.0

Error: (11/10/2014 00:33:57 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (11/10/2014 00:33:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Browser Protect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/09/2014 10:01:08 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.24192.168.137.0255.255.255.0

Error: (11/09/2014 10:01:06 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/09/2014 07:45:44 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.24192.168.137.0255.255.255.0

Error: (11/09/2014 07:45:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (11/09/2014 04:31:42 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.24192.168.137.0255.255.255.0


Microsoft Office Sessions:
=========================
Error: (11/10/2014 02:22:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/10/2014 02:01:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.11114b401cffcde7cd8003c2C:\Program Files (x86)\Google\Chrome\Application\chrome.exeb9c9293b-68d9-11e4-895f-742f687924cb

Error: (11/10/2014 01:22:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/10/2014 00:35:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.111135c01cffcda5eff46042C:\Program Files (x86)\Google\Chrome\Application\chrome.exeaa8994e3-68cd-11e4-895f-742f687924cb

Error: (11/10/2014 00:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UseServe.exe1.2.0.04fef52dcKERNELBASE.dll6.1.7601.1840953159a86e0434f4d0000c42dc8001cffcda3a850746C:\Users\purzelchen\AppData\Roaming\UseServe.exeC:\Windows\syswow64\KERNELBASE.dll913e55b3-68cd-11e4-895f-742f687924cb

Error: (11/10/2014 01:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1115447163bchrome.dll38.0.2125.1115447134280000003004dc1231fdc01cffc604b206623C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\chrome.dll9764c95c-6872-11e4-ac06-742f687924cb

Error: (11/10/2014 01:22:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/10/2014 00:22:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/09/2014 11:22:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/09/2014 10:22:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-07-22 16:31:03.464
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:31:03.401
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:30:54.213
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:30:54.166
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:30:53.136
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:30:53.090
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:28:14.504
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:28:14.444
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:26:55.924
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:26:55.874
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 24%
Total physical RAM: 8169.16 MB
Available physical RAM: 6166.04 MB
Total Pagefile: 16336.51 MB
Available Pagefile: 14052.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:107.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:55.16 GB) NTFS
Drive e: (SDATA1) (Fixed) (Total:232.87 GB) (Free:148.44 GB) NTFS
Drive f: (SDATA2) (Fixed) (Total:232.89 GB) (Free:53.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER.log
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by purzelchen at 2014-11-10 14:23:33
Running from C:\Users\purzelchen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\Amazon Browser Settings) (Version: 3.0 - Amazon)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.04.000.98 - Atheros)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BrowserProtect (HKLM-x32\...\BrowserProtect) (Version:  - ) <==== ATTENTION
Bueno Chrome Toolbar (HKLM-x32\...\Bueno Chrome Toolbar) (Version:  - BuenoSearch) <==== ATTENTION
buenosearch toolbar   (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION
Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version:  - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.31.1111 - Foxit Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DDBAC (HKLM-x32\...\{8E1246B9-9F66-4303-BF11-212EC2672BBE}) (Version: 5.3.13 - DataDesign)
Extended Update (HKU\S-1-5-21-432217040-4276816697-2371958446-1000\...\UpdaterEX) (Version:  - ) <==== ATTENTION
File Extractor (HKLM-x32\...\Tweaks File Extractor) (Version: 1.1.1 - Tweaks) <==== ATTENTION
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.1.3.5 - Sentelic)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
Fresco Logic USB3.0 Host Controller (HKLM\...\{FFF6BB59-380A-4338-AEFB-226F511C0713}) (Version: 3.5.73.0 - Fresco Logic Inc.)
GMX ProfiFax (HKLM-x32\...\GMX ProfiFax) (Version: 2.00.236 - 1&1 Mail & Media GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.1 - Mozilla)
NVIDIA 3D Vision Treiber 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.48 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
ROCCAT Kone[+] Mouse Driver (HKLM-x32\...\{B99CB207-4704-4C51-9309-0FA90AA26DD4}) (Version:  - Roccat GmbH)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

30-10-2014 05:12:25 Geplanter Prüfpunkt
01-11-2014 12:46:52 DirectX wurde installiert
08-11-2014 15:36:01 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00DD8671-D3B2-421C-BEE5-55302D69E57D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-01] (Adobe Systems Incorporated)
Task: {1727BBFF-BEB0-4930-81BD-0B887E6C4613} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.)
Task: {33F7BCBA-DA6B-4BF6-A92A-7E0FA84D2330} - System32\Tasks\UpdaterEX => C:\Users\PURZEL~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {853700F4-437E-46A0-9B2F-8A2D8D68E4B5} - System32\Tasks\EPUpdater => C:\Users\purzelchen\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION
Task: {FFCF4711-6713-4B61-AD14-AF207D00CC99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\PURZEL~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-11-01 13:45 - 2014-10-16 15:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-19 13:03 - 2011-06-19 13:03 - 00044032 _____ () C:\Program Files\FSP\KbdHook.dll
2011-06-19 13:03 - 2011-06-19 13:03 - 00072704 _____ () C:\Program Files\FSP\FspLib.dll
2013-10-04 16:28 - 2010-06-22 12:50 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
2014-10-27 22:23 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 22:23 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 22:23 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 22:23 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\purzelchen\Desktop\Krankmeldung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\purzelchen\Desktop\Krankmeldung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\purzelchen\Desktop\PO-Lohnab.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\purzelchen\Desktop\PO-Lohnab.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\purzelchen\Desktop\shadowrunchartab.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\purzelchen\Desktop\shadowrunchartab.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ALDITALKVerbindungsassistent_Service => 2
MSCONFIG\Services: Allin1Convert_8hService => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: bonanzadealslive => 2
MSCONFIG\Services: bonanzadealslivem => 3
MSCONFIG\Services: BsBackup => 2
MSCONFIG\Services: BsBhvScan => 2
MSCONFIG\Services: BsFileScan => 2
MSCONFIG\Services: BsFire => 2
MSCONFIG\Services: BsMailProxy => 2
MSCONFIG\Services: BsMain => 2
MSCONFIG\Services: BsScanner => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BsUpdate => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\startupreg: Allin1Convert Home Page Guard 64 bit => "C:\PROGRA~2\ALLIN1~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Allin1Convert Search Scope Monitor => "C:\PROGRA~2\ALLIN1~2\bar\1.bin\8hsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Allin1Convert_8h Browser Plugin Loader => C:\PROGRA~2\ALLIN1~2\bar\1.bin\8hbrmon.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BullGuard => "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
MSCONFIG\startupreg: BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Driver Whiz => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: MyDriveConnect.exe => "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

========================= Accounts: ==========================

Administrator (S-1-5-21-432217040-4276816697-2371958446-500 - Administrator - Disabled)
Gast (S-1-5-21-432217040-4276816697-2371958446-501 - Limited - Disabled)
purzelchen (S-1-5-21-432217040-4276816697-2371958446-1000 - Administrator - Enabled) => C:\Users\purzelchen

==================== Faulty Device Manager Devices =============

Name: Atheros AR9002WB-1NG Wireless Network Adapter
Description: Atheros AR9002WB-1NG Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: wStLibG64
Description: wStLibG64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: wStLibG64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 02:22:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/10/2014 02:01:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 38.0.2125.111 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14b4

Startzeit: 01cffcde7cd8003c

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: b9c9293b-68d9-11e4-895f-742f687924cb

Error: (11/10/2014 01:22:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/10/2014 00:35:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 38.0.2125.111 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 135c

Startzeit: 01cffcda5eff4604

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: aa8994e3-68cd-11e4-895f-742f687924cb

Error: (11/10/2014 00:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UseServe.exe, Version: 1.2.0.0, Zeitstempel: 0x4fef52dc
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xc80
Startzeit der fehlerhaften Anwendung: 0xUseServe.exe0
Pfad der fehlerhaften Anwendung: UseServe.exe1
Pfad des fehlerhaften Moduls: UseServe.exe2
Berichtskennung: UseServe.exe3

Error: (11/10/2014 01:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 38.0.2125.111, Zeitstempel: 0x5447163b
Name des fehlerhaften Moduls: chrome.dll, Version: 38.0.2125.111, Zeitstempel: 0x54471342
Ausnahmecode: 0x80000003
Fehleroffset: 0x004dc123
ID des fehlerhaften Prozesses: 0x1fdc
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (11/10/2014 01:22:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/10/2014 00:22:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/09/2014 11:22:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.

Error: (11/09/2014 10:22:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.


System errors:
=============
Error: (11/10/2014 00:34:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (11/10/2014 00:33:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
wStLibG64

Error: (11/10/2014 00:33:57 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.24192.168.137.0255.255.255.0

Error: (11/10/2014 00:33:57 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (11/10/2014 00:33:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Browser Protect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/09/2014 10:01:08 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.24192.168.137.0255.255.255.0

Error: (11/09/2014 10:01:06 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/09/2014 07:45:44 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.24192.168.137.0255.255.255.0

Error: (11/09/2014 07:45:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (11/09/2014 04:31:42 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.24192.168.137.0255.255.255.0


Microsoft Office Sessions:
=========================
Error: (11/10/2014 02:22:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/10/2014 02:01:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.11114b401cffcde7cd8003c2C:\Program Files (x86)\Google\Chrome\Application\chrome.exeb9c9293b-68d9-11e4-895f-742f687924cb

Error: (11/10/2014 01:22:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/10/2014 00:35:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.111135c01cffcda5eff46042C:\Program Files (x86)\Google\Chrome\Application\chrome.exeaa8994e3-68cd-11e4-895f-742f687924cb

Error: (11/10/2014 00:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UseServe.exe1.2.0.04fef52dcKERNELBASE.dll6.1.7601.1840953159a86e0434f4d0000c42dc8001cffcda3a850746C:\Users\purzelchen\AppData\Roaming\UseServe.exeC:\Windows\syswow64\KERNELBASE.dll913e55b3-68cd-11e4-895f-742f687924cb

Error: (11/10/2014 01:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1115447163bchrome.dll38.0.2125.1115447134280000003004dc1231fdc01cffc604b206623C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\chrome.dll9764c95c-6872-11e4-ac06-742f687924cb

Error: (11/10/2014 01:22:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/10/2014 00:22:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/09/2014 11:22:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/09/2014 10:22:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-07-22 16:31:03.464
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:31:03.401
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:30:54.213
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:30:54.166
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:30:53.136
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:30:53.090
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:28:14.504
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:28:14.444
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:26:55.924
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-22 16:26:55.874
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ew_hwusbdev.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 24%
Total physical RAM: 8169.16 MB
Available physical RAM: 6166.04 MB
Total Pagefile: 16336.51 MB
Available Pagefile: 14052.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:107.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:55.16 GB) NTFS
Drive e: (SDATA1) (Fixed) (Total:232.87 GB) (Free:148.44 GB) NTFS
Drive f: (SDATA2) (Fixed) (Total:232.89 GB) (Free:53.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 10.11.2014, 14:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    BrowserProtect

    Bueno Chrome Toolbar

    buenosearch toolbar

    Extended Update

    File Extractor

    Google Update Helper


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________
Alt 10.11.2014, 15:10   #3
Deadfly
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


So, gemacht.
Achja, ich benutze gerade Chrome wegen Problemen mit dem Flashplayer. Ansonsten Firefox, falls das wichtig ist. Hier das log:

TDSSKiller
Code:
ATTFilter
15:06:37.0266 0x134c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:06:41.0452 0x134c  ============================================================
15:06:41.0452 0x134c  Current date / time: 2014/11/10 15:06:41.0452
15:06:41.0452 0x134c  SystemInfo:
15:06:41.0452 0x134c  
15:06:41.0452 0x134c  OS Version: 6.1.7601 ServicePack: 1.0
15:06:41.0452 0x134c  Product type: Workstation
15:06:41.0452 0x134c  ComputerName: PURZELCHEN-PC
15:06:41.0452 0x134c  UserName: purzelchen
15:06:41.0452 0x134c  Windows directory: C:\Windows
15:06:41.0452 0x134c  System windows directory: C:\Windows
15:06:41.0452 0x134c  Running under WOW64
15:06:41.0452 0x134c  Processor architecture: Intel x64
15:06:41.0452 0x134c  Number of processors: 8
15:06:41.0452 0x134c  Page size: 0x1000
15:06:41.0452 0x134c  Boot type: Normal boot
15:06:41.0452 0x134c  ============================================================
15:06:43.0639 0x134c  KLMD registered as C:\Windows\system32\drivers\06814722.sys
15:06:43.0777 0x134c  System UUID: {32F68BDE-A527-F4FA-4C82-BE23F802989F}
15:06:44.0070 0x134c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:06:44.0071 0x134c  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:06:44.0107 0x134c  ============================================================
15:06:44.0107 0x134c  \Device\Harddisk0\DR0:
15:06:44.0107 0x134c  MBR partitions:
15:06:44.0107 0x134c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
15:06:44.0108 0x134c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
15:06:44.0108 0x134c  \Device\Harddisk1\DR1:
15:06:44.0108 0x134c  MBR partitions:
15:06:44.0108 0x134c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1BE000
15:06:44.0108 0x134c  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1D1BE800, BlocksNum 0x1D1C7830
15:06:44.0108 0x134c  ============================================================
15:06:44.0111 0x134c  C: <-> \Device\Harddisk0\DR0\Partition1
15:06:44.0113 0x134c  D: <-> \Device\Harddisk0\DR0\Partition2
15:06:44.0117 0x134c  E: <-> \Device\Harddisk1\DR1\Partition1
15:06:44.0123 0x134c  F: <-> \Device\Harddisk1\DR1\Partition2
15:06:44.0123 0x134c  ============================================================
15:06:44.0123 0x134c  Initialize success
15:06:44.0123 0x134c  ============================================================
15:07:17.0666 0x19d4  ============================================================
15:07:17.0666 0x19d4  Scan started
15:07:17.0666 0x19d4  Mode: Manual; SigCheck; TDLFS; 
15:07:17.0666 0x19d4  ============================================================
15:07:17.0666 0x19d4  KSN ping started
15:07:31.0072 0x19d4  KSN ping finished: true
15:07:31.0821 0x19d4  ================ Scan system memory ========================
15:07:31.0821 0x19d4  System memory - ok
15:07:31.0821 0x19d4  ================ Scan services =============================
15:07:31.0961 0x19d4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:07:32.0023 0x19d4  1394ohci - ok
15:07:32.0055 0x19d4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:07:32.0086 0x19d4  ACPI - ok
15:07:32.0101 0x19d4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:07:32.0148 0x19d4  AcpiPmi - ok
15:07:32.0273 0x19d4  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:07:32.0304 0x19d4  AdobeFlashPlayerUpdateSvc - ok
15:07:32.0382 0x19d4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:07:32.0429 0x19d4  adp94xx - ok
15:07:32.0460 0x19d4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:07:32.0476 0x19d4  adpahci - ok
15:07:32.0507 0x19d4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:07:32.0507 0x19d4  adpu320 - ok
15:07:32.0523 0x19d4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:07:32.0632 0x19d4  AeLookupSvc - ok
15:07:32.0647 0x19d4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
15:07:32.0679 0x19d4  AFD - ok
15:07:32.0679 0x19d4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:07:32.0694 0x19d4  agp440 - ok
15:07:32.0694 0x19d4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:07:32.0725 0x19d4  ALG - ok
15:07:32.0741 0x19d4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:07:32.0741 0x19d4  aliide - ok
15:07:32.0913 0x19d4  ALSysIO - ok
15:07:33.0022 0x19d4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:07:33.0037 0x19d4  amdide - ok
15:07:33.0069 0x19d4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:07:33.0100 0x19d4  AmdK8 - ok
15:07:33.0100 0x19d4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:07:33.0115 0x19d4  AmdPPM - ok
15:07:33.0147 0x19d4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:07:33.0162 0x19d4  amdsata - ok
15:07:33.0209 0x19d4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:07:33.0240 0x19d4  amdsbs - ok
15:07:33.0240 0x19d4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:07:33.0256 0x19d4  amdxata - ok
15:07:33.0256 0x19d4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:07:33.0365 0x19d4  AppID - ok
15:07:33.0381 0x19d4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:07:33.0412 0x19d4  AppIDSvc - ok
15:07:33.0427 0x19d4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:07:33.0443 0x19d4  Appinfo - ok
15:07:33.0474 0x19d4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:07:33.0474 0x19d4  arc - ok
15:07:33.0474 0x19d4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:07:33.0490 0x19d4  arcsas - ok
15:07:33.0537 0x19d4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:07:33.0537 0x19d4  aspnet_state - ok
15:07:33.0552 0x19d4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:07:33.0568 0x19d4  AsyncMac - ok
15:07:33.0583 0x19d4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:07:33.0583 0x19d4  atapi - ok
15:07:33.0615 0x19d4  [ 185F180536188C1A4ED605234721A5B9, FF06E13656E3442D66F8092CA2CF5AC474EFF7DC9C530E8DD87843E8322EF5C5 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
15:07:33.0615 0x19d4  AthBTPort - ok
15:07:33.0661 0x19d4  [ 397748353925A6602A6097FA92AF23BF, 6962E497E449C27A07FFE7A167CC89604E1E0E16203FF30D44E7C3F99727A90F ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:07:33.0661 0x19d4  AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
15:07:36.0048 0x19d4  Detect skipped due to KSN trusted
15:07:36.0048 0x19d4  AtherosSvc - ok
15:07:36.0267 0x19d4  [ B4174564AD5834A1680610572477878C, EA8687C90FE871AA427B4139BEE425E6DC4CFBC4CF3DCE29695EB9B967D9872F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:07:36.0376 0x19d4  athr - ok
15:07:36.0407 0x19d4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:07:36.0469 0x19d4  AudioEndpointBuilder - ok
15:07:36.0501 0x19d4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:07:36.0547 0x19d4  AudioSrv - ok
15:07:36.0594 0x19d4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:07:36.0672 0x19d4  AxInstSV - ok
15:07:36.0703 0x19d4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:07:36.0750 0x19d4  b06bdrv - ok
15:07:36.0781 0x19d4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:07:36.0813 0x19d4  b57nd60a - ok
15:07:36.0844 0x19d4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:07:36.0859 0x19d4  BDESVC - ok
15:07:36.0859 0x19d4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:07:36.0891 0x19d4  Beep - ok
15:07:36.0922 0x19d4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:07:36.0969 0x19d4  BFE - ok
15:07:37.0000 0x19d4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:07:37.0062 0x19d4  BITS - ok
15:07:37.0078 0x19d4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:07:37.0093 0x19d4  blbdrive - ok
15:07:37.0093 0x19d4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:07:37.0109 0x19d4  bowser - ok
15:07:37.0125 0x19d4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:07:37.0187 0x19d4  BrFiltLo - ok
15:07:37.0187 0x19d4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:07:37.0203 0x19d4  BrFiltUp - ok
15:07:37.0203 0x19d4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:07:37.0218 0x19d4  Browser - ok
15:07:37.0234 0x19d4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:07:37.0265 0x19d4  Brserid - ok
15:07:37.0265 0x19d4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:07:37.0281 0x19d4  BrSerWdm - ok
15:07:37.0296 0x19d4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:07:37.0296 0x19d4  BrUsbMdm - ok
15:07:37.0312 0x19d4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:07:37.0312 0x19d4  BrUsbSer - ok
15:07:37.0359 0x19d4  [ C150BAE6E9E4C99ABE3F5BC0777DD0A6, BDB7927539FF12255A9443437AD0ACC5A752088E06DA81C7A50222F75F6104A5 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
15:07:37.0405 0x19d4  BstHdAndroidSvc - ok
15:07:37.0421 0x19d4  [ E09B1C208FAC7D70735DBF2002B1A76D, 255EAC48F994698A4AB0566B9F7463E06A464A8F67D21DA3522B756712A9E952 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
15:07:37.0421 0x19d4  BstHdDrv - ok
15:07:37.0452 0x19d4  [ CE55E8B3FF604A173E8678FBAA78F818, 17CBA9591CB8022D3313F66BCD462BC59B9E9AEBA247054D6919E476C95EA417 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
15:07:37.0468 0x19d4  BstHdLogRotatorSvc - ok
15:07:37.0530 0x19d4  [ B5D8C2E82F33E2385FA9F309B6356715, 59726D203B808C43B2DF29BEC677B675798219B801877373358BA327E9C4DE18 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
15:07:37.0561 0x19d4  BTATH_A2DP - ok
15:07:37.0577 0x19d4  [ 3118072D09DAA1961A9F6549A4E8433A, 19159A2D424362BAF84D98AA95E0F3F517FE46726B4A1E19DFE0B62D17DE6227 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
15:07:37.0577 0x19d4  btath_avdt - ok
15:07:37.0593 0x19d4  [ E6B734A37ADE36FE1A77035F4E484C8C, 7F3AB1E0CF9F348633B3B325F5F365CCD4C7FF7E4564BDE02C2DA27A499D0234 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
15:07:37.0593 0x19d4  BTATH_BUS - ok
15:07:37.0608 0x19d4  [ FB3833E63FF602B69C2FF085846DCF43, 468BC9580341AD4C65F0BBB3A11F3E39C1DD0F9694D098AB3647A181C03E4E11 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:07:37.0624 0x19d4  BTATH_HCRP - ok
15:07:37.0639 0x19d4  [ 8008D892A2BDA67EEFBE25E14EB5DC83, 765FBBF0E58D0FA61A11AA888AB168314622572BB0F73E44FC4F88ACAF1ECB32 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:07:37.0655 0x19d4  BTATH_LWFLT - ok
15:07:37.0671 0x19d4  [ ABCD3C16CA850A7594CEB9AD5D966810, DB0EAF000BB6F12F2AA550B66F5C61E08F2C6E58A18DA40BE69DD2B662D1EC60 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
15:07:37.0686 0x19d4  BTATH_RCP - ok
15:07:37.0733 0x19d4  [ 0C3825703B5E4ADB5FB75A651E4682B7, 6DFFB545EB2F01B5EC41FA6D5F01E65406BA25CAA862F9C3D2283CE5E32085A2 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
15:07:37.0764 0x19d4  BtFilter - ok
15:07:37.0780 0x19d4  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:07:37.0795 0x19d4  BthEnum - ok
15:07:37.0795 0x19d4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:07:37.0811 0x19d4  BTHMODEM - ok
15:07:37.0811 0x19d4  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:07:37.0827 0x19d4  BthPan - ok
15:07:37.0858 0x19d4  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:07:37.0873 0x19d4  BTHPORT - ok
15:07:37.0889 0x19d4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:07:37.0920 0x19d4  bthserv - ok
15:07:37.0920 0x19d4  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:07:37.0951 0x19d4  BTHUSB - ok
15:07:37.0967 0x19d4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:07:37.0998 0x19d4  cdfs - ok
15:07:38.0014 0x19d4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:07:38.0029 0x19d4  cdrom - ok
15:07:38.0045 0x19d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:07:38.0076 0x19d4  CertPropSvc - ok
15:07:38.0092 0x19d4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:07:38.0107 0x19d4  circlass - ok
15:07:38.0123 0x19d4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:07:38.0139 0x19d4  CLFS - ok
15:07:38.0154 0x19d4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:07:38.0170 0x19d4  clr_optimization_v2.0.50727_32 - ok
15:07:38.0185 0x19d4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:07:38.0201 0x19d4  clr_optimization_v2.0.50727_64 - ok
15:07:38.0232 0x19d4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:07:38.0263 0x19d4  clr_optimization_v4.0.30319_32 - ok
15:07:38.0263 0x19d4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:07:38.0295 0x19d4  clr_optimization_v4.0.30319_64 - ok
15:07:38.0295 0x19d4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:07:38.0295 0x19d4  CmBatt - ok
15:07:38.0310 0x19d4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:07:38.0326 0x19d4  cmdide - ok
15:07:38.0341 0x19d4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:07:38.0388 0x19d4  CNG - ok
15:07:38.0388 0x19d4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:07:38.0404 0x19d4  Compbatt - ok
15:07:38.0419 0x19d4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:07:38.0435 0x19d4  CompositeBus - ok
15:07:38.0435 0x19d4  COMSysApp - ok
15:07:38.0435 0x19d4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:07:38.0451 0x19d4  crcdisk - ok
15:07:38.0451 0x19d4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:07:38.0466 0x19d4  CryptSvc - ok
15:07:38.0497 0x19d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:07:38.0529 0x19d4  DcomLaunch - ok
15:07:38.0560 0x19d4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:07:38.0591 0x19d4  defragsvc - ok
15:07:38.0591 0x19d4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:07:38.0622 0x19d4  DfsC - ok
15:07:38.0653 0x19d4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:07:38.0669 0x19d4  Dhcp - ok
15:07:38.0669 0x19d4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:07:38.0700 0x19d4  discache - ok
15:07:38.0716 0x19d4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:07:38.0731 0x19d4  Disk - ok
15:07:38.0747 0x19d4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:07:38.0747 0x19d4  Dnscache - ok
15:07:38.0794 0x19d4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:07:38.0825 0x19d4  dot3svc - ok
15:07:38.0841 0x19d4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:07:38.0872 0x19d4  DPS - ok
15:07:38.0903 0x19d4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:07:38.0934 0x19d4  drmkaud - ok
15:07:39.0012 0x19d4  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:07:39.0043 0x19d4  dtsoftbus01 - ok
15:07:39.0090 0x19d4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:07:39.0121 0x19d4  DXGKrnl - ok
15:07:39.0121 0x19d4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:07:39.0153 0x19d4  EapHost - ok
15:07:39.0277 0x19d4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:07:39.0418 0x19d4  ebdrv - ok
15:07:39.0418 0x19d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
15:07:39.0433 0x19d4  EFS - ok
15:07:39.0465 0x19d4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:07:39.0511 0x19d4  ehRecvr - ok
15:07:39.0527 0x19d4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:07:39.0543 0x19d4  ehSched - ok
15:07:39.0558 0x19d4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:07:39.0589 0x19d4  elxstor - ok
15:07:39.0605 0x19d4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:07:39.0605 0x19d4  ErrDev - ok
15:07:39.0636 0x19d4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:07:39.0667 0x19d4  EventSystem - ok
15:07:39.0714 0x19d4  [ 251AF86E0A4DDF3A6B181ED5103B06B1, 1823E7C87F0D8972A89D71B1FB633C5D43744F9803E6A8B866F6EA610032437C ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
15:07:39.0730 0x19d4  ewusbnet - ok
15:07:39.0745 0x19d4  [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
15:07:39.0761 0x19d4  ew_hwusbdev - detected UnsignedFile.Multi.Generic ( 1 )
15:07:42.0132 0x19d4  Detect skipped due to KSN trusted
15:07:42.0132 0x19d4  ew_hwusbdev - ok
15:07:42.0241 0x19d4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:07:42.0319 0x19d4  exfat - ok
15:07:42.0319 0x19d4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:07:42.0366 0x19d4  fastfat - ok
15:07:42.0397 0x19d4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:07:42.0444 0x19d4  Fax - ok
15:07:42.0460 0x19d4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:07:42.0460 0x19d4  fdc - ok
15:07:42.0475 0x19d4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:07:42.0491 0x19d4  fdPHost - ok
15:07:42.0507 0x19d4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:07:42.0522 0x19d4  FDResPub - ok
15:07:42.0538 0x19d4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:07:42.0538 0x19d4  FileInfo - ok
15:07:42.0553 0x19d4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:07:42.0585 0x19d4  Filetrace - ok
15:07:42.0647 0x19d4  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:07:42.0663 0x19d4  FLEXnet Licensing Service - ok
15:07:42.0663 0x19d4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:07:42.0678 0x19d4  flpydisk - ok
15:07:42.0694 0x19d4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:07:42.0709 0x19d4  FltMgr - ok
15:07:42.0725 0x19d4  [ 8768D7AF8CA1AEB2380BD62170C03F70, 12FB68B19B7557628B13A61735366D1173890607899A86E5943FFD706ED329F3 ] FLxHCIc         C:\Windows\system32\DRIVERS\FLxHCIc.sys
15:07:42.0741 0x19d4  FLxHCIc - ok
15:07:42.0741 0x19d4  [ DCEE5572BCC930D5B8A9E23391236233, F244A81AB96AD085BA0274CAE5D2FD7FB40949D26C2955BF3E08457328F5740B ] FLxHCIh         C:\Windows\system32\DRIVERS\FLxHCIh.sys
15:07:42.0756 0x19d4  FLxHCIh - ok
15:07:42.0803 0x19d4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
15:07:42.0850 0x19d4  FontCache - ok
15:07:42.0865 0x19d4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:07:42.0881 0x19d4  FontCache3.0.0.0 - ok
15:07:42.0881 0x19d4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:07:42.0897 0x19d4  FsDepends - ok
15:07:42.0912 0x19d4  [ 3DFA8D4E50D608F8F732014614C84DD2, 4927B200F1A4FF04C14347A744C878EB11A78AB356B814C196EB6DDF30DDD934 ] fspad_win764    C:\Windows\system32\DRIVERS\fspad_win764.sys
15:07:42.0928 0x19d4  fspad_win764 - ok
15:07:42.0928 0x19d4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:07:42.0928 0x19d4  Fs_Rec - ok
15:07:42.0943 0x19d4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:07:42.0959 0x19d4  fvevol - ok
15:07:42.0959 0x19d4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:07:42.0975 0x19d4  gagp30kx - ok
15:07:43.0021 0x19d4  [ B0463138D3F872E3D2EC0C4C471AC067, CB0342294BD49732572C81A721DFFA531A031D65A640BF46A5C5AD0B1ACF6AED ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
15:07:43.0068 0x19d4  GfExperienceService - ok
15:07:43.0099 0x19d4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:07:43.0162 0x19d4  gpsvc - ok
15:07:43.0179 0x19d4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:07:43.0195 0x19d4  gupdate - ok
15:07:43.0195 0x19d4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:07:43.0195 0x19d4  gupdatem - ok
15:07:43.0226 0x19d4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:07:43.0226 0x19d4  hcw85cir - ok
15:07:43.0257 0x19d4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:07:43.0289 0x19d4  HdAudAddService - ok
15:07:43.0289 0x19d4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:07:43.0304 0x19d4  HDAudBus - ok
15:07:43.0320 0x19d4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:07:43.0320 0x19d4  HidBatt - ok
15:07:43.0335 0x19d4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:07:43.0351 0x19d4  HidBth - ok
15:07:43.0351 0x19d4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:07:43.0367 0x19d4  HidIr - ok
15:07:43.0367 0x19d4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:07:43.0398 0x19d4  hidserv - ok
15:07:43.0398 0x19d4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:07:43.0413 0x19d4  HidUsb - ok
15:07:43.0429 0x19d4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:07:43.0476 0x19d4  hkmsvc - ok
15:07:43.0491 0x19d4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:07:43.0507 0x19d4  HomeGroupListener - ok
15:07:43.0523 0x19d4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:07:43.0538 0x19d4  HomeGroupProvider - ok
15:07:43.0538 0x19d4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:07:43.0554 0x19d4  HpSAMD - ok
15:07:43.0592 0x19d4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:07:43.0658 0x19d4  HTTP - ok
15:07:43.0659 0x19d4  [ 6E05228393CD614B983568EC40C262C3, CEB1CFDD346534F01A52D2E7004B0220692FC67CAD874FE04740ECDA2F92767D ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:07:43.0675 0x19d4  hwdatacard - detected UnsignedFile.Multi.Generic ( 1 )
15:07:46.0044 0x19d4  Detect skipped due to KSN trusted
15:07:46.0044 0x19d4  hwdatacard - ok
15:07:46.0059 0x19d4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:07:46.0075 0x19d4  hwpolicy - ok
15:07:46.0091 0x19d4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:07:46.0106 0x19d4  i8042prt - ok
15:07:46.0231 0x19d4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:07:46.0262 0x19d4  iaStorV - ok
15:07:46.0309 0x19d4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:07:46.0340 0x19d4  idsvc - ok
15:07:46.0371 0x19d4  IEEtwCollectorService - ok
15:07:46.0387 0x19d4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:07:46.0403 0x19d4  iirsp - ok
15:07:46.0449 0x19d4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:07:46.0496 0x19d4  IKEEXT - ok
15:07:46.0496 0x19d4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:07:46.0512 0x19d4  intelide - ok
15:07:46.0512 0x19d4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:07:46.0527 0x19d4  intelppm - ok
15:07:46.0543 0x19d4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:07:46.0559 0x19d4  IPBusEnum - ok
15:07:46.0574 0x19d4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:07:46.0605 0x19d4  IpFilterDriver - ok
15:07:46.0652 0x19d4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:07:46.0683 0x19d4  iphlpsvc - ok
15:07:46.0699 0x19d4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:07:46.0715 0x19d4  IPMIDRV - ok
15:07:46.0730 0x19d4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:07:46.0761 0x19d4  IPNAT - ok
15:07:46.0761 0x19d4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:07:46.0808 0x19d4  IRENUM - ok
15:07:46.0824 0x19d4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:07:46.0839 0x19d4  isapnp - ok
15:07:46.0855 0x19d4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:07:46.0871 0x19d4  iScsiPrt - ok
15:07:46.0871 0x19d4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:07:46.0871 0x19d4  kbdclass - ok
15:07:46.0886 0x19d4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:07:46.0886 0x19d4  kbdhid - ok
15:07:46.0902 0x19d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
15:07:46.0902 0x19d4  KeyIso - ok
15:07:46.0917 0x19d4  [ B6D6F12C214DE823FA22709F7BD0EB0B, 312BCBAEF6D35EAC2514E8D89DE65EA9E524CA1506A3F7410337DF2FDFB052FF ] KoneFltr        C:\Windows\system32\drivers\Kone.sys
15:07:46.0917 0x19d4  KoneFltr - ok
15:07:46.0933 0x19d4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:07:46.0933 0x19d4  KSecDD - ok
15:07:46.0949 0x19d4  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:07:46.0964 0x19d4  KSecPkg - ok
15:07:46.0964 0x19d4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:07:46.0995 0x19d4  ksthunk - ok
15:07:47.0011 0x19d4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:07:47.0058 0x19d4  KtmRm - ok
15:07:47.0058 0x19d4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:07:47.0105 0x19d4  LanmanServer - ok
15:07:47.0105 0x19d4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:07:47.0136 0x19d4  LanmanWorkstation - ok
15:07:47.0167 0x19d4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:07:47.0198 0x19d4  lltdio - ok
15:07:47.0245 0x19d4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:07:47.0339 0x19d4  lltdsvc - ok
15:07:47.0354 0x19d4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:07:47.0385 0x19d4  lmhosts - ok
15:07:47.0401 0x19d4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:07:47.0417 0x19d4  LSI_FC - ok
15:07:47.0417 0x19d4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:07:47.0432 0x19d4  LSI_SAS - ok
15:07:47.0448 0x19d4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:07:47.0448 0x19d4  LSI_SAS2 - ok
15:07:47.0463 0x19d4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:07:47.0479 0x19d4  LSI_SCSI - ok
15:07:47.0479 0x19d4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:07:47.0510 0x19d4  luafv - ok
15:07:47.0557 0x19d4  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
15:07:47.0573 0x19d4  McComponentHostService - ok
15:07:47.0588 0x19d4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:07:47.0604 0x19d4  Mcx2Svc - ok
15:07:47.0604 0x19d4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:07:47.0619 0x19d4  megasas - ok
15:07:47.0635 0x19d4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:07:47.0651 0x19d4  MegaSR - ok
15:07:47.0666 0x19d4  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:07:47.0666 0x19d4  MEIx64 - ok
15:07:47.0666 0x19d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:07:47.0697 0x19d4  MMCSS - ok
15:07:47.0713 0x19d4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:07:47.0729 0x19d4  Modem - ok
15:07:47.0744 0x19d4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:07:47.0744 0x19d4  monitor - ok
15:07:47.0760 0x19d4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:07:47.0760 0x19d4  mouclass - ok
15:07:47.0760 0x19d4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:07:47.0775 0x19d4  mouhid - ok
15:07:47.0791 0x19d4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:07:47.0791 0x19d4  mountmgr - ok
15:07:47.0807 0x19d4  [ 28048289E32294004A86935CC40A3252, D397C3BAD6BCDA33FA0982E10677598E8BDF69A0933D19A36873CB45BA4FB819 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:07:47.0822 0x19d4  MozillaMaintenance - ok
15:07:47.0838 0x19d4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:07:47.0838 0x19d4  mpio - ok
15:07:47.0853 0x19d4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:07:47.0900 0x19d4  mpsdrv - ok
15:07:47.0947 0x19d4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:07:48.0009 0x19d4  MpsSvc - ok
15:07:48.0041 0x19d4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:07:48.0056 0x19d4  MRxDAV - ok
15:07:48.0056 0x19d4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:07:48.0072 0x19d4  mrxsmb - ok
15:07:48.0087 0x19d4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:07:48.0103 0x19d4  mrxsmb10 - ok
15:07:48.0103 0x19d4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:07:48.0119 0x19d4  mrxsmb20 - ok
15:07:48.0119 0x19d4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:07:48.0134 0x19d4  msahci - ok
15:07:48.0150 0x19d4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:07:48.0150 0x19d4  msdsm - ok
15:07:48.0165 0x19d4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:07:48.0181 0x19d4  MSDTC - ok
15:07:48.0197 0x19d4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:07:48.0228 0x19d4  Msfs - ok
15:07:48.0228 0x19d4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:07:48.0259 0x19d4  mshidkmdf - ok
15:07:48.0259 0x19d4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:07:48.0275 0x19d4  msisadrv - ok
15:07:48.0290 0x19d4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:07:48.0321 0x19d4  MSiSCSI - ok
15:07:48.0321 0x19d4  msiserver - ok
15:07:48.0368 0x19d4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:07:48.0431 0x19d4  MSKSSRV - ok
15:07:48.0446 0x19d4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:07:48.0493 0x19d4  MSPCLOCK - ok
15:07:48.0524 0x19d4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:07:48.0540 0x19d4  MSPQM - ok
15:07:48.0571 0x19d4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:07:48.0587 0x19d4  MsRPC - ok
15:07:48.0587 0x19d4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:07:48.0602 0x19d4  mssmbios - ok
15:07:48.0602 0x19d4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:07:48.0633 0x19d4  MSTEE - ok
15:07:48.0633 0x19d4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:07:48.0649 0x19d4  MTConfig - ok
15:07:48.0649 0x19d4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:07:48.0665 0x19d4  Mup - ok
15:07:48.0680 0x19d4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:07:48.0727 0x19d4  napagent - ok
15:07:48.0789 0x19d4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:07:48.0805 0x19d4  NativeWifiP - ok
15:07:48.0852 0x19d4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:07:48.0883 0x19d4  NDIS - ok
15:07:48.0930 0x19d4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:07:48.0977 0x19d4  NdisCap - ok
15:07:48.0992 0x19d4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:07:49.0023 0x19d4  NdisTapi - ok
15:07:49.0023 0x19d4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:07:49.0055 0x19d4  Ndisuio - ok
15:07:49.0070 0x19d4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:07:49.0101 0x19d4  NdisWan - ok
15:07:49.0101 0x19d4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:07:49.0133 0x19d4  NDProxy - ok
15:07:49.0133 0x19d4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:07:49.0164 0x19d4  NetBIOS - ok
15:07:49.0179 0x19d4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:07:49.0211 0x19d4  NetBT - ok
15:07:49.0226 0x19d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
15:07:49.0226 0x19d4  Netlogon - ok
15:07:49.0257 0x19d4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:07:49.0304 0x19d4  Netman - ok
15:07:49.0335 0x19d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:07:49.0351 0x19d4  NetMsmqActivator - ok
15:07:49.0351 0x19d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:07:49.0367 0x19d4  NetPipeActivator - ok
15:07:49.0413 0x19d4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:07:49.0460 0x19d4  netprofm - ok
15:07:49.0460 0x19d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:07:49.0476 0x19d4  NetTcpActivator - ok
15:07:49.0491 0x19d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:07:49.0507 0x19d4  NetTcpPortSharing - ok
15:07:49.0523 0x19d4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:07:49.0523 0x19d4  nfrd960 - ok
15:07:49.0569 0x19d4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:07:49.0585 0x19d4  NlaSvc - ok
15:07:49.0585 0x19d4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:07:49.0616 0x19d4  Npfs - ok
15:07:49.0616 0x19d4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:07:49.0647 0x19d4  nsi - ok
15:07:49.0663 0x19d4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:07:49.0694 0x19d4  nsiproxy - ok
15:07:49.0757 0x19d4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:07:49.0835 0x19d4  Ntfs - ok
15:07:49.0850 0x19d4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:07:49.0866 0x19d4  Null - ok
15:07:49.0897 0x19d4  [ C87B11EB78428853F9E8495C47E53C10, FAE479DB0812967B3FF968773BA998591B4F50BE4329B8349BCA7E6EAB1B0474 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:07:49.0897 0x19d4  NVHDA - ok
15:07:50.0288 0x19d4  [ 810530F309BDD7F055BE0301E27041FB, 993ECC80D175795FC5C8A8CD4A6B5970E027227E4917631DE794224268CE73D6 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:07:50.0569 0x19d4  nvlddmkm - ok
15:07:50.0881 0x19d4  [ E55893C3A3E328810583555652EEB4DC, 52AA52B6AC99B8D77A60706B27C4F4F514EDB2F0CFF8608266F4B3C76D1158E9 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
15:07:50.0943 0x19d4  NvNetworkService - ok
15:07:50.0974 0x19d4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:07:50.0974 0x19d4  nvraid - ok
15:07:50.0990 0x19d4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:07:50.0990 0x19d4  nvstor - ok
15:07:51.0006 0x19d4  [ E8804B858EB4A18C0B386C58DBEBB7C8, 5A47435AB323D2E7BE487DFC4D0197999C2C4E618C42D9910210E134345FF4A4 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
15:07:51.0006 0x19d4  NvStreamKms - ok
15:07:51.0552 0x19d4  [ 8A6985CB27B206910F3903E14B8742D1, FC55D8BD60FBA6ABF6DB111C1E90DA64D0E2460F71F35F752987E75D9AF05D69 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
15:07:52.0519 0x19d4  NvStreamSvc - ok
15:07:52.0581 0x19d4  [ 3532AE8B1FB357B873CDE72A96A417C8, 9212F709CE72DC91D961928361C35DD5BADA5F6342EE526E55E5EF1614EBDA71 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:07:52.0628 0x19d4  nvsvc - ok
15:07:52.0628 0x19d4  [ 1AF619620613869C07F9C147BC37520F, 0AD4E100354E201D5E72BA236C1464F5083A7E3B58C4AC6BA712489D258955F5 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
15:07:52.0644 0x19d4  nvvad_WaveExtensible - ok
15:07:52.0675 0x19d4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:07:52.0675 0x19d4  nv_agp - ok
15:07:52.0722 0x19d4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:07:52.0753 0x19d4  ohci1394 - ok
15:07:52.0784 0x19d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:07:52.0846 0x19d4  p2pimsvc - ok
15:07:52.0862 0x19d4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:07:52.0893 0x19d4  p2psvc - ok
15:07:52.0893 0x19d4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:07:52.0909 0x19d4  Parport - ok
15:07:52.0909 0x19d4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:07:52.0924 0x19d4  partmgr - ok
15:07:52.0924 0x19d4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:07:52.0956 0x19d4  PcaSvc - ok
15:07:52.0956 0x19d4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:07:52.0971 0x19d4  pci - ok
15:07:52.0987 0x19d4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:07:52.0987 0x19d4  pciide - ok
15:07:53.0002 0x19d4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:07:53.0018 0x19d4  pcmcia - ok
15:07:53.0018 0x19d4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:07:53.0018 0x19d4  pcw - ok
15:07:53.0065 0x19d4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:07:53.0112 0x19d4  PEAUTH - ok
15:07:53.0174 0x19d4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:07:53.0205 0x19d4  PerfHost - ok
15:07:53.0299 0x19d4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:07:53.0408 0x19d4  pla - ok
15:07:53.0455 0x19d4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:07:53.0486 0x19d4  PlugPlay - ok
15:07:53.0486 0x19d4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:07:53.0502 0x19d4  PNRPAutoReg - ok
15:07:53.0517 0x19d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:07:53.0533 0x19d4  PNRPsvc - ok
15:07:53.0548 0x19d4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:07:53.0595 0x19d4  PolicyAgent - ok
15:07:53.0611 0x19d4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:07:53.0642 0x19d4  Power - ok
15:07:53.0658 0x19d4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:07:53.0689 0x19d4  PptpMiniport - ok
15:07:53.0704 0x19d4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:07:53.0720 0x19d4  Processor - ok
15:07:53.0736 0x19d4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:07:53.0751 0x19d4  ProfSvc - ok
15:07:53.0751 0x19d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:07:53.0767 0x19d4  ProtectedStorage - ok
15:07:53.0798 0x19d4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:07:53.0860 0x19d4  Psched - ok
15:07:53.0968 0x19d4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:07:54.0037 0x19d4  ql2300 - ok
15:07:54.0069 0x19d4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:07:54.0069 0x19d4  ql40xx - ok
15:07:54.0100 0x19d4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:07:54.0115 0x19d4  QWAVE - ok
15:07:54.0131 0x19d4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:07:54.0147 0x19d4  QWAVEdrv - ok
15:07:54.0162 0x19d4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:07:54.0193 0x19d4  RasAcd - ok
15:07:54.0225 0x19d4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:07:54.0256 0x19d4  RasAgileVpn - ok
15:07:54.0271 0x19d4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:07:54.0315 0x19d4  RasAuto - ok
15:07:54.0323 0x19d4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:07:54.0354 0x19d4  Rasl2tp - ok
15:07:54.0375 0x19d4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:07:54.0422 0x19d4  RasMan - ok
15:07:54.0422 0x19d4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:07:54.0453 0x19d4  RasPppoe - ok
15:07:54.0469 0x19d4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:07:54.0500 0x19d4  RasSstp - ok
15:07:54.0531 0x19d4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:07:54.0562 0x19d4  rdbss - ok
15:07:54.0578 0x19d4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:07:54.0593 0x19d4  rdpbus - ok
15:07:54.0593 0x19d4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:07:54.0609 0x19d4  RDPCDD - ok
15:07:54.0640 0x19d4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:07:54.0656 0x19d4  RDPENCDD - ok
15:07:54.0671 0x19d4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:07:54.0703 0x19d4  RDPREFMP - ok
15:07:54.0718 0x19d4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:07:54.0734 0x19d4  RdpVideoMiniport - ok
15:07:54.0734 0x19d4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:07:54.0765 0x19d4  RDPWD - ok
15:07:54.0781 0x19d4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:07:54.0796 0x19d4  rdyboost - ok
15:07:54.0812 0x19d4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:07:54.0845 0x19d4  RemoteAccess - ok
15:07:54.0876 0x19d4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:07:54.0954 0x19d4  RemoteRegistry - ok
15:07:54.0954 0x19d4  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:07:54.0970 0x19d4  RFCOMM - ok
15:07:55.0001 0x19d4  [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
15:07:55.0032 0x19d4  RMCAST - ok
15:07:55.0032 0x19d4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:07:55.0095 0x19d4  RpcEptMapper - ok
15:07:55.0110 0x19d4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:07:55.0126 0x19d4  RpcLocator - ok
15:07:55.0141 0x19d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:07:55.0173 0x19d4  RpcSs - ok
15:07:55.0188 0x19d4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:07:55.0219 0x19d4  rspndr - ok
15:07:55.0282 0x19d4  [ E57FAC2CDB73F06586ED2ED310B80932, 9BFC866E8AF555810127D1B95D1950BAC645C2553A46620417F6BA19FF5706B7 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
15:07:55.0297 0x19d4  RSUSBVSTOR - ok
15:07:55.0344 0x19d4  [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:07:55.0360 0x19d4  RTL8167 - ok
15:07:55.0360 0x19d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
15:07:55.0360 0x19d4  SamSs - ok
15:07:55.0375 0x19d4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:07:55.0391 0x19d4  sbp2port - ok
15:07:55.0407 0x19d4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:07:55.0453 0x19d4  SCardSvr - ok
15:07:55.0485 0x19d4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:07:55.0531 0x19d4  scfilter - ok
15:07:55.0578 0x19d4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:07:55.0672 0x19d4  Schedule - ok
15:07:55.0687 0x19d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:07:55.0703 0x19d4  SCPolicySvc - ok
15:07:55.0734 0x19d4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:07:55.0750 0x19d4  SDRSVC - ok
15:07:55.0750 0x19d4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:07:55.0781 0x19d4  secdrv - ok
15:07:55.0781 0x19d4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:07:55.0812 0x19d4  seclogon - ok
15:07:55.0828 0x19d4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:07:55.0843 0x19d4  SENS - ok
15:07:55.0859 0x19d4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:07:55.0875 0x19d4  SensrSvc - ok
15:07:55.0890 0x19d4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:07:55.0890 0x19d4  Serenum - ok
15:07:55.0906 0x19d4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:07:55.0921 0x19d4  Serial - ok
15:07:55.0937 0x19d4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:07:55.0937 0x19d4  sermouse - ok
15:07:55.0953 0x19d4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:07:55.0984 0x19d4  SessionEnv - ok
15:07:56.0031 0x19d4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:07:56.0062 0x19d4  sffdisk - ok
15:07:56.0077 0x19d4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:07:56.0093 0x19d4  sffp_mmc - ok
15:07:56.0109 0x19d4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:07:56.0124 0x19d4  sffp_sd - ok
15:07:56.0124 0x19d4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:07:56.0140 0x19d4  sfloppy - ok
15:07:56.0155 0x19d4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:07:56.0187 0x19d4  SharedAccess - ok
15:07:56.0202 0x19d4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:07:56.0249 0x19d4  ShellHWDetection - ok
15:07:56.0265 0x19d4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:07:56.0265 0x19d4  SiSRaid2 - ok
15:07:56.0280 0x19d4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:07:56.0296 0x19d4  SiSRaid4 - ok
15:07:56.0311 0x19d4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:07:56.0343 0x19d4  Smb - ok
15:07:56.0343 0x19d4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:07:56.0358 0x19d4  SNMPTRAP - ok
15:07:56.0358 0x19d4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:07:56.0358 0x19d4  spldr - ok
15:07:56.0389 0x19d4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
15:07:56.0421 0x19d4  Spooler - ok
15:07:56.0545 0x19d4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:07:56.0748 0x19d4  sppsvc - ok
15:07:56.0779 0x19d4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:07:56.0811 0x19d4  sppuinotify - ok
15:07:56.0857 0x19d4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:07:56.0889 0x19d4  srv - ok
15:07:56.0904 0x19d4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:07:56.0920 0x19d4  srv2 - ok
15:07:56.0935 0x19d4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:07:56.0951 0x19d4  srvnet - ok
15:07:56.0951 0x19d4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:07:56.0982 0x19d4  SSDPSRV - ok
15:07:56.0998 0x19d4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:07:57.0029 0x19d4  SstpSvc - ok
15:07:57.0045 0x19d4  [ 3FD909ED46EC85442820ECB6DB9A897D, 6A4911B5BF576156B2E26A48010F5424149C86A732244D6C4ECB4A0894E1CE27 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:07:57.0060 0x19d4  Stereo Service - ok
15:07:57.0076 0x19d4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:07:57.0076 0x19d4  stexstor - ok
15:07:57.0107 0x19d4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:07:57.0138 0x19d4  stisvc - ok
15:07:57.0138 0x19d4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:07:57.0138 0x19d4  swenum - ok
15:07:57.0185 0x19d4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:07:57.0216 0x19d4  swprv - ok
15:07:57.0325 0x19d4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
15:07:57.0419 0x19d4  SysMain - ok
15:07:57.0435 0x19d4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:07:57.0450 0x19d4  TabletInputService - ok
15:07:57.0481 0x19d4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:07:57.0513 0x19d4  TapiSrv - ok
15:07:57.0513 0x19d4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:07:57.0544 0x19d4  TBS - ok
15:07:57.0637 0x19d4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:07:57.0731 0x19d4  Tcpip - ok
15:07:57.0793 0x19d4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:07:57.0840 0x19d4  TCPIP6 - ok
15:07:57.0856 0x19d4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:07:57.0871 0x19d4  tcpipreg - ok
15:07:57.0887 0x19d4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:07:57.0903 0x19d4  TDPIPE - ok
15:07:57.0918 0x19d4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:07:57.0934 0x19d4  TDTCP - ok
15:07:57.0934 0x19d4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:07:57.0965 0x19d4  tdx - ok
15:07:57.0965 0x19d4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:07:57.0981 0x19d4  TermDD - ok
15:07:58.0012 0x19d4  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
15:07:58.0043 0x19d4  TermService - ok
15:07:58.0059 0x19d4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:07:58.0074 0x19d4  Themes - ok
15:07:58.0074 0x19d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:07:58.0105 0x19d4  THREADORDER - ok
15:07:58.0121 0x19d4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:07:58.0152 0x19d4  TrkWks - ok
15:07:58.0168 0x19d4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:07:58.0199 0x19d4  TrustedInstaller - ok
15:07:58.0215 0x19d4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:07:58.0230 0x19d4  tssecsrv - ok
15:07:58.0230 0x19d4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:07:58.0246 0x19d4  TsUsbFlt - ok
15:07:58.0246 0x19d4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:07:58.0277 0x19d4  tunnel - ok
15:07:58.0293 0x19d4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:07:58.0308 0x19d4  uagp35 - ok
15:07:58.0339 0x19d4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:07:58.0371 0x19d4  udfs - ok
15:07:58.0386 0x19d4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:07:58.0402 0x19d4  UI0Detect - ok
15:07:58.0424 0x19d4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:07:58.0424 0x19d4  uliagpkx - ok
15:07:58.0440 0x19d4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:07:58.0440 0x19d4  umbus - ok
15:07:58.0456 0x19d4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:07:58.0474 0x19d4  UmPass - ok
15:07:58.0490 0x19d4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:07:58.0521 0x19d4  upnphost - ok
15:07:58.0537 0x19d4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:07:58.0568 0x19d4  usbaudio - ok
15:07:58.0568 0x19d4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:07:58.0583 0x19d4  usbccgp - ok
15:07:58.0605 0x19d4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:07:58.0608 0x19d4  usbcir - ok
15:07:58.0608 0x19d4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:07:58.0624 0x19d4  usbehci - ok
15:07:58.0639 0x19d4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:07:58.0655 0x19d4  usbhub - ok
15:07:58.0670 0x19d4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:07:58.0670 0x19d4  usbohci - ok
15:07:58.0686 0x19d4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:07:58.0686 0x19d4  usbprint - ok
15:07:58.0702 0x19d4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
15:07:58.0702 0x19d4  usbscan - ok
15:07:58.0717 0x19d4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:07:58.0717 0x19d4  USBSTOR - ok
15:07:58.0733 0x19d4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:07:58.0748 0x19d4  usbuhci - ok
15:07:58.0764 0x19d4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:07:58.0780 0x19d4  usbvideo - ok
15:07:58.0780 0x19d4  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
15:07:58.0795 0x19d4  usb_rndisx - ok
15:07:58.0795 0x19d4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:07:58.0828 0x19d4  UxSms - ok
15:07:58.0860 0x19d4  V-bates Updater - ok
15:07:58.0860 0x19d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
15:07:58.0875 0x19d4  VaultSvc - ok
15:07:58.0875 0x19d4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:07:58.0891 0x19d4  vdrvroot - ok
15:07:58.0906 0x19d4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:07:58.0953 0x19d4  vds - ok
15:07:58.0953 0x19d4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:07:58.0969 0x19d4  vga - ok
15:07:58.0969 0x19d4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:07:59.0000 0x19d4  VgaSave - ok
15:07:59.0016 0x19d4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:07:59.0031 0x19d4  vhdmp - ok
15:07:59.0047 0x19d4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:07:59.0047 0x19d4  viaide - ok
15:07:59.0062 0x19d4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:07:59.0062 0x19d4  volmgr - ok
15:07:59.0078 0x19d4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:07:59.0094 0x19d4  volmgrx - ok
15:07:59.0126 0x19d4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:07:59.0141 0x19d4  volsnap - ok
15:07:59.0157 0x19d4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:07:59.0173 0x19d4  vsmraid - ok
15:07:59.0251 0x19d4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:07:59.0374 0x19d4  VSS - ok
15:07:59.0389 0x19d4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:07:59.0405 0x19d4  vwifibus - ok
15:07:59.0405 0x19d4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:07:59.0420 0x19d4  vwififlt - ok
15:07:59.0436 0x19d4  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:07:59.0452 0x19d4  vwifimp - ok
15:07:59.0468 0x19d4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:07:59.0509 0x19d4  W32Time - ok
15:07:59.0525 0x19d4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:07:59.0525 0x19d4  WacomPen - ok
15:07:59.0540 0x19d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:07:59.0571 0x19d4  WANARP - ok
15:07:59.0571 0x19d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:07:59.0603 0x19d4  Wanarpv6 - ok
15:07:59.0665 0x19d4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:07:59.0712 0x19d4  wbengine - ok
15:07:59.0743 0x19d4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:07:59.0759 0x19d4  WbioSrvc - ok
15:07:59.0774 0x19d4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:07:59.0810 0x19d4  wcncsvc - ok
15:07:59.0817 0x19d4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:07:59.0832 0x19d4  WcsPlugInService - ok
15:07:59.0841 0x19d4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:07:59.0852 0x19d4  Wd - ok
15:07:59.0873 0x19d4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:07:59.0904 0x19d4  Wdf01000 - ok
15:07:59.0904 0x19d4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:07:59.0967 0x19d4  WdiServiceHost - ok
15:07:59.0967 0x19d4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:07:59.0982 0x19d4  WdiSystemHost - ok
15:08:00.0013 0x19d4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
15:08:00.0029 0x19d4  WebClient - ok
15:08:00.0029 0x19d4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:08:00.0060 0x19d4  Wecsvc - ok
15:08:00.0076 0x19d4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:08:00.0107 0x19d4  wercplsupport - ok
15:08:00.0107 0x19d4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:08:00.0138 0x19d4  WerSvc - ok
15:08:00.0138 0x19d4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:08:00.0169 0x19d4  WfpLwf - ok
15:08:00.0185 0x19d4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:08:00.0201 0x19d4  WIMMount - ok
15:08:00.0201 0x19d4  WinDefend - ok
15:08:00.0201 0x19d4  WinHttpAutoProxySvc - ok
15:08:00.0232 0x19d4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:08:00.0263 0x19d4  Winmgmt - ok
15:08:00.0325 0x19d4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:08:00.0450 0x19d4  WinRM - ok
15:08:00.0528 0x19d4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:08:00.0622 0x19d4  Wlansvc - ok
15:08:00.0653 0x19d4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:08:00.0653 0x19d4  WmiAcpi - ok
15:08:00.0684 0x19d4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:08:00.0700 0x19d4  wmiApSrv - ok
15:08:00.0700 0x19d4  WMPNetworkSvc - ok
15:08:00.0700 0x19d4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:08:00.0715 0x19d4  WPCSvc - ok
15:08:00.0715 0x19d4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:08:00.0731 0x19d4  WPDBusEnum - ok
15:08:00.0762 0x19d4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:08:00.0793 0x19d4  ws2ifsl - ok
15:08:00.0793 0x19d4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:08:00.0809 0x19d4  wscsvc - ok
15:08:00.0809 0x19d4  WSearch - ok
15:08:00.0843 0x19d4  wStLibG64 - ok
15:08:00.0952 0x19d4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:08:01.0077 0x19d4  wuauserv - ok
15:08:01.0093 0x19d4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:08:01.0108 0x19d4  WudfPf - ok
15:08:01.0124 0x19d4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:08:01.0140 0x19d4  WUDFRd - ok
15:08:01.0140 0x19d4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:08:01.0155 0x19d4  wudfsvc - ok
15:08:01.0171 0x19d4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:08:01.0186 0x19d4  WwanSvc - ok
15:08:01.0202 0x19d4  [ 28B051B78471FC290C1790623D5908E1, 01B711DAC7290B5DBBA5AF49E69FC906BE0A1BF40EFB372A0DA1FB59F0BA9983 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
15:08:01.0202 0x19d4  ZAtheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
15:08:03.0553 0x19d4  Detect skipped due to KSN trusted
15:08:03.0553 0x19d4  ZAtheros Bt&Wlan Coex Agent - ok
15:08:03.0584 0x19d4  ================ Scan global ===============================
15:08:03.0584 0x19d4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:08:03.0600 0x19d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:08:03.0616 0x19d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:08:03.0631 0x19d4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:08:03.0740 0x19d4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:08:03.0772 0x19d4  [ Global ] - ok
15:08:03.0772 0x19d4  ================ Scan MBR ==================================
15:08:03.0772 0x19d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:08:04.0255 0x19d4  \Device\Harddisk0\DR0 - ok
15:08:04.0271 0x19d4  [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk1\DR1
15:08:04.0739 0x19d4  \Device\Harddisk1\DR1 - ok
15:08:04.0754 0x19d4  ================ Scan VBR ==================================
15:08:04.0754 0x19d4  [ B64A48BFD40272B21C9532B283E55DD8 ] \Device\Harddisk0\DR0\Partition1
15:08:04.0754 0x19d4  \Device\Harddisk0\DR0\Partition1 - ok
15:08:04.0770 0x19d4  [ CAEE7031913F97CB7B1140CF4FBC97FD ] \Device\Harddisk0\DR0\Partition2
15:08:04.0770 0x19d4  \Device\Harddisk0\DR0\Partition2 - ok
15:08:04.0770 0x19d4  [ B1F4D14CBCB1A9517810F24EF71B5002 ] \Device\Harddisk1\DR1\Partition1
15:08:04.0770 0x19d4  \Device\Harddisk1\DR1\Partition1 - ok
15:08:04.0786 0x19d4  [ 2555BEA6F5052ABB2ABAA738131B25B6 ] \Device\Harddisk1\DR1\Partition2
15:08:04.0786 0x19d4  \Device\Harddisk1\DR1\Partition2 - ok
15:08:04.0786 0x19d4  ================ Scan generic autorun ======================
15:08:04.0786 0x19d4  Nvtmru - ok
15:08:04.0786 0x19d4  fspuip - ok
15:08:05.0192 0x19d4  [ DC1C247923B6164206499B652CD548CE, 018BB514BBA2E1C8BB9357E5C1AC33AB191D87D6B57A20158A46C2E46D2346F9 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
15:08:05.0270 0x19d4  NvBackend - ok
15:08:05.0286 0x19d4  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
15:08:05.0286 0x19d4  ShadowPlay - ok
15:08:05.0317 0x19d4  [ D1C7E6BF5A62AAC8E95D6E2BCAB802DD, 6FC9356C0C8201B76EA3BFB1F76A250E34B18C510D3B9F4E839B66B2F854C98A ] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE
15:08:05.0333 0x19d4  RoccatKone+ - detected UnsignedFile.Multi.Generic ( 1 )
15:08:07.0679 0x19d4  Detect skipped due to KSN trusted
15:08:07.0679 0x19d4  RoccatKone+ - ok
15:08:07.0695 0x19d4  [ 5BD2176B85AADA5C5547D8FFC3BE8DFA, F7D8D7FD448D2B4DB87FB37438DFC633A50F0E1D214E3D83BC20E13C288CED63 ] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
15:08:07.0711 0x19d4  FLxHCIm64 - detected UnsignedFile.Multi.Generic ( 1 )
15:08:10.0041 0x19d4  Detect skipped due to KSN trusted
15:08:10.0041 0x19d4  FLxHCIm64 - ok
15:08:10.0182 0x19d4  [ 173DA92B812D9A9DD04C5D63C49C0684, 860B14D7EFEF9F0C19026DBED6935AE6CADFE726615CF1CDF8F02381BFF246DF ] C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
15:08:10.0228 0x19d4  THGuard - ok
15:08:10.0275 0x19d4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:08:10.0353 0x19d4  Sidebar - ok
15:08:10.0369 0x19d4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:08:10.0384 0x19d4  mctadmin - ok
15:08:10.0431 0x19d4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:08:10.0478 0x19d4  Sidebar - ok
15:08:10.0478 0x19d4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:08:10.0494 0x19d4  mctadmin - ok
15:08:10.0509 0x19d4  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
15:08:10.0540 0x19d4  RESTART_STICKY_NOTES - ok
15:08:10.0556 0x19d4  [ 9BD0D17CD44C2E6DEE9645C0EAB46606, B18470971D69646991511B998C801038061C8018A142239249E101DFE4535461 ] C:\ProgramData\Windows Update Service0\bjrwzmzis.exe
15:08:10.0556 0x19d4  Suspicious file ( NoAccess ): C:\ProgramData\Windows Update Service0\bjrwzmzis.exe. md5: 9BD0D17CD44C2E6DEE9645C0EAB46606, sha256: B18470971D69646991511B998C801038061C8018A142239249E101DFE4535461
15:08:10.0556 0x19d4  Windows Update Service - detected LockedFile.Multi.Generic ( 1 )
15:08:12.0944 0x19d4  Detect turned to UDS exact due to KSN untrusted
15:08:13.0022 0x19d4  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - infected
15:08:13.0022 0x19d4  Force sending object to P2P due to detect: C:\ProgramData\Windows Update Service0\bjrwzmzis.exe
15:08:15.0533 0x19d4  Object send P2P result: true
15:08:18.0107 0x19d4  [ B66041913F15C42BE9DCC8EC6E7EAF1E, 2D88626ACD2806635AAA1EECE2356F8FF0BBA67E7D9F621D51FC37E79F6E7B56 ] C:\Users\purzelchen\AppData\Roaming\UseServe.exe
15:08:18.0170 0x19d4  UsenetServices - detected UnsignedFile.Multi.Generic ( 1 )
15:08:20.0541 0x19d4  UsenetServices ( UnsignedFile.Multi.Generic ) - warning
15:08:23.0068 0x19d4  [ 9BD0D17CD44C2E6DEE9645C0EAB46606, B18470971D69646991511B998C801038061C8018A142239249E101DFE4535461 ] C:\ProgramData\Windows Update Service0\bjrwzmzis.exe
15:08:23.0068 0x19d4  Suspicious file ( NoAccess ): C:\ProgramData\Windows Update Service0\bjrwzmzis.exe. md5: 9BD0D17CD44C2E6DEE9645C0EAB46606, sha256: B18470971D69646991511B998C801038061C8018A142239249E101DFE4535461
15:08:23.0068 0x19d4  Windows Update Service - detected LockedFile.Multi.Generic ( 1 )
15:08:23.0068 0x19d4  Detect turned to UDS exact due to KSN untrusted
15:08:23.0068 0x19d4  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - infected
15:08:23.0068 0x19d4  Force sending object to P2P due to detect: C:\ProgramData\Windows Update Service0\bjrwzmzis.exe
15:08:25.0564 0x19d4  Object send P2P result: true
15:08:28.0107 0x19d4  Win FW state via NFP2: enabled
15:08:30.0509 0x19d4  ============================================================
15:08:30.0509 0x19d4  Scan finished
15:08:30.0509 0x19d4  ============================================================
15:08:30.0525 0x0cf0  Detected object count: 3
15:08:30.0525 0x0cf0  Actual detected object count: 3
15:08:41.0042 0x0cf0  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:08:41.0042 0x0cf0  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
15:08:41.0042 0x0cf0  UsenetServices ( UnsignedFile.Multi.Generic ) - skipped by user
15:08:41.0042 0x0cf0  UsenetServices ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:08:41.0058 0x0cf0  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:08:41.0058 0x0cf0  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
__________________
Alt 11.11.2014, 07:45   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.11.2014, 17:22   #5
Deadfly
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Sooo.... also combofix hat nicht gemeckert, TDSSKILLER hat 2 logs erstellt, ich poste mal beide. (2 Posts sind notwendig da die Logs zu lang sind)

TDSSKILLER

Log1
Code:
ATTFilter
16:52:25.0676 0x090c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
16:52:28.0905 0x090c  ============================================================
16:52:28.0905 0x090c  Current date / time: 2014/11/11 16:52:28.0905
16:52:28.0905 0x090c  SystemInfo:
16:52:28.0905 0x090c  
16:52:28.0905 0x090c  OS Version: 6.1.7601 ServicePack: 1.0
16:52:28.0905 0x090c  Product type: Workstation
16:52:28.0905 0x090c  ComputerName: PURZELCHEN-PC
16:52:28.0905 0x090c  UserName: purzelchen
16:52:28.0905 0x090c  Windows directory: C:\Windows
16:52:28.0905 0x090c  System windows directory: C:\Windows
16:52:28.0905 0x090c  Running under WOW64
16:52:28.0905 0x090c  Processor architecture: Intel x64
16:52:28.0905 0x090c  Number of processors: 8
16:52:28.0905 0x090c  Page size: 0x1000
16:52:28.0905 0x090c  Boot type: Normal boot
16:52:28.0905 0x090c  ============================================================
16:52:33.0070 0x090c  KLMD registered as C:\Windows\system32\drivers\19477688.sys
16:52:33.0195 0x090c  System UUID: {32F68BDE-A527-F4FA-4C82-BE23F802989F}
16:52:33.0445 0x090c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:52:33.0445 0x090c  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:52:33.0445 0x090c  ============================================================
16:52:33.0445 0x090c  \Device\Harddisk0\DR0:
16:52:33.0445 0x090c  MBR partitions:
16:52:33.0445 0x090c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
16:52:33.0445 0x090c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
16:52:33.0445 0x090c  \Device\Harddisk1\DR1:
16:52:33.0445 0x090c  MBR partitions:
16:52:33.0445 0x090c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1BE000
16:52:33.0445 0x090c  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1D1BE800, BlocksNum 0x1D1C7830
16:52:33.0445 0x090c  ============================================================
16:52:33.0476 0x090c  C: <-> \Device\Harddisk0\DR0\Partition1
16:52:33.0476 0x090c  D: <-> \Device\Harddisk0\DR0\Partition2
16:52:33.0476 0x090c  E: <-> \Device\Harddisk1\DR1\Partition1
16:52:33.0476 0x090c  F: <-> \Device\Harddisk1\DR1\Partition2
16:52:33.0476 0x090c  ============================================================
16:52:33.0476 0x090c  Initialize success
16:52:33.0476 0x090c  ============================================================
16:52:42.0852 0x1358  ============================================================
16:52:42.0852 0x1358  Scan started
16:52:42.0852 0x1358  Mode: Manual; SigCheck; TDLFS; 
16:52:42.0852 0x1358  ============================================================
16:52:42.0852 0x1358  KSN ping started
16:52:45.0207 0x1358  KSN ping finished: true
16:52:45.0816 0x1358  ================ Scan system memory ========================
16:52:45.0816 0x1358  System memory - ok
16:52:45.0816 0x1358  ================ Scan services =============================
16:52:45.0925 0x1358  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:52:45.0972 0x1358  1394ohci - ok
16:52:45.0987 0x1358  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:52:46.0003 0x1358  ACPI - ok
16:52:46.0003 0x1358  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:52:46.0034 0x1358  AcpiPmi - ok
16:52:46.0112 0x1358  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:52:46.0128 0x1358  AdobeFlashPlayerUpdateSvc - ok
16:52:46.0143 0x1358  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:52:46.0174 0x1358  adp94xx - ok
16:52:46.0190 0x1358  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:52:46.0206 0x1358  adpahci - ok
16:52:46.0221 0x1358  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:52:46.0221 0x1358  adpu320 - ok
16:52:46.0237 0x1358  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:52:46.0299 0x1358  AeLookupSvc - ok
16:52:46.0330 0x1358  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
16:52:46.0362 0x1358  AFD - ok
16:52:46.0362 0x1358  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:52:46.0377 0x1358  agp440 - ok
16:52:46.0377 0x1358  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:52:46.0393 0x1358  ALG - ok
16:52:46.0408 0x1358  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:52:46.0408 0x1358  aliide - ok
16:52:46.0627 0x1358  ALSysIO - ok
16:52:46.0705 0x1358  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:52:46.0720 0x1358  amdide - ok
16:52:46.0720 0x1358  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:52:46.0736 0x1358  AmdK8 - ok
16:52:46.0752 0x1358  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:52:46.0752 0x1358  AmdPPM - ok
16:52:46.0767 0x1358  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:52:46.0767 0x1358  amdsata - ok
16:52:46.0783 0x1358  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:52:46.0798 0x1358  amdsbs - ok
16:52:46.0798 0x1358  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:52:46.0798 0x1358  amdxata - ok
16:52:46.0814 0x1358  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
16:52:46.0939 0x1358  AppID - ok
16:52:46.0939 0x1358  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:52:46.0970 0x1358  AppIDSvc - ok
16:52:46.0970 0x1358  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
16:52:46.0986 0x1358  Appinfo - ok
16:52:46.0986 0x1358  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:52:47.0001 0x1358  arc - ok
16:52:47.0001 0x1358  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:52:47.0017 0x1358  arcsas - ok
16:52:47.0048 0x1358  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:52:47.0048 0x1358  aspnet_state - ok
16:52:47.0064 0x1358  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:52:47.0079 0x1358  AsyncMac - ok
16:52:47.0095 0x1358  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:52:47.0095 0x1358  atapi - ok
16:52:47.0095 0x1358  [ 185F180536188C1A4ED605234721A5B9, FF06E13656E3442D66F8092CA2CF5AC474EFF7DC9C530E8DD87843E8322EF5C5 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
16:52:47.0110 0x1358  AthBTPort - ok
16:52:47.0126 0x1358  [ 397748353925A6602A6097FA92AF23BF, 6962E497E449C27A07FFE7A167CC89604E1E0E16203FF30D44E7C3F99727A90F ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
16:52:47.0142 0x1358  AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
16:52:57.0204 0x1358  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
16:53:00.0901 0x1358  [ B4174564AD5834A1680610572477878C, EA8687C90FE871AA427B4139BEE425E6DC4CFBC4CF3DCE29695EB9B967D9872F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:53:01.0010 0x1358  athr - ok
16:53:01.0057 0x1358  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:53:01.0119 0x1358  AudioEndpointBuilder - ok
16:53:01.0135 0x1358  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:53:01.0182 0x1358  AudioSrv - ok
16:53:01.0197 0x1358  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:53:01.0244 0x1358  AxInstSV - ok
16:53:01.0260 0x1358  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:53:01.0291 0x1358  b06bdrv - ok
16:53:01.0306 0x1358  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:53:01.0322 0x1358  b57nd60a - ok
16:53:01.0322 0x1358  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:53:01.0338 0x1358  BDESVC - ok
16:53:01.0353 0x1358  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:53:01.0369 0x1358  Beep - ok
16:53:01.0416 0x1358  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
16:53:01.0462 0x1358  BFE - ok
16:53:01.0494 0x1358  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:53:01.0540 0x1358  BITS - ok
16:53:01.0540 0x1358  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:53:01.0556 0x1358  blbdrive - ok
16:53:01.0556 0x1358  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:53:01.0572 0x1358  bowser - ok
16:53:01.0572 0x1358  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:53:01.0618 0x1358  BrFiltLo - ok
16:53:01.0618 0x1358  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:53:01.0618 0x1358  BrFiltUp - ok
16:53:01.0634 0x1358  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:53:01.0650 0x1358  Browser - ok
16:53:01.0665 0x1358  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:53:01.0696 0x1358  Brserid - ok
16:53:01.0696 0x1358  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:53:01.0712 0x1358  BrSerWdm - ok
16:53:01.0712 0x1358  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:53:01.0728 0x1358  BrUsbMdm - ok
16:53:01.0728 0x1358  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:53:01.0728 0x1358  BrUsbSer - ok
16:53:01.0759 0x1358  [ C150BAE6E9E4C99ABE3F5BC0777DD0A6, BDB7927539FF12255A9443437AD0ACC5A752088E06DA81C7A50222F75F6104A5 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
16:53:01.0790 0x1358  BstHdAndroidSvc - ok
16:53:01.0790 0x1358  [ E09B1C208FAC7D70735DBF2002B1A76D, 255EAC48F994698A4AB0566B9F7463E06A464A8F67D21DA3522B756712A9E952 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
16:53:01.0806 0x1358  BstHdDrv - ok
16:53:01.0821 0x1358  [ CE55E8B3FF604A173E8678FBAA78F818, 17CBA9591CB8022D3313F66BCD462BC59B9E9AEBA247054D6919E476C95EA417 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
16:53:01.0837 0x1358  BstHdLogRotatorSvc - ok
16:53:01.0868 0x1358  [ B5D8C2E82F33E2385FA9F309B6356715, 59726D203B808C43B2DF29BEC677B675798219B801877373358BA327E9C4DE18 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
16:53:01.0884 0x1358  BTATH_A2DP - ok
16:53:01.0884 0x1358  [ 3118072D09DAA1961A9F6549A4E8433A, 19159A2D424362BAF84D98AA95E0F3F517FE46726B4A1E19DFE0B62D17DE6227 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
16:53:01.0899 0x1358  btath_avdt - ok
16:53:01.0899 0x1358  [ E6B734A37ADE36FE1A77035F4E484C8C, 7F3AB1E0CF9F348633B3B325F5F365CCD4C7FF7E4564BDE02C2DA27A499D0234 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
16:53:01.0915 0x1358  BTATH_BUS - ok
16:53:01.0915 0x1358  [ FB3833E63FF602B69C2FF085846DCF43, 468BC9580341AD4C65F0BBB3A11F3E39C1DD0F9694D098AB3647A181C03E4E11 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:53:01.0946 0x1358  BTATH_HCRP - ok
16:53:01.0946 0x1358  [ 8008D892A2BDA67EEFBE25E14EB5DC83, 765FBBF0E58D0FA61A11AA888AB168314622572BB0F73E44FC4F88ACAF1ECB32 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:53:01.0962 0x1358  BTATH_LWFLT - ok
16:53:01.0977 0x1358  [ ABCD3C16CA850A7594CEB9AD5D966810, DB0EAF000BB6F12F2AA550B66F5C61E08F2C6E58A18DA40BE69DD2B662D1EC60 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
16:53:02.0008 0x1358  BTATH_RCP - ok
16:53:02.0024 0x1358  [ 0C3825703B5E4ADB5FB75A651E4682B7, 6DFFB545EB2F01B5EC41FA6D5F01E65406BA25CAA862F9C3D2283CE5E32085A2 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
16:53:02.0055 0x1358  BtFilter - ok
16:53:02.0071 0x1358  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
16:53:02.0086 0x1358  BthEnum - ok
16:53:02.0086 0x1358  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:53:02.0102 0x1358  BTHMODEM - ok
16:53:02.0118 0x1358  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:53:02.0133 0x1358  BthPan - ok
16:53:02.0149 0x1358  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:53:02.0180 0x1358  BTHPORT - ok
16:53:02.0180 0x1358  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:53:02.0211 0x1358  bthserv - ok
16:53:02.0227 0x1358  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:53:02.0227 0x1358  BTHUSB - ok
16:53:02.0242 0x1358  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:53:02.0274 0x1358  cdfs - ok
16:53:02.0274 0x1358  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:53:02.0289 0x1358  cdrom - ok
16:53:02.0305 0x1358  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:53:02.0320 0x1358  CertPropSvc - ok
16:53:02.0336 0x1358  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:53:02.0352 0x1358  circlass - ok
16:53:02.0367 0x1358  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
16:53:02.0383 0x1358  CLFS - ok
16:53:02.0398 0x1358  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:02.0414 0x1358  clr_optimization_v2.0.50727_32 - ok
16:53:02.0445 0x1358  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:53:02.0445 0x1358  clr_optimization_v2.0.50727_64 - ok
16:53:02.0476 0x1358  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:02.0476 0x1358  clr_optimization_v4.0.30319_32 - ok
16:53:02.0492 0x1358  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:53:02.0508 0x1358  clr_optimization_v4.0.30319_64 - ok
16:53:02.0508 0x1358  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:02.0523 0x1358  CmBatt - ok
16:53:02.0523 0x1358  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:53:02.0539 0x1358  cmdide - ok
16:53:02.0554 0x1358  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:53:02.0586 0x1358  CNG - ok
16:53:02.0586 0x1358  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:53:02.0586 0x1358  Compbatt - ok
16:53:02.0601 0x1358  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:53:02.0601 0x1358  CompositeBus - ok
16:53:02.0617 0x1358  COMSysApp - ok
16:53:02.0617 0x1358  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:53:02.0617 0x1358  crcdisk - ok
16:53:02.0632 0x1358  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:53:02.0648 0x1358  CryptSvc - ok
16:53:02.0679 0x1358  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:53:02.0710 0x1358  DcomLaunch - ok
16:53:02.0757 0x1358  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:53:02.0788 0x1358  defragsvc - ok
16:53:02.0820 0x1358  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:53:02.0835 0x1358  DfsC - ok
16:53:02.0882 0x1358  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:53:02.0898 0x1358  Dhcp - ok
16:53:02.0898 0x1358  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:53:02.0929 0x1358  discache - ok
16:53:02.0944 0x1358  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:53:02.0944 0x1358  Disk - ok
16:53:02.0960 0x1358  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:53:02.0976 0x1358  Dnscache - ok
16:53:02.0976 0x1358  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:53:03.0022 0x1358  dot3svc - ok
16:53:03.0038 0x1358  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:53:03.0069 0x1358  DPS - ok
16:53:03.0069 0x1358  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:53:03.0069 0x1358  drmkaud - ok
16:53:03.0100 0x1358  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:53:03.0116 0x1358  dtsoftbus01 - ok
16:53:03.0147 0x1358  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:53:03.0178 0x1358  DXGKrnl - ok
16:53:03.0194 0x1358  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:53:03.0225 0x1358  EapHost - ok
16:53:03.0568 0x1358  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:53:03.0693 0x1358  ebdrv - ok
16:53:03.0693 0x1358  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
16:53:03.0709 0x1358  EFS - ok
16:53:03.0740 0x1358  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:53:03.0802 0x1358  ehRecvr - ok
16:53:03.0802 0x1358  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:53:03.0818 0x1358  ehSched - ok
16:53:03.0834 0x1358  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:53:03.0865 0x1358  elxstor - ok
16:53:03.0865 0x1358  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:53:03.0880 0x1358  ErrDev - ok
16:53:03.0896 0x1358  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:53:03.0927 0x1358  EventSystem - ok
16:53:03.0943 0x1358  [ 251AF86E0A4DDF3A6B181ED5103B06B1, 1823E7C87F0D8972A89D71B1FB633C5D43744F9803E6A8B866F6EA610032437C ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
16:53:03.0958 0x1358  ewusbnet - ok
16:53:03.0974 0x1358  [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:53:03.0974 0x1358  ew_hwusbdev - detected UnsignedFile.Multi.Generic ( 1 )
16:53:06.0330 0x1358  Detect skipped due to KSN trusted
16:53:06.0330 0x1358  ew_hwusbdev - ok
16:53:06.0423 0x1358  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:53:06.0470 0x1358  exfat - ok
16:53:06.0470 0x1358  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:53:06.0501 0x1358  fastfat - ok
16:53:06.0532 0x1358  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:53:06.0579 0x1358  Fax - ok
16:53:06.0595 0x1358  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:53:06.0595 0x1358  fdc - ok
16:53:06.0595 0x1358  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:53:06.0626 0x1358  fdPHost - ok
16:53:06.0626 0x1358  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:53:06.0657 0x1358  FDResPub - ok
16:53:06.0673 0x1358  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:53:06.0673 0x1358  FileInfo - ok
16:53:06.0673 0x1358  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:53:06.0704 0x1358  Filetrace - ok
16:53:06.0751 0x1358  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:53:06.0782 0x1358  FLEXnet Licensing Service - ok
16:53:06.0782 0x1358  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:06.0798 0x1358  flpydisk - ok
16:53:06.0813 0x1358  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:53:06.0829 0x1358  FltMgr - ok
16:53:06.0844 0x1358  [ 8768D7AF8CA1AEB2380BD62170C03F70, 12FB68B19B7557628B13A61735366D1173890607899A86E5943FFD706ED329F3 ] FLxHCIc         C:\Windows\system32\DRIVERS\FLxHCIc.sys
16:53:06.0860 0x1358  FLxHCIc - ok
16:53:06.0860 0x1358  [ DCEE5572BCC930D5B8A9E23391236233, F244A81AB96AD085BA0274CAE5D2FD7FB40949D26C2955BF3E08457328F5740B ] FLxHCIh         C:\Windows\system32\DRIVERS\FLxHCIh.sys
16:53:06.0860 0x1358  FLxHCIh - ok
16:53:06.0922 0x1358  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
16:53:06.0985 0x1358  FontCache - ok
16:53:06.0985 0x1358  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:53:07.0000 0x1358  FontCache3.0.0.0 - ok
16:53:07.0000 0x1358  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:53:07.0000 0x1358  FsDepends - ok
16:53:07.0016 0x1358  [ 3DFA8D4E50D608F8F732014614C84DD2, 4927B200F1A4FF04C14347A744C878EB11A78AB356B814C196EB6DDF30DDD934 ] fspad_win764    C:\Windows\system32\DRIVERS\fspad_win764.sys
16:53:07.0016 0x1358  fspad_win764 - ok
16:53:07.0032 0x1358  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:53:07.0032 0x1358  Fs_Rec - ok
16:53:07.0047 0x1358  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:53:07.0063 0x1358  fvevol - ok
16:53:07.0063 0x1358  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:53:07.0078 0x1358  gagp30kx - ok
16:53:07.0125 0x1358  [ B0463138D3F872E3D2EC0C4C471AC067, CB0342294BD49732572C81A721DFFA531A031D65A640BF46A5C5AD0B1ACF6AED ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
16:53:07.0172 0x1358  GfExperienceService - ok
16:53:07.0219 0x1358  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:53:07.0281 0x1358  gpsvc - ok
16:53:07.0297 0x1358  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:53:07.0312 0x1358  gupdate - ok
16:53:07.0312 0x1358  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:53:07.0328 0x1358  gupdatem - ok
16:53:07.0328 0x1358  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:53:07.0344 0x1358  hcw85cir - ok
16:53:07.0359 0x1358  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:53:07.0390 0x1358  HdAudAddService - ok
16:53:07.0390 0x1358  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:53:07.0406 0x1358  HDAudBus - ok
16:53:07.0406 0x1358  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:53:07.0422 0x1358  HidBatt - ok
16:53:07.0437 0x1358  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:53:07.0437 0x1358  HidBth - ok
16:53:07.0453 0x1358  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:53:07.0468 0x1358  HidIr - ok
16:53:07.0468 0x1358  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:53:07.0500 0x1358  hidserv - ok
16:53:07.0500 0x1358  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:53:07.0500 0x1358  HidUsb - ok
16:53:07.0515 0x1358  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:53:07.0562 0x1358  hkmsvc - ok
16:53:07.0593 0x1358  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:53:07.0609 0x1358  HomeGroupListener - ok
16:53:07.0624 0x1358  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:53:07.0640 0x1358  HomeGroupProvider - ok
16:53:07.0640 0x1358  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:53:07.0656 0x1358  HpSAMD - ok
16:53:07.0702 0x1358  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:53:07.0749 0x1358  HTTP - ok
16:53:07.0749 0x1358  [ 6E05228393CD614B983568EC40C262C3, CEB1CFDD346534F01A52D2E7004B0220692FC67CAD874FE04740ECDA2F92767D ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:53:07.0765 0x1358  hwdatacard - detected UnsignedFile.Multi.Generic ( 1 )
16:53:10.0105 0x1358  Detect skipped due to KSN trusted
16:53:10.0152 0x1358  hwdatacard - ok
16:53:10.0152 0x1358  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:53:10.0152 0x1358  hwpolicy - ok
16:53:10.0167 0x1358  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:53:10.0183 0x1358  i8042prt - ok
16:53:10.0198 0x1358  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:53:10.0214 0x1358  iaStorV - ok
16:53:10.0245 0x1358  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:53:10.0276 0x1358  idsvc - ok
16:53:10.0276 0x1358  IEEtwCollectorService - ok
16:53:10.0292 0x1358  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:53:10.0292 0x1358  iirsp - ok
16:53:10.0339 0x1358  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
16:53:10.0370 0x1358  IKEEXT - ok
16:53:10.0370 0x1358  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:53:10.0386 0x1358  intelide - ok
16:53:10.0386 0x1358  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:53:10.0401 0x1358  intelppm - ok
16:53:10.0401 0x1358  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:53:10.0432 0x1358  IPBusEnum - ok
16:53:10.0432 0x1358  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:10.0464 0x1358  IpFilterDriver - ok
16:53:10.0495 0x1358  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:53:10.0526 0x1358  iphlpsvc - ok
16:53:10.0542 0x1358  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:53:10.0542 0x1358  IPMIDRV - ok
16:53:10.0557 0x1358  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:53:10.0588 0x1358  IPNAT - ok
16:53:10.0588 0x1358  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:53:10.0620 0x1358  IRENUM - ok
16:53:10.0620 0x1358  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:53:10.0635 0x1358  isapnp - ok
16:53:10.0651 0x1358  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:53:10.0666 0x1358  iScsiPrt - ok
16:53:10.0666 0x1358  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:53:10.0682 0x1358  kbdclass - ok
16:53:10.0682 0x1358  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:53:10.0682 0x1358  kbdhid - ok
16:53:10.0698 0x1358  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
16:53:10.0698 0x1358  KeyIso - ok
16:53:10.0698 0x1358  [ B6D6F12C214DE823FA22709F7BD0EB0B, 312BCBAEF6D35EAC2514E8D89DE65EA9E524CA1506A3F7410337DF2FDFB052FF ] KoneFltr        C:\Windows\system32\drivers\Kone.sys
16:53:10.0713 0x1358  KoneFltr - ok
16:53:10.0713 0x1358  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:53:10.0729 0x1358  KSecDD - ok
16:53:10.0729 0x1358  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:53:10.0744 0x1358  KSecPkg - ok
16:53:10.0744 0x1358  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:53:10.0776 0x1358  ksthunk - ok
16:53:10.0807 0x1358  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:53:10.0854 0x1358  KtmRm - ok
16:53:10.0869 0x1358  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:53:10.0900 0x1358  LanmanServer - ok
16:53:10.0978 0x1358  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:53:11.0010 0x1358  LanmanWorkstation - ok
16:53:11.0010 0x1358  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:53:11.0041 0x1358  lltdio - ok
16:53:11.0072 0x1358  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:53:11.0119 0x1358  lltdsvc - ok
16:53:11.0119 0x1358  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:53:11.0150 0x1358  lmhosts - ok
16:53:11.0181 0x1358  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:53:11.0181 0x1358  LSI_FC - ok
16:53:11.0197 0x1358  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:53:11.0212 0x1358  LSI_SAS - ok
16:53:11.0212 0x1358  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:53:11.0228 0x1358  LSI_SAS2 - ok
16:53:11.0228 0x1358  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:53:11.0244 0x1358  LSI_SCSI - ok
16:53:11.0244 0x1358  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:53:11.0275 0x1358  luafv - ok
16:53:11.0322 0x1358  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
16:53:11.0337 0x1358  McComponentHostService - ok
16:53:11.0337 0x1358  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:53:11.0353 0x1358  Mcx2Svc - ok
16:53:11.0353 0x1358  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:53:11.0368 0x1358  megasas - ok
16:53:11.0384 0x1358  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:53:11.0400 0x1358  MegaSR - ok
16:53:11.0415 0x1358  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
16:53:11.0415 0x1358  MEIx64 - ok
16:53:11.0415 0x1358  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
16:53:11.0446 0x1358  MMCSS - ok
16:53:11.0462 0x1358  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
16:53:11.0478 0x1358  Modem - ok
16:53:11.0493 0x1358  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:53:11.0493 0x1358  monitor - ok
16:53:11.0509 0x1358  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:53:11.0509 0x1358  mouclass - ok
16:53:11.0524 0x1358  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:53:11.0524 0x1358  mouhid - ok
16:53:11.0540 0x1358  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:53:11.0540 0x1358  mountmgr - ok
16:53:11.0556 0x1358  [ 28048289E32294004A86935CC40A3252, D397C3BAD6BCDA33FA0982E10677598E8BDF69A0933D19A36873CB45BA4FB819 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:53:11.0556 0x1358  MozillaMaintenance - ok
16:53:11.0571 0x1358  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:53:11.0587 0x1358  mpio - ok
16:53:11.0587 0x1358  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:53:11.0618 0x1358  mpsdrv - ok
16:53:11.0665 0x1358  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:53:11.0727 0x1358  MpsSvc - ok
16:53:11.0727 0x1358  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:53:11.0743 0x1358  MRxDAV - ok
16:53:11.0758 0x1358  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:11.0774 0x1358  mrxsmb - ok
16:53:11.0790 0x1358  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:11.0805 0x1358  mrxsmb10 - ok
16:53:11.0805 0x1358  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:11.0821 0x1358  mrxsmb20 - ok
16:53:11.0821 0x1358  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:53:11.0836 0x1358  msahci - ok
16:53:11.0836 0x1358  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:53:11.0852 0x1358  msdsm - ok
16:53:11.0868 0x1358  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
16:53:11.0883 0x1358  MSDTC - ok
16:53:11.0883 0x1358  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:53:11.0914 0x1358  Msfs - ok
16:53:11.0914 0x1358  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:53:11.0946 0x1358  mshidkmdf - ok
16:53:11.0946 0x1358  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:53:11.0961 0x1358  msisadrv - ok
16:53:11.0977 0x1358  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:53:12.0024 0x1358  MSiSCSI - ok
16:53:12.0024 0x1358  msiserver - ok
16:53:12.0086 0x1358  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:53:12.0117 0x1358  MSKSSRV - ok
16:53:12.0117 0x1358  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:12.0148 0x1358  MSPCLOCK - ok
16:53:12.0148 0x1358  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:53:12.0180 0x1358  MSPQM - ok
16:53:12.0195 0x1358  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:53:12.0211 0x1358  MsRPC - ok
16:53:12.0226 0x1358  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:53:12.0226 0x1358  mssmbios - ok
16:53:12.0226 0x1358  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:53:12.0258 0x1358  MSTEE - ok
16:53:12.0258 0x1358  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:53:12.0273 0x1358  MTConfig - ok
16:53:12.0273 0x1358  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:53:12.0289 0x1358  Mup - ok
16:53:12.0304 0x1358  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:53:12.0351 0x1358  napagent - ok
16:53:12.0382 0x1358  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:53:12.0398 0x1358  NativeWifiP - ok
16:53:12.0429 0x1358  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:53:12.0492 0x1358  NDIS - ok
16:53:12.0507 0x1358  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:53:12.0523 0x1358  NdisCap - ok
16:53:12.0538 0x1358  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:12.0554 0x1358  NdisTapi - ok
16:53:12.0570 0x1358  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:12.0601 0x1358  Ndisuio - ok
16:53:12.0601 0x1358  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:12.0632 0x1358  NdisWan - ok
16:53:12.0648 0x1358  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:53:12.0679 0x1358  NDProxy - ok
16:53:12.0679 0x1358  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:53:12.0710 0x1358  NetBIOS - ok
16:53:12.0726 0x1358  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:53:12.0757 0x1358  NetBT - ok
16:53:12.0788 0x1358  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
16:53:12.0788 0x1358  Netlogon - ok
16:53:12.0804 0x1358  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:53:12.0850 0x1358  Netman - ok
16:53:12.0850 0x1358  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:12.0866 0x1358  NetMsmqActivator - ok
16:53:12.0882 0x1358  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:12.0882 0x1358  NetPipeActivator - ok
16:53:12.0897 0x1358  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:53:12.0944 0x1358  netprofm - ok
16:53:12.0944 0x1358  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:12.0960 0x1358  NetTcpActivator - ok
16:53:12.0960 0x1358  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:12.0975 0x1358  NetTcpPortSharing - ok
16:53:12.0975 0x1358  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:53:12.0991 0x1358  nfrd960 - ok
16:53:13.0006 0x1358  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:53:13.0022 0x1358  NlaSvc - ok
16:53:13.0022 0x1358  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:53:13.0053 0x1358  Npfs - ok
16:53:13.0053 0x1358  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
16:53:13.0084 0x1358  nsi - ok
16:53:13.0116 0x1358  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:53:13.0147 0x1358  nsiproxy - ok
16:53:13.0225 0x1358  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:53:13.0287 0x1358  Ntfs - ok
16:53:13.0287 0x1358  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:53:13.0318 0x1358  Null - ok
16:53:13.0334 0x1358  [ C87B11EB78428853F9E8495C47E53C10, FAE479DB0812967B3FF968773BA998591B4F50BE4329B8349BCA7E6EAB1B0474 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:53:13.0350 0x1358  NVHDA - ok
16:53:13.0708 0x1358  [ 810530F309BDD7F055BE0301E27041FB, 993ECC80D175795FC5C8A8CD4A6B5970E027227E4917631DE794224268CE73D6 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:53:13.0989 0x1358  nvlddmkm - ok
16:53:14.0083 0x1358  [ E55893C3A3E328810583555652EEB4DC, 52AA52B6AC99B8D77A60706B27C4F4F514EDB2F0CFF8608266F4B3C76D1158E9 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
16:53:14.0145 0x1358  NvNetworkService - ok
16:53:14.0161 0x1358  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:53:14.0161 0x1358  nvraid - ok
16:53:14.0176 0x1358  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:53:14.0192 0x1358  nvstor - ok
16:53:14.0192 0x1358  [ E8804B858EB4A18C0B386C58DBEBB7C8, 5A47435AB323D2E7BE487DFC4D0197999C2C4E618C42D9910210E134345FF4A4 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:53:14.0208 0x1358  NvStreamKms - ok
16:53:14.0738 0x1358  [ 8A6985CB27B206910F3903E14B8742D1, FC55D8BD60FBA6ABF6DB111C1E90DA64D0E2460F71F35F752987E75D9AF05D69 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
16:53:15.0658 0x1358  NvStreamSvc - ok
16:53:15.0721 0x1358  [ 3532AE8B1FB357B873CDE72A96A417C8, 9212F709CE72DC91D961928361C35DD5BADA5F6342EE526E55E5EF1614EBDA71 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:53:15.0768 0x1358  nvsvc - ok
16:53:15.0768 0x1358  [ 1AF619620613869C07F9C147BC37520F, 0AD4E100354E201D5E72BA236C1464F5083A7E3B58C4AC6BA712489D258955F5 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:53:15.0783 0x1358  nvvad_WaveExtensible - ok
16:53:15.0783 0x1358  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:53:15.0799 0x1358  nv_agp - ok
16:53:15.0799 0x1358  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:53:15.0814 0x1358  ohci1394 - ok
16:53:15.0830 0x1358  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:53:15.0861 0x1358  p2pimsvc - ok
16:53:15.0892 0x1358  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
16:53:15.0924 0x1358  p2psvc - ok
16:53:15.0924 0x1358  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:53:15.0939 0x1358  Parport - ok
16:53:15.0939 0x1358  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:53:15.0955 0x1358  partmgr - ok
16:53:15.0970 0x1358  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:53:15.0986 0x1358  PcaSvc - ok
16:53:16.0002 0x1358  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
16:53:16.0002 0x1358  pci - ok
16:53:16.0017 0x1358  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:53:16.0017 0x1358  pciide - ok
16:53:16.0033 0x1358  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:53:16.0048 0x1358  pcmcia - ok
16:53:16.0048 0x1358  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:53:16.0064 0x1358  pcw - ok
16:53:16.0095 0x1358  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:53:16.0142 0x1358  PEAUTH - ok
16:53:16.0251 0x1358  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:53:16.0267 0x1358  PerfHost - ok
16:53:16.0314 0x1358  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
16:53:16.0438 0x1358  pla - ok
16:53:16.0470 0x1358  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:53:16.0485 0x1358  PlugPlay - ok
16:53:16.0485 0x1358  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:53:16.0501 0x1358  PNRPAutoReg - ok
16:53:16.0516 0x1358  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:53:16.0532 0x1358  PNRPsvc - ok
16:53:16.0563 0x1358  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:53:16.0594 0x1358  PolicyAgent - ok
16:53:16.0610 0x1358  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
16:53:16.0641 0x1358  Power - ok
16:53:16.0657 0x1358  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:53:16.0672 0x1358  PptpMiniport - ok
16:53:16.0688 0x1358  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:53:16.0704 0x1358  Processor - ok
16:53:16.0704 0x1358  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:53:16.0719 0x1358  ProfSvc - ok
16:53:16.0735 0x1358  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:53:16.0735 0x1358  ProtectedStorage - ok
16:53:16.0750 0x1358  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:53:16.0782 0x1358  Psched - ok
16:53:16.0828 0x1358  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:53:16.0906 0x1358  ql2300 - ok
16:53:16.0953 0x1358  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:53:16.0984 0x1358  ql40xx - ok
16:53:17.0000 0x1358  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
16:53:17.0016 0x1358  QWAVE - ok
16:53:17.0031 0x1358  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:53:17.0047 0x1358  QWAVEdrv - ok
16:53:17.0062 0x1358  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:53:17.0078 0x1358  RasAcd - ok
16:53:17.0094 0x1358  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:53:17.0125 0x1358  RasAgileVpn - ok
16:53:17.0125 0x1358  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
16:53:17.0156 0x1358  RasAuto - ok
16:53:17.0172 0x1358  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:17.0187 0x1358  Rasl2tp - ok
16:53:17.0218 0x1358  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:53:17.0250 0x1358  RasMan - ok
16:53:17.0265 0x1358  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:17.0296 0x1358  RasPppoe - ok
16:53:17.0296 0x1358  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:53:17.0328 0x1358  RasSstp - ok
16:53:17.0343 0x1358  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:53:17.0390 0x1358  rdbss - ok
16:53:17.0390 0x1358  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:53:17.0406 0x1358  rdpbus - ok
16:53:17.0406 0x1358  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:17.0437 0x1358  RDPCDD - ok
16:53:17.0437 0x1358  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:53:17.0468 0x1358  RDPENCDD - ok
16:53:17.0468 0x1358  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:53:17.0499 0x1358  RDPREFMP - ok
16:53:17.0499 0x1358  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:53:17.0515 0x1358  RdpVideoMiniport - ok
16:53:17.0530 0x1358  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:53:17.0562 0x1358  RDPWD - ok
16:53:17.0562 0x1358  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:53:17.0577 0x1358  rdyboost - ok
16:53:17.0593 0x1358  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:53:17.0624 0x1358  RemoteAccess - ok
16:53:17.0624 0x1358  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:53:17.0655 0x1358  RemoteRegistry - ok
16:53:17.0671 0x1358  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:53:17.0686 0x1358  RFCOMM - ok
16:53:17.0702 0x1358  [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
16:53:17.0733 0x1358  RMCAST - ok
16:53:17.0733 0x1358  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:53:17.0764 0x1358  RpcEptMapper - ok
16:53:17.0764 0x1358  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:53:17.0780 0x1358  RpcLocator - ok
16:53:17.0811 0x1358  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
16:53:17.0842 0x1358  RpcSs - ok
16:53:17.0858 0x1358  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:53:17.0889 0x1358  rspndr - ok
16:53:17.0936 0x1358  [ E57FAC2CDB73F06586ED2ED310B80932, 9BFC866E8AF555810127D1B95D1950BAC645C2553A46620417F6BA19FF5706B7 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
16:53:17.0936 0x1358  RSUSBVSTOR - ok
16:53:17.0967 0x1358  [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:53:17.0983 0x1358  RTL8167 - ok
16:53:17.0983 0x1358  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
16:53:17.0998 0x1358  SamSs - ok
16:53:17.0998 0x1358  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:53:18.0014 0x1358  sbp2port - ok
16:53:18.0014 0x1358  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:53:18.0045 0x1358  SCardSvr - ok
16:53:18.0076 0x1358  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:53:18.0108 0x1358  scfilter - ok
16:53:18.0154 0x1358  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
16:53:18.0201 0x1358  Schedule - ok
16:53:18.0217 0x1358  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:53:18.0248 0x1358  SCPolicySvc - ok
16:53:18.0279 0x1358  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:53:18.0295 0x1358  SDRSVC - ok
16:53:18.0295 0x1358  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:53:18.0326 0x1358  secdrv - ok
16:53:18.0326 0x1358  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
16:53:18.0357 0x1358  seclogon - ok
16:53:18.0357 0x1358  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:53:18.0388 0x1358  SENS - ok
16:53:18.0388 0x1358  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:53:18.0404 0x1358  SensrSvc - ok
16:53:18.0404 0x1358  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:53:18.0420 0x1358  Serenum - ok
16:53:18.0420 0x1358  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:53:18.0435 0x1358  Serial - ok
16:53:18.0451 0x1358  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:53:18.0451 0x1358  sermouse - ok
16:53:18.0466 0x1358  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:53:18.0498 0x1358  SessionEnv - ok
16:53:18.0498 0x1358  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:53:18.0513 0x1358  sffdisk - ok
16:53:18.0513 0x1358  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:53:18.0529 0x1358  sffp_mmc - ok
16:53:18.0529 0x1358  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:53:18.0544 0x1358  sffp_sd - ok
16:53:18.0560 0x1358  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:53:18.0560 0x1358  sfloppy - ok
16:53:18.0607 0x1358  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:53:18.0638 0x1358  SharedAccess - ok
16:53:18.0654 0x1358  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:53:18.0700 0x1358  ShellHWDetection - ok
16:53:18.0700 0x1358  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:53:18.0716 0x1358  SiSRaid2 - ok
16:53:18.0732 0x1358  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:53:18.0747 0x1358  SiSRaid4 - ok
16:53:18.0747 0x1358  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:53:18.0778 0x1358  Smb - ok
16:53:18.0794 0x1358  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:53:18.0794 0x1358  SNMPTRAP - ok
16:53:18.0810 0x1358  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:53:18.0810 0x1358  spldr - ok
16:53:18.0841 0x1358  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
16:53:18.0872 0x1358  Spooler - ok
16:53:18.0981 0x1358  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:53:19.0137 0x1358  sppsvc - ok
16:53:19.0137 0x1358  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:53:19.0168 0x1358  sppuinotify - ok
16:53:19.0200 0x1358  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:53:19.0215 0x1358  srv - ok
16:53:19.0231 0x1358  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:53:19.0262 0x1358  srv2 - ok
16:53:19.0262 0x1358  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:53:19.0278 0x1358  srvnet - ok
16:53:19.0293 0x1358  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:53:19.0324 0x1358  SSDPSRV - ok
16:53:19.0340 0x1358  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:53:19.0356 0x1358  SstpSvc - ok
16:53:19.0387 0x1358  [ 3FD909ED46EC85442820ECB6DB9A897D, 6A4911B5BF576156B2E26A48010F5424149C86A732244D6C4ECB4A0894E1CE27 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:53:19.0402 0x1358  Stereo Service - ok
16:53:19.0418 0x1358  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:53:19.0418 0x1358  stexstor - ok
16:53:19.0449 0x1358  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:53:19.0480 0x1358  stisvc - ok
16:53:19.0480 0x1358  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:53:19.0496 0x1358  swenum - ok
16:53:19.0512 0x1358  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
16:53:19.0558 0x1358  swprv - ok
16:53:19.0636 0x1358  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
16:53:19.0730 0x1358  SysMain - ok
16:53:19.0777 0x1358  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:53:19.0792 0x1358  TabletInputService - ok
16:53:19.0824 0x1358  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:53:19.0855 0x1358  TapiSrv - ok
16:53:19.0855 0x1358  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
16:53:19.0886 0x1358  TBS - ok
16:53:19.0948 0x1358  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:53:20.0011 0x1358  Tcpip - ok
16:53:20.0073 0x1358  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:53:20.0120 0x1358  TCPIP6 - ok
16:53:20.0136 0x1358  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:53:20.0136 0x1358  tcpipreg - ok
16:53:20.0151 0x1358  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:53:20.0151 0x1358  TDPIPE - ok
16:53:20.0167 0x1358  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:53:20.0167 0x1358  TDTCP - ok
16:53:20.0182 0x1358  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:53:20.0214 0x1358  tdx - ok
16:53:20.0214 0x1358  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:53:20.0229 0x1358  TermDD - ok
16:53:20.0245 0x1358  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
16:53:20.0292 0x1358  TermService - ok
16:53:20.0292 0x1358  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:53:20.0307 0x1358  Themes - ok
16:53:20.0323 0x1358  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:53:20.0338 0x1358  THREADORDER - ok
16:53:20.0354 0x1358  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:53:20.0385 0x1358  TrkWks - ok
16:53:20.0401 0x1358  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:53:20.0432 0x1358  TrustedInstaller - ok
16:53:20.0432 0x1358  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:20.0448 0x1358  tssecsrv - ok
16:53:20.0448 0x1358  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:53:20.0463 0x1358  TsUsbFlt - ok
16:53:20.0479 0x1358  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:53:20.0510 0x1358  tunnel - ok
16:53:20.0510 0x1358  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:53:20.0526 0x1358  uagp35 - ok
16:53:20.0541 0x1358  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:53:20.0588 0x1358  udfs - ok
16:53:20.0588 0x1358  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:53:20.0604 0x1358  UI0Detect - ok
16:53:20.0619 0x1358  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:53:20.0635 0x1358  uliagpkx - ok
16:53:20.0635 0x1358  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:53:20.0650 0x1358  umbus - ok
16:53:20.0650 0x1358  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:53:20.0666 0x1358  UmPass - ok
16:53:20.0682 0x1358  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:53:20.0713 0x1358  upnphost - ok
16:53:20.0728 0x1358  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:53:20.0744 0x1358  usbaudio - ok
16:53:20.0744 0x1358  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:53:20.0760 0x1358  usbccgp - ok
16:53:20.0760 0x1358  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:53:20.0775 0x1358  usbcir - ok
16:53:20.0775 0x1358  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:53:20.0791 0x1358  usbehci - ok
16:53:20.0806 0x1358  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:53:20.0822 0x1358  usbhub - ok
16:53:20.0822 0x1358  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:53:20.0838 0x1358  usbohci - ok
16:53:20.0838 0x1358  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:53:20.0853 0x1358  usbprint - ok
16:53:20.0853 0x1358  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
16:53:20.0869 0x1358  usbscan - ok
16:53:20.0869 0x1358  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:53:20.0884 0x1358  USBSTOR - ok
16:53:20.0884 0x1358  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:53:20.0900 0x1358  usbuhci - ok
16:53:20.0900 0x1358  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:53:20.0916 0x1358  usbvideo - ok
16:53:20.0916 0x1358  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
16:53:20.0931 0x1358  usb_rndisx - ok
16:53:20.0931 0x1358  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
16:53:20.0962 0x1358  UxSms - ok
16:53:20.0978 0x1358  V-bates Updater - ok
16:53:20.0978 0x1358  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
16:53:20.0994 0x1358  VaultSvc - ok
16:53:20.0994 0x1358  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:53:21.0009 0x1358  vdrvroot - ok
16:53:21.0025 0x1358  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
16:53:21.0072 0x1358  vds - ok
16:53:21.0072 0x1358  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:21.0087 0x1358  vga - ok
16:53:21.0087 0x1358  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:53:21.0118 0x1358  VgaSave - ok
16:53:21.0134 0x1358  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:53:21.0150 0x1358  vhdmp - ok
16:53:21.0150 0x1358  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:53:21.0165 0x1358  viaide - ok
16:53:21.0165 0x1358  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:53:21.0181 0x1358  volmgr - ok
16:53:21.0196 0x1358  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:53:21.0212 0x1358  volmgrx - ok
16:53:21.0228 0x1358  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:53:21.0243 0x1358  volsnap - ok
16:53:21.0259 0x1358  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:53:21.0274 0x1358  vsmraid - ok
16:53:21.0337 0x1358  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
16:53:21.0415 0x1358  VSS - ok
16:53:21.0415 0x1358  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:53:21.0430 0x1358  vwifibus - ok
16:53:21.0430 0x1358  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:53:21.0446 0x1358  vwififlt - ok
16:53:21.0462 0x1358  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:53:21.0477 0x1358  vwifimp - ok
16:53:21.0493 0x1358  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
16:53:21.0540 0x1358  W32Time - ok
16:53:21.0540 0x1358  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:53:21.0555 0x1358  WacomPen - ok
16:53:21.0555 0x1358  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:53:21.0586 0x1358  WANARP - ok
16:53:21.0586 0x1358  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:53:21.0618 0x1358  Wanarpv6 - ok
16:53:21.0680 0x1358  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:53:21.0742 0x1358  wbengine - ok
16:53:21.0758 0x1358  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:53:21.0774 0x1358  WbioSrvc - ok
16:53:21.0820 0x1358  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:53:21.0852 0x1358  wcncsvc - ok
16:53:21.0852 0x1358  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:53:21.0867 0x1358  WcsPlugInService - ok
16:53:21.0883 0x1358  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:53:21.0883 0x1358  Wd - ok
16:53:21.0914 0x1358  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:53:21.0961 0x1358  Wdf01000 - ok
16:53:21.0961 0x1358  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:53:22.0008 0x1358  WdiServiceHost - ok
16:53:22.0023 0x1358  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:53:22.0039 0x1358  WdiSystemHost - ok
16:53:22.0054 0x1358  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
16:53:22.0070 0x1358  WebClient - ok
16:53:22.0086 0x1358  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:53:22.0132 0x1358  Wecsvc - ok
16:53:22.0132 0x1358  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:53:22.0164 0x1358  wercplsupport - ok
16:53:22.0179 0x1358  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:53:22.0210 0x1358  WerSvc - ok
16:53:22.0210 0x1358  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:53:22.0242 0x1358  WfpLwf - ok
16:53:22.0242 0x1358  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:53:22.0242 0x1358  WIMMount - ok
16:53:22.0257 0x1358  WinDefend - ok
16:53:22.0257 0x1358  WinHttpAutoProxySvc - ok
16:53:22.0304 0x1358  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:53:22.0335 0x1358  Winmgmt - ok
16:53:22.0413 0x1358  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:53:22.0585 0x1358  WinRM - ok
16:53:22.0694 0x1358  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:53:22.0741 0x1358  Wlansvc - ok
16:53:22.0741 0x1358  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:53:22.0756 0x1358  WmiAcpi - ok
16:53:22.0756 0x1358  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:53:22.0772 0x1358  wmiApSrv - ok
16:53:22.0772 0x1358  WMPNetworkSvc - ok
16:53:22.0788 0x1358  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:53:22.0788 0x1358  WPCSvc - ok
16:53:22.0803 0x1358  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:53:22.0819 0x1358  WPDBusEnum - ok
16:53:22.0819 0x1358  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:53:22.0850 0x1358  ws2ifsl - ok
16:53:22.0850 0x1358  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:53:22.0866 0x1358  wscsvc - ok
16:53:22.0866 0x1358  WSearch - ok
16:53:22.0881 0x1358  wStLibG64 - ok
16:53:22.0975 0x1358  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:53:23.0068 0x1358  wuauserv - ok
16:53:23.0068 0x1358  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:53:23.0084 0x1358  WudfPf - ok
16:53:23.0100 0x1358  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:53:23.0115 0x1358  WUDFRd - ok
16:53:23.0115 0x1358  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:53:23.0131 0x1358  wudfsvc - ok
16:53:23.0131 0x1358  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:53:23.0146 0x1358  WwanSvc - ok
16:53:23.0162 0x1358  [ 28B051B78471FC290C1790623D5908E1, 01B711DAC7290B5DBBA5AF49E69FC906BE0A1BF40EFB372A0DA1FB59F0BA9983 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
16:53:23.0178 0x1358  ZAtheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
16:53:25.0533 0x1358  Detect skipped due to KSN trusted
16:53:25.0533 0x1358  ZAtheros Bt&Wlan Coex Agent - ok
16:53:25.0533 0x1358  ================ Scan global ===============================
16:53:25.0549 0x1358  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:53:25.0549 0x1358  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:53:25.0564 0x1358  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:53:25.0580 0x1358  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:53:25.0642 0x1358  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:53:25.0658 0x1358  [ Global ] - ok
16:53:25.0658 0x1358  ================ Scan MBR ==================================
16:53:25.0658 0x1358  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:53:25.0923 0x1358  \Device\Harddisk0\DR0 - ok
16:53:25.0923 0x1358  [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk1\DR1
16:53:29.0761 0x1358  \Device\Harddisk1\DR1 - ok
16:53:29.0761 0x1358  ================ Scan VBR ==================================
16:53:29.0761 0x1358  [ B64A48BFD40272B21C9532B283E55DD8 ] \Device\Harddisk0\DR0\Partition1
16:53:29.0761 0x1358  \Device\Harddisk0\DR0\Partition1 - ok
16:53:29.0761 0x1358  [ CAEE7031913F97CB7B1140CF4FBC97FD ] \Device\Harddisk0\DR0\Partition2
16:53:29.0776 0x1358  \Device\Harddisk0\DR0\Partition2 - ok
16:53:29.0776 0x1358  [ B1F4D14CBCB1A9517810F24EF71B5002 ] \Device\Harddisk1\DR1\Partition1
16:53:29.0776 0x1358  \Device\Harddisk1\DR1\Partition1 - ok
16:53:29.0776 0x1358  [ 2555BEA6F5052ABB2ABAA738131B25B6 ] \Device\Harddisk1\DR1\Partition2
16:53:29.0776 0x1358  \Device\Harddisk1\DR1\Partition2 - ok
16:53:29.0776 0x1358  ================ Scan generic autorun ======================
16:53:29.0776 0x1358  Nvtmru - ok
16:53:29.0776 0x1358  fspuip - ok
16:53:29.0948 0x1358  [ DC1C247923B6164206499B652CD548CE, 018BB514BBA2E1C8BB9357E5C1AC33AB191D87D6B57A20158A46C2E46D2346F9 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
16:53:30.0026 0x1358  NvBackend - ok
16:53:30.0042 0x1358  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
16:53:30.0057 0x1358  ShadowPlay - ok
16:53:30.0088 0x1358  [ D1C7E6BF5A62AAC8E95D6E2BCAB802DD, 6FC9356C0C8201B76EA3BFB1F76A250E34B18C510D3B9F4E839B66B2F854C98A ] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE
16:53:30.0120 0x1358  RoccatKone+ - detected UnsignedFile.Multi.Generic ( 1 )
16:53:32.0460 0x1358  Detect skipped due to KSN trusted
16:53:32.0460 0x1358  RoccatKone+ - ok
16:53:32.0475 0x1358  [ 5BD2176B85AADA5C5547D8FFC3BE8DFA, F7D8D7FD448D2B4DB87FB37438DFC633A50F0E1D214E3D83BC20E13C288CED63 ] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
16:53:32.0475 0x1358  FLxHCIm64 - detected UnsignedFile.Multi.Generic ( 1 )
16:53:34.0831 0x1358  Detect skipped due to KSN trusted
16:53:34.0831 0x1358  FLxHCIm64 - ok
16:53:34.0956 0x1358  [ 173DA92B812D9A9DD04C5D63C49C0684, 860B14D7EFEF9F0C19026DBED6935AE6CADFE726615CF1CDF8F02381BFF246DF ] C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
16:53:34.0987 0x1358  THGuard - ok
16:53:35.0034 0x1358  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:53:35.0112 0x1358  Sidebar - ok
16:53:35.0127 0x1358  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:53:35.0143 0x1358  mctadmin - ok
16:53:35.0174 0x1358  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:53:35.0205 0x1358  Sidebar - ok
16:53:35.0221 0x1358  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:53:35.0237 0x1358  mctadmin - ok
16:53:35.0252 0x1358  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
16:53:35.0283 0x1358  RESTART_STICKY_NOTES - ok
16:53:35.0315 0x1358  [ 9BD0D17CD44C2E6DEE9645C0EAB46606, B18470971D69646991511B998C801038061C8018A142239249E101DFE4535461 ] C:\ProgramData\Windows Update Service0\bjrwzmzis.exe
16:53:35.0315 0x1358  Suspicious file ( NoAccess ): C:\ProgramData\Windows Update Service0\bjrwzmzis.exe. md5: 9BD0D17CD44C2E6DEE9645C0EAB46606, sha256: B18470971D69646991511B998C801038061C8018A142239249E101DFE4535461
16:53:35.0315 0x1358  Windows Update Service - detected LockedFile.Multi.Generic ( 1 )
16:53:37.0655 0x1358  Detect turned to UDS exact due to KSN untrusted
16:53:37.0655 0x1358  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - infected
16:53:37.0655 0x1358  Force sending object to P2P due to detect: C:\ProgramData\Windows Update Service0\bjrwzmzis.exe
16:53:40.0151 0x1358  Object send P2P result: true
16:53:42.0662 0x1358  [ B66041913F15C42BE9DCC8EC6E7EAF1E, 2D88626ACD2806635AAA1EECE2356F8FF0BBA67E7D9F621D51FC37E79F6E7B56 ] C:\Users\purzelchen\AppData\Roaming\UseServe.exe
16:53:42.0693 0x1358  UsenetServices - detected UnsignedFile.Multi.Generic ( 1 )
16:53:45.0049 0x1358  UsenetServices ( UnsignedFile.Multi.Generic ) - warning
16:53:47.0529 0x1358  [ 9BD0D17CD44C2E6DEE9645C0EAB46606, B18470971D69646991511B998C801038061C8018A142239249E101DFE4535461 ] C:\ProgramData\Windows Update Service0\bjrwzmzis.exe
16:53:47.0529 0x1358  Suspicious file ( NoAccess ): C:\ProgramData\Windows Update Service0\bjrwzmzis.exe. md5: 9BD0D17CD44C2E6DEE9645C0EAB46606, sha256: B18470971D69646991511B998C801038061C8018A142239249E101DFE4535461
16:53:47.0529 0x1358  Windows Update Service - detected LockedFile.Multi.Generic ( 1 )
16:53:47.0529 0x1358  Detect turned to UDS exact due to KSN untrusted
16:53:47.0529 0x1358  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - infected
16:53:47.0529 0x1358  Force sending object to P2P due to detect: C:\ProgramData\Windows Update Service0\bjrwzmzis.exe
16:53:49.0994 0x1358  Object send P2P result: true
16:53:52.0506 0x1358  Win FW state via NFP2: enabled
16:53:54.0893 0x1358  ============================================================
16:53:54.0893 0x1358  Scan finished
16:53:54.0893 0x1358  ============================================================
16:53:54.0893 0x199c  Detected object count: 4
16:53:54.0893 0x199c  Actual detected object count: 4
16:54:55.0373 0x199c  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:55.0373 0x199c  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:54:55.0482 0x199c  C:\ProgramData\Windows Update Service0\bjrwzmzis.exe - copied to quarantine
16:54:55.0482 0x199c  HKU\S-1-5-21-432217040-4276816697-2371958446-1000\Software\Microsoft\Windows\CurrentVersion\Run:Windows Update Service - will be deleted on reboot
16:54:55.0482 0x199c  C:\ProgramData\Windows Update Service0\bjrwzmzis.exe - will be deleted on reboot
16:54:55.0482 0x199c  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete 
16:54:55.0482 0x199c  UsenetServices ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:55.0482 0x199c  UsenetServices ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:54:55.0498 0x199c  C:\ProgramData\Windows Update Service0\bjrwzmzis.exe - copied to quarantine
16:54:55.0498 0x199c  HKU\S-1-5-21-432217040-4276816697-2371958446-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce:Windows Update Service - will be deleted on reboot
16:54:55.0498 0x199c  C:\ProgramData\Windows Update Service0\bjrwzmzis.exe - will be deleted on reboot
16:54:55.0498 0x199c  Windows Update Service ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete 
16:54:56.0231 0x199c  KLMD registered as C:\Windows\system32\drivers\12357515.sys
16:55:06.0839 0x25d4  Deinitialize success


Alt 11.11.2014, 17:24   #6
Deadfly
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


2. Log + Combofix

Log2
Code:
ATTFilter
16:56:48.0907 0x0ef4  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
16:56:50.0912 0x0ef4  ============================================================
16:56:50.0912 0x0ef4  Current date / time: 2014/11/11 16:56:50.0912
16:56:50.0912 0x0ef4  SystemInfo:
16:56:50.0912 0x0ef4  
16:56:50.0912 0x0ef4  OS Version: 6.1.7601 ServicePack: 1.0
16:56:50.0912 0x0ef4  Product type: Workstation
16:56:50.0912 0x0ef4  ComputerName: PURZELCHEN-PC
16:56:50.0912 0x0ef4  UserName: purzelchen
16:56:50.0912 0x0ef4  Windows directory: C:\Windows
16:56:50.0912 0x0ef4  System windows directory: C:\Windows
16:56:50.0912 0x0ef4  Running under WOW64
16:56:50.0912 0x0ef4  Processor architecture: Intel x64
16:56:50.0912 0x0ef4  Number of processors: 8
16:56:50.0912 0x0ef4  Page size: 0x1000
16:56:50.0912 0x0ef4  Boot type: Normal boot
16:56:50.0912 0x0ef4  ============================================================
16:56:50.0912 0x0ef4  BG loaded
16:56:51.0042 0x0ef4  System UUID: {32F68BDE-A527-F4FA-4C82-BE23F802989F}
16:56:51.0372 0x0ef4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:56:51.0372 0x0ef4  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:56:51.0372 0x0ef4  ============================================================
16:56:51.0372 0x0ef4  \Device\Harddisk0\DR0:
16:56:51.0372 0x0ef4  MBR partitions:
16:56:51.0372 0x0ef4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
16:56:51.0372 0x0ef4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
16:56:51.0372 0x0ef4  \Device\Harddisk1\DR1:
16:56:51.0372 0x0ef4  MBR partitions:
16:56:51.0372 0x0ef4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1BE000
16:56:51.0372 0x0ef4  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1D1BE800, BlocksNum 0x1D1C7830
16:56:51.0372 0x0ef4  ============================================================
16:56:51.0392 0x0ef4  C: <-> \Device\Harddisk0\DR0\Partition1
16:56:51.0402 0x0ef4  D: <-> \Device\Harddisk0\DR0\Partition2
16:56:51.0402 0x0ef4  E: <-> \Device\Harddisk1\DR1\Partition1
16:56:51.0412 0x0ef4  F: <-> \Device\Harddisk1\DR1\Partition2
16:56:51.0412 0x0ef4  ============================================================
16:56:51.0412 0x0ef4  Initialize success
16:56:51.0412 0x0ef4  ============================================================
16:56:56.0968 0x1064  ============================================================
16:56:56.0968 0x1064  Scan started
16:56:56.0968 0x1064  Mode: Manual; 
16:56:56.0968 0x1064  ============================================================
16:56:56.0968 0x1064  KSN ping started
16:56:59.0292 0x1064  KSN ping finished: true
16:57:03.0582 0x1064  ================ Scan system memory ========================
16:57:03.0582 0x1064  System memory - ok
16:57:03.0582 0x1064  ================ Scan services =============================
16:57:03.0722 0x1064  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:57:03.0738 0x1064  1394ohci - ok
16:57:03.0769 0x1064  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:57:03.0785 0x1064  ACPI - ok
16:57:03.0785 0x1064  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:57:03.0785 0x1064  AcpiPmi - ok
16:57:03.0878 0x1064  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:57:03.0894 0x1064  AdobeFlashPlayerUpdateSvc - ok
16:57:03.0925 0x1064  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:57:03.0941 0x1064  adp94xx - ok
16:57:03.0956 0x1064  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:57:03.0972 0x1064  adpahci - ok
16:57:03.0972 0x1064  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:57:03.0988 0x1064  adpu320 - ok
16:57:04.0003 0x1064  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:57:04.0003 0x1064  AeLookupSvc - ok
16:57:04.0019 0x1064  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
16:57:04.0034 0x1064  AFD - ok
16:57:04.0034 0x1064  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:57:04.0034 0x1064  agp440 - ok
16:57:04.0050 0x1064  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:57:04.0050 0x1064  ALG - ok
16:57:04.0050 0x1064  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:57:04.0050 0x1064  aliide - ok
16:57:04.0222 0x1064  ALSysIO - ok
16:57:04.0331 0x1064  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:57:04.0331 0x1064  amdide - ok
16:57:04.0346 0x1064  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:57:04.0346 0x1064  AmdK8 - ok
16:57:04.0362 0x1064  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:57:04.0362 0x1064  AmdPPM - ok
16:57:04.0378 0x1064  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:57:04.0378 0x1064  amdsata - ok
16:57:04.0393 0x1064  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:57:04.0409 0x1064  amdsbs - ok
16:57:04.0409 0x1064  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:57:04.0409 0x1064  amdxata - ok
16:57:04.0424 0x1064  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
16:57:04.0440 0x1064  AppID - ok
16:57:04.0440 0x1064  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:57:04.0440 0x1064  AppIDSvc - ok
16:57:04.0456 0x1064  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
16:57:04.0456 0x1064  Appinfo - ok
16:57:04.0456 0x1064  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:57:04.0471 0x1064  arc - ok
16:57:04.0471 0x1064  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:57:04.0471 0x1064  arcsas - ok
16:57:04.0518 0x1064  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:57:04.0518 0x1064  aspnet_state - ok
16:57:04.0534 0x1064  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:57:04.0534 0x1064  AsyncMac - ok
16:57:04.0549 0x1064  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:57:04.0549 0x1064  atapi - ok
16:57:04.0549 0x1064  [ 185F180536188C1A4ED605234721A5B9, FF06E13656E3442D66F8092CA2CF5AC474EFF7DC9C530E8DD87843E8322EF5C5 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
16:57:04.0549 0x1064  AthBTPort - ok
16:57:04.0596 0x1064  [ 397748353925A6602A6097FA92AF23BF, 6962E497E449C27A07FFE7A167CC89604E1E0E16203FF30D44E7C3F99727A90F ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
16:57:04.0596 0x1064  AtherosSvc - ok
16:57:04.0721 0x1064  [ B4174564AD5834A1680610572477878C, EA8687C90FE871AA427B4139BEE425E6DC4CFBC4CF3DCE29695EB9B967D9872F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:57:04.0799 0x1064  athr - ok
16:57:04.0846 0x1064  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:57:04.0861 0x1064  AudioEndpointBuilder - ok
16:57:04.0877 0x1064  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:57:04.0892 0x1064  AudioSrv - ok
16:57:04.0892 0x1064  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:57:04.0908 0x1064  AxInstSV - ok
16:57:04.0939 0x1064  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:57:04.0939 0x1064  b06bdrv - ok
16:57:04.0986 0x1064  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:57:04.0986 0x1064  b57nd60a - ok
16:57:05.0002 0x1064  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:57:05.0002 0x1064  BDESVC - ok
16:57:05.0002 0x1064  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:57:05.0002 0x1064  Beep - ok
16:57:05.0064 0x1064  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
16:57:05.0080 0x1064  BFE - ok
16:57:05.0111 0x1064  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:57:05.0126 0x1064  BITS - ok
16:57:05.0142 0x1064  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:57:05.0158 0x1064  blbdrive - ok
16:57:05.0158 0x1064  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:57:05.0158 0x1064  bowser - ok
16:57:05.0158 0x1064  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:57:05.0158 0x1064  BrFiltLo - ok
16:57:05.0173 0x1064  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:57:05.0173 0x1064  BrFiltUp - ok
16:57:05.0173 0x1064  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:57:05.0173 0x1064  Browser - ok
16:57:05.0204 0x1064  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:57:05.0204 0x1064  Brserid - ok
16:57:05.0220 0x1064  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:57:05.0220 0x1064  BrSerWdm - ok
16:57:05.0220 0x1064  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:57:05.0220 0x1064  BrUsbMdm - ok
16:57:05.0220 0x1064  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:57:05.0220 0x1064  BrUsbSer - ok
16:57:05.0251 0x1064  [ C150BAE6E9E4C99ABE3F5BC0777DD0A6, BDB7927539FF12255A9443437AD0ACC5A752088E06DA81C7A50222F75F6104A5 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
16:57:05.0267 0x1064  BstHdAndroidSvc - ok
16:57:05.0267 0x1064  [ E09B1C208FAC7D70735DBF2002B1A76D, 255EAC48F994698A4AB0566B9F7463E06A464A8F67D21DA3522B756712A9E952 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
16:57:05.0267 0x1064  BstHdDrv - ok
16:57:05.0314 0x1064  [ CE55E8B3FF604A173E8678FBAA78F818, 17CBA9591CB8022D3313F66BCD462BC59B9E9AEBA247054D6919E476C95EA417 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
16:57:05.0345 0x1064  BstHdLogRotatorSvc - ok
16:57:05.0360 0x1064  [ B5D8C2E82F33E2385FA9F309B6356715, 59726D203B808C43B2DF29BEC677B675798219B801877373358BA327E9C4DE18 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
16:57:05.0376 0x1064  BTATH_A2DP - ok
16:57:05.0376 0x1064  [ 3118072D09DAA1961A9F6549A4E8433A, 19159A2D424362BAF84D98AA95E0F3F517FE46726B4A1E19DFE0B62D17DE6227 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
16:57:05.0376 0x1064  btath_avdt - ok
16:57:05.0392 0x1064  [ E6B734A37ADE36FE1A77035F4E484C8C, 7F3AB1E0CF9F348633B3B325F5F365CCD4C7FF7E4564BDE02C2DA27A499D0234 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
16:57:05.0392 0x1064  BTATH_BUS - ok
16:57:05.0392 0x1064  [ FB3833E63FF602B69C2FF085846DCF43, 468BC9580341AD4C65F0BBB3A11F3E39C1DD0F9694D098AB3647A181C03E4E11 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:57:05.0407 0x1064  BTATH_HCRP - ok
16:57:05.0407 0x1064  [ 8008D892A2BDA67EEFBE25E14EB5DC83, 765FBBF0E58D0FA61A11AA888AB168314622572BB0F73E44FC4F88ACAF1ECB32 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:57:05.0407 0x1064  BTATH_LWFLT - ok
16:57:05.0423 0x1064  [ ABCD3C16CA850A7594CEB9AD5D966810, DB0EAF000BB6F12F2AA550B66F5C61E08F2C6E58A18DA40BE69DD2B662D1EC60 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
16:57:05.0438 0x1064  BTATH_RCP - ok
16:57:05.0470 0x1064  [ 0C3825703B5E4ADB5FB75A651E4682B7, 6DFFB545EB2F01B5EC41FA6D5F01E65406BA25CAA862F9C3D2283CE5E32085A2 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
16:57:05.0470 0x1064  BtFilter - ok
16:57:05.0485 0x1064  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
16:57:05.0485 0x1064  BthEnum - ok
16:57:05.0485 0x1064  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:57:05.0485 0x1064  BTHMODEM - ok
16:57:05.0485 0x1064  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:57:05.0501 0x1064  BthPan - ok
16:57:05.0516 0x1064  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:57:05.0532 0x1064  BTHPORT - ok
16:57:05.0532 0x1064  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:57:05.0548 0x1064  bthserv - ok
16:57:05.0548 0x1064  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:57:05.0548 0x1064  BTHUSB - ok
16:57:05.0548 0x1064  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:57:05.0563 0x1064  cdfs - ok
16:57:05.0563 0x1064  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:57:05.0563 0x1064  cdrom - ok
16:57:05.0579 0x1064  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:57:05.0579 0x1064  CertPropSvc - ok
16:57:05.0579 0x1064  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:57:05.0579 0x1064  circlass - ok
16:57:05.0610 0x1064  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
16:57:05.0610 0x1064  CLFS - ok
16:57:05.0626 0x1064  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:57:05.0626 0x1064  clr_optimization_v2.0.50727_32 - ok
16:57:05.0641 0x1064  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:57:05.0657 0x1064  clr_optimization_v2.0.50727_64 - ok
16:57:05.0688 0x1064  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:57:05.0735 0x1064  clr_optimization_v4.0.30319_32 - ok
16:57:05.0750 0x1064  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:57:05.0766 0x1064  clr_optimization_v4.0.30319_64 - ok
16:57:05.0782 0x1064  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:57:05.0782 0x1064  CmBatt - ok
16:57:05.0782 0x1064  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:57:05.0782 0x1064  cmdide - ok
16:57:05.0828 0x1064  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:57:05.0860 0x1064  CNG - ok
16:57:05.0860 0x1064  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:57:05.0860 0x1064  Compbatt - ok
16:57:05.0875 0x1064  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:57:05.0875 0x1064  CompositeBus - ok
16:57:05.0875 0x1064  COMSysApp - ok
16:57:05.0875 0x1064  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:57:05.0875 0x1064  crcdisk - ok
16:57:05.0891 0x1064  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:57:05.0891 0x1064  CryptSvc - ok
16:57:05.0922 0x1064  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:57:05.0922 0x1064  DcomLaunch - ok
16:57:05.0953 0x1064  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:57:05.0953 0x1064  defragsvc - ok
16:57:05.0969 0x1064  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:57:05.0969 0x1064  DfsC - ok
16:57:06.0000 0x1064  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:57:06.0000 0x1064  Dhcp - ok
16:57:06.0016 0x1064  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:57:06.0016 0x1064  discache - ok
16:57:06.0031 0x1064  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:57:06.0031 0x1064  Disk - ok
16:57:06.0047 0x1064  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:57:06.0047 0x1064  Dnscache - ok
16:57:06.0062 0x1064  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:57:06.0062 0x1064  dot3svc - ok
16:57:06.0078 0x1064  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:57:06.0078 0x1064  DPS - ok
16:57:06.0078 0x1064  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:57:06.0078 0x1064  drmkaud - ok
16:57:06.0109 0x1064  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:57:06.0125 0x1064  dtsoftbus01 - ok
16:57:06.0156 0x1064  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:57:06.0172 0x1064  DXGKrnl - ok
16:57:06.0187 0x1064  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:57:06.0187 0x1064  EapHost - ok
16:57:06.0312 0x1064  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:57:06.0437 0x1064  ebdrv - ok
16:57:06.0452 0x1064  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
16:57:06.0452 0x1064  EFS - ok
16:57:06.0484 0x1064  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:57:06.0530 0x1064  ehRecvr - ok
16:57:06.0530 0x1064  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:57:06.0530 0x1064  ehSched - ok
16:57:06.0562 0x1064  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:57:06.0577 0x1064  elxstor - ok
16:57:06.0577 0x1064  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:57:06.0577 0x1064  ErrDev - ok
16:57:06.0608 0x1064  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:57:06.0608 0x1064  EventSystem - ok
16:57:06.0624 0x1064  [ 251AF86E0A4DDF3A6B181ED5103B06B1, 1823E7C87F0D8972A89D71B1FB633C5D43744F9803E6A8B866F6EA610032437C ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
16:57:06.0624 0x1064  ewusbnet - ok
16:57:06.0640 0x1064  [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:57:06.0640 0x1064  ew_hwusbdev - ok
16:57:06.0655 0x1064  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:57:06.0655 0x1064  exfat - ok
16:57:06.0671 0x1064  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:57:06.0671 0x1064  fastfat - ok
16:57:06.0702 0x1064  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:57:06.0718 0x1064  Fax - ok
16:57:06.0718 0x1064  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:57:06.0733 0x1064  fdc - ok
16:57:06.0733 0x1064  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:57:06.0733 0x1064  fdPHost - ok
16:57:06.0733 0x1064  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:57:06.0733 0x1064  FDResPub - ok
16:57:06.0733 0x1064  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:57:06.0749 0x1064  FileInfo - ok
16:57:06.0749 0x1064  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:57:06.0749 0x1064  Filetrace - ok
16:57:06.0796 0x1064  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:57:06.0811 0x1064  FLEXnet Licensing Service - ok
16:57:06.0811 0x1064  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:57:06.0811 0x1064  flpydisk - ok
16:57:06.0827 0x1064  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:57:06.0827 0x1064  FltMgr - ok
16:57:06.0858 0x1064  [ 8768D7AF8CA1AEB2380BD62170C03F70, 12FB68B19B7557628B13A61735366D1173890607899A86E5943FFD706ED329F3 ] FLxHCIc         C:\Windows\system32\DRIVERS\FLxHCIc.sys
16:57:06.0858 0x1064  FLxHCIc - ok
16:57:06.0858 0x1064  [ DCEE5572BCC930D5B8A9E23391236233, F244A81AB96AD085BA0274CAE5D2FD7FB40949D26C2955BF3E08457328F5740B ] FLxHCIh         C:\Windows\system32\DRIVERS\FLxHCIh.sys
16:57:06.0874 0x1064  FLxHCIh - ok
16:57:06.0920 0x1064  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
16:57:06.0936 0x1064  FontCache - ok
16:57:06.0952 0x1064  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:57:06.0952 0x1064  FontCache3.0.0.0 - ok
16:57:06.0952 0x1064  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:57:06.0952 0x1064  FsDepends - ok
16:57:06.0967 0x1064  [ 3DFA8D4E50D608F8F732014614C84DD2, 4927B200F1A4FF04C14347A744C878EB11A78AB356B814C196EB6DDF30DDD934 ] fspad_win764    C:\Windows\system32\DRIVERS\fspad_win764.sys
16:57:06.0967 0x1064  fspad_win764 - ok
16:57:06.0983 0x1064  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:57:06.0983 0x1064  Fs_Rec - ok
16:57:06.0983 0x1064  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:57:06.0998 0x1064  fvevol - ok
16:57:06.0998 0x1064  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:57:06.0998 0x1064  gagp30kx - ok
16:57:07.0076 0x1064  [ B0463138D3F872E3D2EC0C4C471AC067, CB0342294BD49732572C81A721DFFA531A031D65A640BF46A5C5AD0B1ACF6AED ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
16:57:07.0108 0x1064  GfExperienceService - ok
16:57:07.0139 0x1064  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:57:07.0154 0x1064  gpsvc - ok
16:57:07.0186 0x1064  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:57:07.0186 0x1064  gupdate - ok
16:57:07.0186 0x1064  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:57:07.0186 0x1064  gupdatem - ok
16:57:07.0201 0x1064  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:57:07.0201 0x1064  hcw85cir - ok
16:57:07.0217 0x1064  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:57:07.0217 0x1064  HdAudAddService - ok
16:57:07.0232 0x1064  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:57:07.0232 0x1064  HDAudBus - ok
16:57:07.0232 0x1064  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:57:07.0232 0x1064  HidBatt - ok
16:57:07.0248 0x1064  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:57:07.0248 0x1064  HidBth - ok
16:57:07.0248 0x1064  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:57:07.0248 0x1064  HidIr - ok
16:57:07.0264 0x1064  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:57:07.0264 0x1064  hidserv - ok
16:57:07.0264 0x1064  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:57:07.0264 0x1064  HidUsb - ok
16:57:07.0264 0x1064  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:57:07.0264 0x1064  hkmsvc - ok
16:57:07.0279 0x1064  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:57:07.0279 0x1064  HomeGroupListener - ok
16:57:07.0295 0x1064  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:57:07.0295 0x1064  HomeGroupProvider - ok
16:57:07.0310 0x1064  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:57:07.0310 0x1064  HpSAMD - ok
16:57:07.0342 0x1064  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:57:07.0357 0x1064  HTTP - ok
16:57:07.0357 0x1064  [ 6E05228393CD614B983568EC40C262C3, CEB1CFDD346534F01A52D2E7004B0220692FC67CAD874FE04740ECDA2F92767D ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:57:07.0357 0x1064  hwdatacard - ok
16:57:07.0373 0x1064  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:57:07.0373 0x1064  hwpolicy - ok
16:57:07.0373 0x1064  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:57:07.0373 0x1064  i8042prt - ok
16:57:07.0404 0x1064  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:57:07.0404 0x1064  iaStorV - ok
16:57:07.0435 0x1064  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:57:07.0466 0x1064  idsvc - ok
16:57:07.0482 0x1064  IEEtwCollectorService - ok
16:57:07.0498 0x1064  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:57:07.0498 0x1064  iirsp - ok
16:57:07.0529 0x1064  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
16:57:07.0544 0x1064  IKEEXT - ok
16:57:07.0544 0x1064  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:57:07.0544 0x1064  intelide - ok
16:57:07.0560 0x1064  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:57:07.0560 0x1064  intelppm - ok
16:57:07.0560 0x1064  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:57:07.0560 0x1064  IPBusEnum - ok
16:57:07.0576 0x1064  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:57:07.0576 0x1064  IpFilterDriver - ok
16:57:07.0622 0x1064  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:57:07.0638 0x1064  iphlpsvc - ok
16:57:07.0638 0x1064  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:57:07.0638 0x1064  IPMIDRV - ok
16:57:07.0654 0x1064  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:57:07.0654 0x1064  IPNAT - ok
16:57:07.0654 0x1064  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:57:07.0654 0x1064  IRENUM - ok
16:57:07.0669 0x1064  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:57:07.0669 0x1064  isapnp - ok
16:57:07.0685 0x1064  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:57:07.0685 0x1064  iScsiPrt - ok
16:57:07.0700 0x1064  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:57:07.0700 0x1064  kbdclass - ok
16:57:07.0700 0x1064  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:57:07.0700 0x1064  kbdhid - ok
16:57:07.0716 0x1064  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
16:57:07.0716 0x1064  KeyIso - ok
16:57:07.0716 0x1064  [ B6D6F12C214DE823FA22709F7BD0EB0B, 312BCBAEF6D35EAC2514E8D89DE65EA9E524CA1506A3F7410337DF2FDFB052FF ] KoneFltr        C:\Windows\system32\drivers\Kone.sys
16:57:07.0716 0x1064  KoneFltr - ok
16:57:07.0716 0x1064  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:57:07.0732 0x1064  KSecDD - ok
16:57:07.0732 0x1064  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:57:07.0732 0x1064  KSecPkg - ok
16:57:07.0747 0x1064  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:57:07.0747 0x1064  ksthunk - ok
16:57:07.0763 0x1064  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:57:07.0778 0x1064  KtmRm - ok
16:57:07.0778 0x1064  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:57:07.0794 0x1064  LanmanServer - ok
16:57:07.0794 0x1064  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:57:07.0794 0x1064  LanmanWorkstation - ok
16:57:07.0810 0x1064  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:57:07.0810 0x1064  lltdio - ok
16:57:07.0841 0x1064  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:57:07.0841 0x1064  lltdsvc - ok
16:57:07.0841 0x1064  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:57:07.0856 0x1064  lmhosts - ok
16:57:07.0856 0x1064  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:57:07.0856 0x1064  LSI_FC - ok
16:57:07.0872 0x1064  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:57:07.0872 0x1064  LSI_SAS - ok
16:57:07.0872 0x1064  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:57:07.0872 0x1064  LSI_SAS2 - ok
16:57:07.0888 0x1064  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:57:07.0888 0x1064  LSI_SCSI - ok
16:57:07.0888 0x1064  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:57:07.0888 0x1064  luafv - ok
16:57:07.0934 0x1064  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
16:57:07.0934 0x1064  McComponentHostService - ok
16:57:07.0950 0x1064  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:57:07.0950 0x1064  Mcx2Svc - ok
16:57:07.0950 0x1064  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:57:07.0950 0x1064  megasas - ok
16:57:07.0981 0x1064  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:57:07.0997 0x1064  MegaSR - ok
16:57:08.0012 0x1064  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
16:57:08.0012 0x1064  MEIx64 - ok
16:57:08.0012 0x1064  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
16:57:08.0012 0x1064  MMCSS - ok
16:57:08.0012 0x1064  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
16:57:08.0028 0x1064  Modem - ok
16:57:08.0028 0x1064  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:57:08.0028 0x1064  monitor - ok
16:57:08.0028 0x1064  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:57:08.0028 0x1064  mouclass - ok
16:57:08.0028 0x1064  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:57:08.0044 0x1064  mouhid - ok
16:57:08.0044 0x1064  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:57:08.0044 0x1064  mountmgr - ok
16:57:08.0059 0x1064  [ 28048289E32294004A86935CC40A3252, D397C3BAD6BCDA33FA0982E10677598E8BDF69A0933D19A36873CB45BA4FB819 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:57:08.0059 0x1064  MozillaMaintenance - ok
16:57:08.0059 0x1064  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:57:08.0075 0x1064  mpio - ok
16:57:08.0075 0x1064  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:57:08.0075 0x1064  mpsdrv - ok
16:57:08.0106 0x1064  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:57:08.0137 0x1064  MpsSvc - ok
16:57:08.0153 0x1064  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:57:08.0153 0x1064  MRxDAV - ok
16:57:08.0153 0x1064  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:57:08.0168 0x1064  mrxsmb - ok
16:57:08.0168 0x1064  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:57:08.0184 0x1064  mrxsmb10 - ok
16:57:08.0184 0x1064  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:57:08.0184 0x1064  mrxsmb20 - ok
16:57:08.0200 0x1064  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:57:08.0200 0x1064  msahci - ok
16:57:08.0200 0x1064  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:57:08.0200 0x1064  msdsm - ok
16:57:08.0215 0x1064  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
16:57:08.0215 0x1064  MSDTC - ok
16:57:08.0231 0x1064  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:57:08.0231 0x1064  Msfs - ok
16:57:08.0231 0x1064  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:57:08.0231 0x1064  mshidkmdf - ok
16:57:08.0231 0x1064  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:57:08.0231 0x1064  msisadrv - ok
16:57:08.0246 0x1064  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:57:08.0246 0x1064  MSiSCSI - ok
16:57:08.0246 0x1064  msiserver - ok
16:57:08.0246 0x1064  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:57:08.0246 0x1064  MSKSSRV - ok
16:57:08.0262 0x1064  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:57:08.0262 0x1064  MSPCLOCK - ok
16:57:08.0262 0x1064  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:57:08.0262 0x1064  MSPQM - ok
16:57:08.0278 0x1064  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:57:08.0293 0x1064  MsRPC - ok
16:57:08.0293 0x1064  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:57:08.0293 0x1064  mssmbios - ok
16:57:08.0309 0x1064  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:57:08.0309 0x1064  MSTEE - ok
16:57:08.0309 0x1064  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:57:08.0309 0x1064  MTConfig - ok
16:57:08.0324 0x1064  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:57:08.0324 0x1064  Mup - ok
16:57:08.0340 0x1064  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:57:08.0356 0x1064  napagent - ok
16:57:08.0371 0x1064  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:57:08.0387 0x1064  NativeWifiP - ok
16:57:08.0418 0x1064  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:57:08.0465 0x1064  NDIS - ok
16:57:08.0465 0x1064  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:57:08.0465 0x1064  NdisCap - ok
16:57:08.0465 0x1064  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:57:08.0465 0x1064  NdisTapi - ok
16:57:08.0480 0x1064  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:57:08.0480 0x1064  Ndisuio - ok
16:57:08.0480 0x1064  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:57:08.0496 0x1064  NdisWan - ok
16:57:08.0496 0x1064  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:57:08.0496 0x1064  NDProxy - ok
16:57:08.0496 0x1064  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:57:08.0496 0x1064  NetBIOS - ok
16:57:08.0512 0x1064  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:57:08.0512 0x1064  NetBT - ok
16:57:08.0527 0x1064  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
16:57:08.0527 0x1064  Netlogon - ok
16:57:08.0543 0x1064  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:57:08.0543 0x1064  Netman - ok
16:57:08.0558 0x1064  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:57:08.0574 0x1064  NetMsmqActivator - ok
16:57:08.0574 0x1064  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:57:08.0574 0x1064  NetPipeActivator - ok
16:57:08.0605 0x1064  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:57:08.0605 0x1064  netprofm - ok
16:57:08.0605 0x1064  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:57:08.0621 0x1064  NetTcpActivator - ok
16:57:08.0621 0x1064  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:57:08.0621 0x1064  NetTcpPortSharing - ok
16:57:08.0621 0x1064  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:57:08.0621 0x1064  nfrd960 - ok
16:57:08.0636 0x1064  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:57:08.0652 0x1064  NlaSvc - ok
16:57:08.0652 0x1064  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:57:08.0652 0x1064  Npfs - ok
16:57:08.0668 0x1064  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
16:57:08.0668 0x1064  nsi - ok
16:57:08.0668 0x1064  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:57:08.0668 0x1064  nsiproxy - ok
16:57:08.0730 0x1064  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:57:08.0808 0x1064  Ntfs - ok
16:57:08.0824 0x1064  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:57:08.0824 0x1064  Null - ok
16:57:08.0824 0x1064  [ C87B11EB78428853F9E8495C47E53C10, FAE479DB0812967B3FF968773BA998591B4F50BE4329B8349BCA7E6EAB1B0474 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:57:08.0839 0x1064  NVHDA - ok
16:57:09.0229 0x1064  [ 810530F309BDD7F055BE0301E27041FB, 993ECC80D175795FC5C8A8CD4A6B5970E027227E4917631DE794224268CE73D6 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:57:09.0448 0x1064  nvlddmkm - ok
16:57:09.0526 0x1064  [ E55893C3A3E328810583555652EEB4DC, 52AA52B6AC99B8D77A60706B27C4F4F514EDB2F0CFF8608266F4B3C76D1158E9 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
16:57:09.0541 0x1064  NvNetworkService - ok
16:57:09.0557 0x1064  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:57:09.0557 0x1064  nvraid - ok
16:57:09.0572 0x1064  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:57:09.0572 0x1064  nvstor - ok
16:57:09.0572 0x1064  [ E8804B858EB4A18C0B386C58DBEBB7C8, 5A47435AB323D2E7BE487DFC4D0197999C2C4E618C42D9910210E134345FF4A4 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:57:09.0572 0x1064  NvStreamKms - ok
16:57:10.0134 0x1064  [ 8A6985CB27B206910F3903E14B8742D1, FC55D8BD60FBA6ABF6DB111C1E90DA64D0E2460F71F35F752987E75D9AF05D69 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
16:57:10.0446 0x1064  NvStreamSvc - ok
16:57:10.0493 0x1064  [ 3532AE8B1FB357B873CDE72A96A417C8, 9212F709CE72DC91D961928361C35DD5BADA5F6342EE526E55E5EF1614EBDA71 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:57:10.0508 0x1064  nvsvc - ok
16:57:10.0524 0x1064  [ 1AF619620613869C07F9C147BC37520F, 0AD4E100354E201D5E72BA236C1464F5083A7E3B58C4AC6BA712489D258955F5 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:57:10.0524 0x1064  nvvad_WaveExtensible - ok
16:57:10.0524 0x1064  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:57:10.0540 0x1064  nv_agp - ok
16:57:10.0540 0x1064  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:57:10.0540 0x1064  ohci1394 - ok
16:57:10.0555 0x1064  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:57:10.0555 0x1064  p2pimsvc - ok
16:57:10.0586 0x1064  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
16:57:10.0602 0x1064  p2psvc - ok
16:57:10.0602 0x1064  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:57:10.0602 0x1064  Parport - ok
16:57:10.0618 0x1064  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:57:10.0618 0x1064  partmgr - ok
16:57:10.0618 0x1064  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:57:10.0618 0x1064  PcaSvc - ok
16:57:10.0633 0x1064  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
16:57:10.0633 0x1064  pci - ok
16:57:10.0649 0x1064  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:57:10.0649 0x1064  pciide - ok
16:57:10.0649 0x1064  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:57:10.0664 0x1064  pcmcia - ok
16:57:10.0664 0x1064  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:57:10.0664 0x1064  pcw - ok
16:57:10.0696 0x1064  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:57:10.0711 0x1064  PEAUTH - ok
16:57:10.0774 0x1064  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:57:10.0774 0x1064  PerfHost - ok
16:57:10.0852 0x1064  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
16:57:10.0898 0x1064  pla - ok
16:57:10.0914 0x1064  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:57:10.0930 0x1064  PlugPlay - ok
16:57:10.0930 0x1064  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:57:10.0930 0x1064  PNRPAutoReg - ok
16:57:10.0945 0x1064  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:57:10.0961 0x1064  PNRPsvc - ok
16:57:10.0976 0x1064  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:57:10.0992 0x1064  PolicyAgent - ok
16:57:10.0992 0x1064  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
16:57:10.0992 0x1064  Power - ok
16:57:11.0008 0x1064  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:57:11.0008 0x1064  PptpMiniport - ok
16:57:11.0008 0x1064  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:57:11.0008 0x1064  Processor - ok
16:57:11.0023 0x1064  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:57:11.0023 0x1064  ProfSvc - ok
16:57:11.0039 0x1064  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:57:11.0039 0x1064  ProtectedStorage - ok
16:57:11.0039 0x1064  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:57:11.0039 0x1064  Psched - ok
16:57:11.0101 0x1064  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:57:11.0179 0x1064  ql2300 - ok
16:57:11.0179 0x1064  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:57:11.0179 0x1064  ql40xx - ok
16:57:11.0195 0x1064  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
16:57:11.0195 0x1064  QWAVE - ok
16:57:11.0210 0x1064  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:57:11.0210 0x1064  QWAVEdrv - ok
16:57:11.0210 0x1064  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:57:11.0210 0x1064  RasAcd - ok
16:57:11.0210 0x1064  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:57:11.0226 0x1064  RasAgileVpn - ok
16:57:11.0226 0x1064  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
16:57:11.0226 0x1064  RasAuto - ok
16:57:11.0242 0x1064  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:57:11.0242 0x1064  Rasl2tp - ok
16:57:11.0257 0x1064  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:57:11.0257 0x1064  RasMan - ok
16:57:11.0257 0x1064  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:57:11.0273 0x1064  RasPppoe - ok
16:57:11.0273 0x1064  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:57:11.0273 0x1064  RasSstp - ok
16:57:11.0288 0x1064  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:57:11.0304 0x1064  rdbss - ok
16:57:11.0304 0x1064  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:57:11.0304 0x1064  rdpbus - ok
16:57:11.0304 0x1064  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:57:11.0304 0x1064  RDPCDD - ok
16:57:11.0320 0x1064  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:57:11.0320 0x1064  RDPENCDD - ok
16:57:11.0320 0x1064  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:57:11.0320 0x1064  RDPREFMP - ok
16:57:11.0335 0x1064  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:57:11.0335 0x1064  RdpVideoMiniport - ok
16:57:11.0351 0x1064  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:57:11.0351 0x1064  RDPWD - ok
16:57:11.0366 0x1064  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:57:11.0366 0x1064  rdyboost - ok
16:57:11.0366 0x1064  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:57:11.0366 0x1064  RemoteAccess - ok
16:57:11.0382 0x1064  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:57:11.0382 0x1064  RemoteRegistry - ok
16:57:11.0398 0x1064  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:57:11.0398 0x1064  RFCOMM - ok
16:57:11.0429 0x1064  [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
16:57:11.0429 0x1064  RMCAST - ok
16:57:11.0429 0x1064  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:57:11.0444 0x1064  RpcEptMapper - ok
16:57:11.0444 0x1064  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:57:11.0444 0x1064  RpcLocator - ok
16:57:11.0460 0x1064  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
16:57:11.0476 0x1064  RpcSs - ok
16:57:11.0476 0x1064  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:57:11.0476 0x1064  rspndr - ok
16:57:11.0538 0x1064  [ E57FAC2CDB73F06586ED2ED310B80932, 9BFC866E8AF555810127D1B95D1950BAC645C2553A46620417F6BA19FF5706B7 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
16:57:11.0538 0x1064  RSUSBVSTOR - ok
16:57:11.0569 0x1064  [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:57:11.0585 0x1064  RTL8167 - ok
16:57:11.0585 0x1064  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
16:57:11.0585 0x1064  SamSs - ok
16:57:11.0585 0x1064  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:57:11.0585 0x1064  sbp2port - ok
16:57:11.0600 0x1064  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:57:11.0600 0x1064  SCardSvr - ok
16:57:11.0616 0x1064  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:57:11.0616 0x1064  scfilter - ok
16:57:11.0663 0x1064  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
16:57:11.0678 0x1064  Schedule - ok
16:57:11.0678 0x1064  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:57:11.0694 0x1064  SCPolicySvc - ok
16:57:11.0694 0x1064  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:57:11.0694 0x1064  SDRSVC - ok
16:57:11.0710 0x1064  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:57:11.0710 0x1064  secdrv - ok
16:57:11.0710 0x1064  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
16:57:11.0710 0x1064  seclogon - ok
16:57:11.0710 0x1064  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:57:11.0710 0x1064  SENS - ok
16:57:11.0725 0x1064  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:57:11.0725 0x1064  SensrSvc - ok
16:57:11.0725 0x1064  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:57:11.0725 0x1064  Serenum - ok
16:57:11.0741 0x1064  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:57:11.0741 0x1064  Serial - ok
16:57:11.0741 0x1064  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:57:11.0741 0x1064  sermouse - ok
16:57:11.0756 0x1064  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:57:11.0756 0x1064  SessionEnv - ok
16:57:11.0756 0x1064  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:57:11.0756 0x1064  sffdisk - ok
16:57:11.0756 0x1064  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:57:11.0756 0x1064  sffp_mmc - ok
16:57:11.0772 0x1064  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:57:11.0772 0x1064  sffp_sd - ok
16:57:11.0772 0x1064  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:57:11.0772 0x1064  sfloppy - ok
16:57:11.0788 0x1064  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:57:11.0803 0x1064  SharedAccess - ok
16:57:11.0819 0x1064  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:57:11.0819 0x1064  ShellHWDetection - ok
16:57:11.0834 0x1064  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:57:11.0834 0x1064  SiSRaid2 - ok
16:57:11.0834 0x1064  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:57:11.0834 0x1064  SiSRaid4 - ok
16:57:11.0834 0x1064  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:57:11.0850 0x1064  Smb - ok
16:57:11.0850 0x1064  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:57:11.0850 0x1064  SNMPTRAP - ok
16:57:11.0850 0x1064  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:57:11.0850 0x1064  spldr - ok
16:57:11.0881 0x1064  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
16:57:11.0897 0x1064  Spooler - ok
16:57:12.0037 0x1064  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:57:12.0146 0x1064  sppsvc - ok
16:57:12.0162 0x1064  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:57:12.0162 0x1064  sppuinotify - ok
16:57:12.0178 0x1064  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:57:12.0193 0x1064  srv - ok
16:57:12.0209 0x1064  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:57:12.0224 0x1064  srv2 - ok
16:57:12.0224 0x1064  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:57:12.0224 0x1064  srvnet - ok
16:57:12.0240 0x1064  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:57:12.0240 0x1064  SSDPSRV - ok
16:57:12.0256 0x1064  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:57:12.0256 0x1064  SstpSvc - ok
16:57:12.0271 0x1064  [ 3FD909ED46EC85442820ECB6DB9A897D, 6A4911B5BF576156B2E26A48010F5424149C86A732244D6C4ECB4A0894E1CE27 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:57:12.0271 0x1064  Stereo Service - ok
16:57:12.0287 0x1064  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:57:12.0287 0x1064  stexstor - ok
16:57:12.0302 0x1064  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:57:12.0318 0x1064  stisvc - ok
16:57:12.0318 0x1064  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:57:12.0334 0x1064  swenum - ok
16:57:12.0349 0x1064  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
16:57:12.0365 0x1064  swprv - ok
16:57:12.0427 0x1064  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
16:57:12.0458 0x1064  SysMain - ok
16:57:12.0474 0x1064  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:57:12.0474 0x1064  TabletInputService - ok
16:57:12.0505 0x1064  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:57:12.0505 0x1064  TapiSrv - ok
16:57:12.0505 0x1064  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
16:57:12.0505 0x1064  TBS - ok
16:57:12.0568 0x1064  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:57:12.0646 0x1064  Tcpip - ok
16:57:12.0708 0x1064  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:57:12.0739 0x1064  TCPIP6 - ok
16:57:12.0739 0x1064  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:57:12.0739 0x1064  tcpipreg - ok
16:57:12.0755 0x1064  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:57:12.0755 0x1064  TDPIPE - ok
16:57:12.0755 0x1064  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:57:12.0755 0x1064  TDTCP - ok
16:57:12.0770 0x1064  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:57:12.0770 0x1064  tdx - ok
16:57:12.0770 0x1064  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:57:12.0770 0x1064  TermDD - ok
16:57:12.0802 0x1064  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
16:57:12.0833 0x1064  TermService - ok
16:57:12.0833 0x1064  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:57:12.0833 0x1064  Themes - ok
16:57:12.0848 0x1064  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:57:12.0848 0x1064  THREADORDER - ok
16:57:12.0848 0x1064  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:57:12.0864 0x1064  TrkWks - ok
16:57:12.0864 0x1064  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:57:12.0880 0x1064  TrustedInstaller - ok
16:57:12.0880 0x1064  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:12.0880 0x1064  tssecsrv - ok
16:57:12.0880 0x1064  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:57:12.0895 0x1064  TsUsbFlt - ok
16:57:12.0895 0x1064  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:57:12.0895 0x1064  tunnel - ok
16:57:12.0895 0x1064  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:57:12.0911 0x1064  uagp35 - ok
16:57:12.0926 0x1064  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:57:12.0926 0x1064  udfs - ok
16:57:12.0942 0x1064  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:57:12.0942 0x1064  UI0Detect - ok
16:57:12.0942 0x1064  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:57:12.0942 0x1064  uliagpkx - ok
16:57:12.0942 0x1064  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:57:12.0958 0x1064  umbus - ok
16:57:12.0958 0x1064  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:57:12.0958 0x1064  UmPass - ok
16:57:12.0973 0x1064  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:57:12.0973 0x1064  upnphost - ok
16:57:12.0989 0x1064  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:57:12.0989 0x1064  usbaudio - ok
16:57:12.0989 0x1064  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:57:12.0989 0x1064  usbccgp - ok
16:57:13.0004 0x1064  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:57:13.0004 0x1064  usbcir - ok
16:57:13.0004 0x1064  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:57:13.0004 0x1064  usbehci - ok
16:57:13.0020 0x1064  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:57:13.0036 0x1064  usbhub - ok
16:57:13.0036 0x1064  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:57:13.0036 0x1064  usbohci - ok
16:57:13.0036 0x1064  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:57:13.0036 0x1064  usbprint - ok
16:57:13.0051 0x1064  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
16:57:13.0051 0x1064  usbscan - ok
16:57:13.0051 0x1064  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:13.0067 0x1064  USBSTOR - ok
16:57:13.0067 0x1064  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:57:13.0067 0x1064  usbuhci - ok
16:57:13.0067 0x1064  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:57:13.0082 0x1064  usbvideo - ok
16:57:13.0082 0x1064  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
16:57:13.0082 0x1064  usb_rndisx - ok
16:57:13.0082 0x1064  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
16:57:13.0082 0x1064  UxSms - ok
16:57:13.0098 0x1064  V-bates Updater - ok
16:57:13.0098 0x1064  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
16:57:13.0098 0x1064  VaultSvc - ok
16:57:13.0098 0x1064  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:57:13.0114 0x1064  vdrvroot - ok
16:57:13.0129 0x1064  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
16:57:13.0145 0x1064  vds - ok
16:57:13.0145 0x1064  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:13.0145 0x1064  vga - ok
16:57:13.0160 0x1064  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:57:13.0160 0x1064  VgaSave - ok
16:57:13.0160 0x1064  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:57:13.0176 0x1064  vhdmp - ok
16:57:13.0176 0x1064  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:57:13.0176 0x1064  viaide - ok
16:57:13.0176 0x1064  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:57:13.0176 0x1064  volmgr - ok
16:57:13.0207 0x1064  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:57:13.0207 0x1064  volmgrx - ok
16:57:13.0223 0x1064  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:57:13.0223 0x1064  volsnap - ok
16:57:13.0238 0x1064  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:57:13.0238 0x1064  vsmraid - ok
16:57:13.0332 0x1064  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
16:57:13.0379 0x1064  VSS - ok
16:57:13.0379 0x1064  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:57:13.0379 0x1064  vwifibus - ok
16:57:13.0394 0x1064  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:57:13.0394 0x1064  vwififlt - ok
16:57:13.0410 0x1064  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:57:13.0410 0x1064  vwifimp - ok
16:57:13.0426 0x1064  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
16:57:13.0426 0x1064  W32Time - ok
16:57:13.0441 0x1064  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:57:13.0441 0x1064  WacomPen - ok
16:57:13.0441 0x1064  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:57:13.0441 0x1064  WANARP - ok
16:57:13.0457 0x1064  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:57:13.0457 0x1064  Wanarpv6 - ok
16:57:13.0519 0x1064  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:57:13.0582 0x1064  wbengine - ok
16:57:13.0597 0x1064  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:57:13.0597 0x1064  WbioSrvc - ok
16:57:13.0613 0x1064  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:57:13.0628 0x1064  wcncsvc - ok
16:57:13.0628 0x1064  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:57:13.0628 0x1064  WcsPlugInService - ok
16:57:13.0628 0x1064  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:57:13.0644 0x1064  Wd - ok
16:57:13.0660 0x1064  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:57:13.0691 0x1064  Wdf01000 - ok
16:57:13.0706 0x1064  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:57:13.0706 0x1064  WdiServiceHost - ok
16:57:13.0706 0x1064  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:57:13.0706 0x1064  WdiSystemHost - ok
16:57:13.0722 0x1064  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
16:57:13.0722 0x1064  WebClient - ok
16:57:13.0738 0x1064  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:57:13.0753 0x1064  Wecsvc - ok
16:57:13.0753 0x1064  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:57:13.0753 0x1064  wercplsupport - ok
16:57:13.0753 0x1064  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:57:13.0769 0x1064  WerSvc - ok
16:57:13.0769 0x1064  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:57:13.0769 0x1064  WfpLwf - ok
16:57:13.0769 0x1064  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:57:13.0769 0x1064  WIMMount - ok
16:57:13.0769 0x1064  WinDefend - ok
16:57:13.0784 0x1064  WinHttpAutoProxySvc - ok
16:57:13.0800 0x1064  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:57:13.0800 0x1064  Winmgmt - ok
16:57:13.0878 0x1064  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:57:13.0956 0x1064  WinRM - ok
16:57:14.0003 0x1064  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:57:14.0018 0x1064  Wlansvc - ok
16:57:14.0018 0x1064  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:57:14.0018 0x1064  WmiAcpi - ok
16:57:14.0034 0x1064  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:57:14.0034 0x1064  wmiApSrv - ok
16:57:14.0034 0x1064  WMPNetworkSvc - ok
16:57:14.0034 0x1064  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:57:14.0034 0x1064  WPCSvc - ok
16:57:14.0050 0x1064  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:57:14.0050 0x1064  WPDBusEnum - ok
16:57:14.0050 0x1064  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:57:14.0050 0x1064  ws2ifsl - ok
16:57:14.0065 0x1064  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:57:14.0065 0x1064  wscsvc - ok
16:57:14.0065 0x1064  WSearch - ok
16:57:14.0065 0x1064  wStLibG64 - ok
16:57:14.0190 0x1064  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:57:14.0237 0x1064  wuauserv - ok
16:57:14.0237 0x1064  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:57:14.0252 0x1064  WudfPf - ok
16:57:14.0252 0x1064  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:14.0268 0x1064  WUDFRd - ok
16:57:14.0268 0x1064  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:57:14.0268 0x1064  wudfsvc - ok
16:57:14.0284 0x1064  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:57:14.0284 0x1064  WwanSvc - ok
16:57:14.0299 0x1064  [ 28B051B78471FC290C1790623D5908E1, 01B711DAC7290B5DBBA5AF49E69FC906BE0A1BF40EFB372A0DA1FB59F0BA9983 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
16:57:14.0299 0x1064  ZAtheros Bt&Wlan Coex Agent - ok
16:57:14.0315 0x1064  ================ Scan global ===============================
16:57:14.0315 0x1064  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:57:14.0330 0x1064  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:57:14.0330 0x1064  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:57:14.0346 0x1064  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:57:14.0362 0x1064  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:57:14.0362 0x1064  [ Global ] - ok
16:57:14.0362 0x1064  ================ Scan MBR ==================================
16:57:14.0377 0x1064  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:57:14.0502 0x1064  \Device\Harddisk0\DR0 - ok
16:57:14.0502 0x1064  [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk1\DR1
16:57:14.0518 0x1064  \Device\Harddisk1\DR1 - ok
16:57:14.0518 0x1064  ================ Scan VBR ==================================
16:57:14.0518 0x1064  [ B64A48BFD40272B21C9532B283E55DD8 ] \Device\Harddisk0\DR0\Partition1
16:57:14.0533 0x1064  \Device\Harddisk0\DR0\Partition1 - ok
16:57:14.0533 0x1064  [ CAEE7031913F97CB7B1140CF4FBC97FD ] \Device\Harddisk0\DR0\Partition2
16:57:14.0533 0x1064  \Device\Harddisk0\DR0\Partition2 - ok
16:57:14.0533 0x1064  [ B1F4D14CBCB1A9517810F24EF71B5002 ] \Device\Harddisk1\DR1\Partition1
16:57:14.0533 0x1064  \Device\Harddisk1\DR1\Partition1 - ok
16:57:14.0549 0x1064  [ 2555BEA6F5052ABB2ABAA738131B25B6 ] \Device\Harddisk1\DR1\Partition2
16:57:14.0549 0x1064  \Device\Harddisk1\DR1\Partition2 - ok
16:57:14.0549 0x1064  ================ Scan generic autorun ======================
16:57:14.0549 0x1064  Nvtmru - ok
16:57:14.0549 0x1064  fspuip - ok
16:57:14.0674 0x1064  [ DC1C247923B6164206499B652CD548CE, 018BB514BBA2E1C8BB9357E5C1AC33AB191D87D6B57A20158A46C2E46D2346F9 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
16:57:14.0720 0x1064  NvBackend - ok
16:57:14.0720 0x1064  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
16:57:14.0720 0x1064  ShadowPlay - ok
16:57:14.0752 0x1064  [ D1C7E6BF5A62AAC8E95D6E2BCAB802DD, 6FC9356C0C8201B76EA3BFB1F76A250E34B18C510D3B9F4E839B66B2F854C98A ] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE
16:57:14.0752 0x1064  RoccatKone+ - ok
16:57:14.0767 0x1064  [ 5BD2176B85AADA5C5547D8FFC3BE8DFA, F7D8D7FD448D2B4DB87FB37438DFC633A50F0E1D214E3D83BC20E13C288CED63 ] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
16:57:14.0767 0x1064  FLxHCIm64 - ok
16:57:14.0814 0x1064  [ 173DA92B812D9A9DD04C5D63C49C0684, 860B14D7EFEF9F0C19026DBED6935AE6CADFE726615CF1CDF8F02381BFF246DF ] C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
16:57:14.0830 0x1064  THGuard - ok
16:57:14.0876 0x1064  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:57:14.0923 0x1064  Sidebar - ok
16:57:14.0923 0x1064  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:57:14.0923 0x1064  mctadmin - ok
16:57:14.0970 0x1064  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:57:14.0986 0x1064  Sidebar - ok
16:57:14.0986 0x1064  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:57:14.0986 0x1064  mctadmin - ok
16:57:15.0001 0x1064  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
16:57:15.0017 0x1064  RESTART_STICKY_NOTES - ok
16:57:15.0032 0x1064  Windows Update Service - ok
16:57:15.0110 0x1064  [ B66041913F15C42BE9DCC8EC6E7EAF1E, 2D88626ACD2806635AAA1EECE2356F8FF0BBA67E7D9F621D51FC37E79F6E7B56 ] C:\Users\purzelchen\AppData\Roaming\UseServe.exe
16:57:15.0126 0x1064  UsenetServices - ok
16:57:15.0126 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:16.0140 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:17.0154 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:18.0168 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:19.0182 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:20.0196 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:21.0210 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:22.0224 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:23.0238 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:24.0252 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:25.0266 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:26.0280 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:27.0294 0x1064  Waiting for KSN requests completion. In queue: 314
16:57:28.0308 0x1064  Waiting for KSN requests completion. In queue: 41
16:57:29.0431 0x1064  Win FW state via NFP2: enabled
16:57:31.0834 0x1064  ============================================================
16:57:31.0834 0x1064  Scan finished
16:57:31.0834 0x1064  ============================================================
16:57:31.0849 0x105c  Detected object count: 0
16:57:31.0849 0x105c  Actual detected object count: 0
16:57:35.0937 0x0e90  Deinitialize success
Combofix:

Code:
ATTFilter
ComboFix 14-11-11.01 - purzelchen 11.11.2014  17:02:04.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8169.6648 [GMT 1:00]
ausgeführt von:: c:\users\purzelchen\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\purzelchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\47b3b645-e838-4a89-b2e3-7f84f4cbdb8e.jpg
c:\users\purzelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
c:\users\purzelchen\AppData\Roaming\UseNetServ.exe
c:\users\purzelchen\AppData\Roaming\UseServe.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-11 bis 2014-11-11  ))))))))))))))))))))))))))))))
.
.
2014-11-11 16:06 . 2014-11-11 16:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-11 15:54 . 2014-11-11 15:54	--------	dc----w-	C:\TDSSKiller_Quarantine
2014-11-10 13:59 . 2014-11-10 13:59	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-11-10 13:22 . 2014-11-10 13:23	--------	dc----w-	C:\FRST
2014-11-09 14:07 . 2011-06-21 04:09	200976	----a-w-	c:\windows\SysWow64\drivers\tmcomm.sys
2014-11-02 11:16 . 2014-11-02 11:16	--------	d-----w-	c:\users\purzelchen\AppData\Roaming\TrojanHunter
2014-11-02 09:23 . 2014-11-02 09:23	--------	d-----w-	c:\programdata\TrojanHunter
2014-11-02 09:23 . 2014-11-02 11:26	--------	d-----w-	c:\program files (x86)\TrojanHunter 5.6
2014-11-01 12:47 . 2010-05-26 10:41	511328	----a-w-	c:\windows\system32\d3dx10_43.dll
2014-11-01 12:47 . 2010-05-26 10:41	470880	----a-w-	c:\windows\SysWow64\d3dx10_43.dll
2014-11-01 12:47 . 2010-05-26 10:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2014-11-01 12:47 . 2010-05-26 10:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2014-11-01 12:47 . 2010-05-26 10:41	1998168	----a-w-	c:\windows\SysWow64\D3DX9_43.dll
2014-11-01 12:47 . 2010-05-26 10:41	2401112	----a-w-	c:\windows\system32\D3DX9_43.dll
2014-11-01 12:46 . 2014-11-01 12:47	--------	d-----w-	c:\users\purzelchen\AppData\Local\NVIDIA Corporation
2014-11-01 12:46 . 2014-10-16 16:54	2800296	----a-w-	c:\windows\system32\nvspcap64.dll
2014-11-01 12:46 . 2014-10-16 16:54	2197680	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-11-01 12:46 . 2014-10-16 16:54	1715224	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-11-01 12:46 . 2014-10-16 16:54	1291280	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-11-01 12:46 . 2014-11-01 12:46	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2014-11-01 12:46 . 2014-10-16 12:27	614544	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-11-01 12:45 . 2014-10-16 14:11	6883136	----a-w-	c:\windows\system32\nvcpl.dll
2014-11-01 12:45 . 2014-10-16 14:11	3533632	----a-w-	c:\windows\system32\nvsvc64.dll
2014-11-01 12:45 . 2014-10-16 14:11	933064	----a-w-	c:\windows\system32\nvvsvc.exe
2014-11-01 12:45 . 2014-10-16 14:11	61640	----a-w-	c:\windows\system32\nvshext.dll
2014-11-01 12:45 . 2014-10-16 14:11	384200	----a-w-	c:\windows\system32\nvmctray.dll
2014-11-01 12:45 . 2014-10-16 14:11	2559808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-11-01 12:45 . 2014-10-15 00:48	4047877	----a-w-	c:\windows\system32\nvcoproc.bin
2014-10-30 19:40 . 2014-10-30 19:40	--------	d-----w-	c:\program files\McAfee Security Scan
2014-10-30 14:17 . 2014-11-01 12:55	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-30 14:17 . 2014-11-01 12:55	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-30 14:17 . 2014-10-30 14:17	--------	d-----w-	c:\windows\system32\Macromed
2014-10-30 14:14 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF198856-CD9E-4239-A938-58B5A0D916BA}\mpengine.dll
2014-10-29 18:23 . 2014-10-30 19:40	--------	d-----w-	c:\programdata\McAfee Security Scan
2014-10-29 18:23 . 2014-10-29 18:23	--------	d-----w-	c:\programdata\McAfee
2014-10-28 18:40 . 2014-10-07 02:04	235184	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-10-28 18:38 . 2014-09-25 02:08	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-10-28 18:38 . 2014-09-25 01:40	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-10-28 18:38 . 2014-09-13 01:58	77312	----a-w-	c:\windows\system32\packager.dll
2014-10-28 18:38 . 2014-09-13 01:40	67072	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-28 15:22 . 2014-10-30 14:08	--------	d-----w-	c:\windows\SysWow64\Adobe
2014-10-28 15:21 . 2014-11-01 12:56	--------	d-----w-	c:\users\purzelchen\AppData\Local\Adobe
2014-10-28 13:50 . 2011-05-13 11:16	493056	----a-w-	c:\windows\SysWow64\dhRichClient3.dll
2014-10-28 13:50 . 2011-03-25 19:42	338432	----a-w-	c:\windows\SysWow64\sqlite36_engine.dll
2014-10-28 13:39 . 2014-11-11 15:55	--------	d-sh--w-	c:\programdata\Windows Update Service0
2014-10-15 22:40 . 2014-10-15 22:41	236080	----a-w-	c:\windows\RegBootClean64.exe
2014-10-15 22:40 . 2014-10-15 22:41	25136	----a-w-	c:\windows\DCEBoot64.exe
2014-10-15 10:12 . 2014-10-15 10:12	--------	d-----w-	c:\users\purzelchen\AppData\Roaming\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 18:42 . 2013-10-01 21:32	103265616	----a-w-	c:\windows\system32\MRT.exe
2014-10-16 16:54 . 2013-10-01 16:33	72904	----a-w-	c:\windows\system32\OpenCL.dll
2014-10-16 16:54 . 2013-10-01 16:33	60560	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-10-02 13:53 . 2013-10-01 16:26	278152	------w-	c:\windows\system32\MpSigStub.exe
2014-09-09 22:11 . 2014-10-12 09:31	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-10-12 09:31	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-09-10 11:06	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-10 11:06	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-07-19 48128]
"THGuard"="c:\program files (x86)\TrojanHunter 5.6\THGuard.exe" [2014-07-30 1081808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 wStLibG64;wStLibG64;c:\windows\system32\drivers\wStLibG64.sys;c:\windows\SYSNATIVE\drivers\wStLibG64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 V-bates Updater;V-bates Updater;c:\program files\V-bates\ExtensionUpdaterService.exe;c:\program files\V-bates\ExtensionUpdaterService.exe [x]
R3 ALSysIO;ALSysIO;c:\users\PURZEL~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\PURZEL~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys;c:\windows\SYSNATIVE\drivers\Kone.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-27 21:23	1089352	----a-w-	c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-30 12:55]
.
2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19 09:08]
.
2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19 09:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-10-16 2462536]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-10-16 2800296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.max-start.com/?babsrc=HP_ss_mib2&mntrId=A6F0162F6878B112&affID=127690&tsp=5183
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{EB1C96B7-C435-4279-BBAB-3A1B4A40855F}: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://en.eazel.com/results.php?oid=1&id=DAF5A5AA5F624549881415CE11CE2A69&cat=web&co=&lg=en&q={searchTerms}
FF - prefs.js: browser.startup.homepage - 
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=A6F0162F6878B112&affID=127690&tsp=5183
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=A6F0162F6878B112&affID=127690&tsp=5183
FF - user.js: extensions.buenosearch.id - a6f0b0c5000000000000162f6878b112
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16140
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.718:11
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - c:\program files\V-bates\Extension32.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-UsenetServices - c:\users\purzelchen\AppData\Roaming\UseServe.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-23563824.sys
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
AddRemove-{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1 - c:\users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\extensions\cliqz@cliqz.com\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-11  17:09:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-11 16:09
.
Vor Suchlauf: 12 Verzeichnis(se), 114.298.380.288 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 115.793.182.720 Bytes frei
.
- - End Of File - - FDA1AFD2C69B70C65DA77139CAC13EDB
64B1E91C5C6C2157642651010728F90F

Alt 12.11.2014, 17:40   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.11.2014, 20:05   #8
Deadfly
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


So, dann mal los:

MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 12.11.2014
Scan Time: 19:37:33
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.12.08
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: purzelchen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322101
Time Elapsed: 6 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 56
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, , [40a8330734489c9a090e48a761a1b34d], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, , [40a8330734489c9a090e48a761a1b34d], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [ca1e8bafc7b547efeb2d10df1ee432ce], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [ca1e8bafc7b547efeb2d10df1ee432ce], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [33b57bbfb4c858de75593882639f8a76], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, , [33b57bbfb4c858de75593882639f8a76], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}, , [80684cee215b082e96835797aa5817e9], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, , [80684cee215b082e96835797aa5817e9], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, , [80684cee215b082e96835797aa5817e9], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, , [80684cee215b082e96835797aa5817e9], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, , [80684cee215b082e96835797aa5817e9], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader.1, , [80684cee215b082e96835797aa5817e9], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader, , [80684cee215b082e96835797aa5817e9], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader, , [80684cee215b082e96835797aa5817e9], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader.1, , [80684cee215b082e96835797aa5817e9], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [d612d4664d2f4fe7386eba01b250e020], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO.1, , [d612d4664d2f4fe7386eba01b250e020], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO, , [d612d4664d2f4fe7386eba01b250e020], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO, , [d612d4664d2f4fe7386eba01b250e020], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [d612d4664d2f4fe7386eba01b250e020], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO.1, , [d612d4664d2f4fe7386eba01b250e020], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [d612d4664d2f4fe7386eba01b250e020], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [d612d4664d2f4fe7386eba01b250e020], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, , [b92ff4469be171c53525289336cc0af6], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, , [b92ff4469be171c53525289336cc0af6], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, , [b92ff4469be171c53525289336cc0af6], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, , [b92ff4469be171c53525289336cc0af6], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [b8309e9c186469cdf8dbeec60ff38b75], 
PUP.Optional.EazelBar.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}, , [ab3d1f1b4f2d2412c1bb388112f02ed2], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, , [a741e6544c30ff378d0a9956fd056e92], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, , [94541b1f2458340235628a65a45eb749], 
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr, , [c72173c7304c71c5cd2b9b55966c2cd4], 
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchHlpr.1, , [1ccce4563a4270c6b642a749cf33936d], 
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr, , [1ccce4563a4270c6b642a749cf33936d], 
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchHlpr.1, , [1ccce4563a4270c6b642a749cf33936d], 
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd, , [50981e1c2557f73f83762dc33bc76a96], 
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\CLASSES\buenosearch.buenosearchdskBnd.1, , [48a0b28880fce84e4dac31bfb74be61a], 
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd, , [48a0b28880fce84e4dac31bfb74be61a], 
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\buenosearch.buenosearchdskBnd.1, , [48a0b28880fce84e4dac31bfb74be61a], 
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon Browser Settings, , [d21694a6700c45f1151e96f4857f42be], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\V-bates, , [ae3a0238c7b5f541e43c96d9c63d28d8], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\priam_bho.DLL, , [67817ac07dff91a538ccd2b5659faa56], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [678136044834d95d65eb3956fe06b34d], 
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, , [fbeda5952755d264cef6a5e664a008f8], 
PUP.Optional.qvo6.A, HKLM\SOFTWARE\WOW6432NODE\qvo6Software, , [6781dd5d5f1d78bed42f8cfa59ab21df], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\WOW6432NODE\V-bates, , [9652d86235477bbb47d96a05ff0450b0], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\priam_bho.DLL, , [45a32416176585b1d133681f5ba9847c], 
PUP.Optional.RobinHood.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iidmoehhpbghchkaogkhmcckhlhebekn, , [c7211525a8d40e280d286cf2a75c8779], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [04e445f5cbb14fe778d8266928dce719], 
PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller, , [975170ca80fcd0664dc48fdc9d667c84], 
PUP.Optional.VbatesHelper.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\V-bates Updater, , [d117b88286f6e94d2cf1d29d46bd24dc], 
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, , [9058a595126a3204873b800bfd071ee2], 
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, , [33b5bc7e7ffd9b9b60d192f8c93b10f0], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [e4048caec1bbdc5acab79cd116ed1de3], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [28c0e65433492511813aadd65aaac838], 
PUP.Optional.Qone8, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [b23697a31666f93d49061b74ac58b050], 

Registry Values: 5
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [33b57bbfb4c858de75593882639f8a76]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [33b57bbfb4c858de75593882639f8a76]
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [3cacef4b8def83b3dcf29822fa083bc5], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [f0f8e2587ffd7fb77c5268528a78bf41], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0J1B1O1M1N0U1O1N2T, , [28c0e65433492511813aadd65aaac838]

Registry Data: 3
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[5e8a9d9df488072fe5652322e91cef11]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[17d1e258b0cc67cf80ca4cf9df268977]
PUP.Optional.MaxStart.A, HKU\S-1-5-21-432217040-4276816697-2371958446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.max-start.com/?babsrc=HP_ss_mib2&mntrId=A6F0162F6878B112&affID=127690&tsp=5183, Good: (www.google.com), Bad: (hxxp://www.max-start.com/?babsrc=HP_ss_mib2&mntrId=A6F0162F6878B112&affID=127690&tsp=5183),,[2abece6cc7b5ae8839675bdf32d3f20e]

Folders: 32
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, , [eafeaf8b3b41b185a62be7828083ff01], 
PUP.Optional.AmazonTB.A, C:\Users\purzelchen\AppData\Local\Amazon Browser Bar, , [d90f26143b415cda62d076141fe5956b], 
PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar, , [d21694a6700c45f1151e96f4857f42be], 
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, , [598fbe7c225af2443da072900ff4ad53], 
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, , [598fbe7c225af2443da072900ff4ad53], 
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, , [598fbe7c225af2443da072900ff4ad53], 
PUP.Optional.BonanzaDeals.A, C:\Users\purzelchen\AppData\Local\BonanzaDealsLive, , [5197f446a7d5bc7a1ec01ce605fed32d], 
PUP.Optional.BonanzaDeals.A, C:\Users\purzelchen\AppData\Local\BonanzaDealsLive\CrashReports, , [5197f446a7d5bc7a1ec01ce605fed32d], 
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, , [0cdc25154c30f73f07d934ce5fa4d927], 
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, , [0cdc25154c30f73f07d934ce5fa4d927], 
PUP.Optional.MindSpark.A, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\Allin1Convert_8h, , [836575c5522a9f9787be11fade2540c0], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\libraries, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\resources, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content\libraries, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content\resources, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\locale, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\locale\en-US, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\skin, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\defaults, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\defaults\preferences, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\libraries, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\resources, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.OnlySearch, C:\Users\purzelchen\AppData\Local\onlysearch, , [eff9360490ec999d15fd5dc9cc37d42c], 
PUP.Optional.OnlySearch, C:\Users\purzelchen\AppData\Local\onlysearch\onlysearch, , [eff9360490ec999d15fd5dc9cc37d42c], 
PUP.Optional.OnlySearch, C:\Users\purzelchen\AppData\Local\onlysearch\onlysearch\1.3.12.9, , [eff9360490ec999d15fd5dc9cc37d42c], 
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals, , [757363d7c2ba0b2bb01243e67291f40c], 

Files: 81
PUP.Optional.Searchprotect, C:\Program Files (x86)\Amazon Browser Bar\search_protect.exe, , [9c4c47f35626cc6ad0b82c08946dd52b], 
PUP.Optional.InstallCore.A, C:\Users\purzelchen\Downloads\FileExtractorSetup.exe, , [10d8b684fc800432b64446be39cc7987], 
PUP.Optional.DomaIQ, C:\Users\purzelchen\Downloads\Setup (1).exe, , [16d255e5b4c871c5a83765f60bf503fd], 
PUP.Optional.AirAdInstaller, C:\Users\purzelchen\Downloads\setup(1).exe, , [f0f875c58cf07bbb9da21327b050f907], 
PUP.Optional.LiveSoftAction.A, C:\Users\purzelchen\Downloads\ARCHOS 70B EREADER user guide provided through pdfretriever.com(1).exe, , [c721fd3d126a52e43d24092b976ac43c], 
PUP.Optional.LiveSoftAction.A, C:\Users\purzelchen\Downloads\ARCHOS 70B EREADER user guide provided through pdfretriever.com.exe, , [21c7cd6db0cc181e1b464fe546bbb848], 
PUP.Optional.AirAdInstaller, C:\Users\purzelchen\Downloads\setup.exe, , [a8401c1eb2caf5416fd01228fe02bd43], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage, , [ad3bb4863b41af873bd2ba8d4eb534cc], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage-journal, , [c72134066616d85ef01da2a5ee15956b], 
PUP.Optional.MindSpark.A, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\ask-web-search.xml, , [6880a09a92ea9b9b5a8a7dd431d23bc5], 
PUP.Optional.Easelbar.A, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\search-with-eazelbar.xml, , [db0d91a9df9dfa3c0e02223c9b689070], 
PUP.Optional.BuenoSearch.A, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\buenosearch.xml, , [b43426144735ad89f4e40b57927137c9], 
PUP.Optional.BuenoSearch.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage, , [8a5ed763cfade15593766ff618eb936d], 
PUP.Optional.BuenoSearch.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal, , [0bdddf5b0a729b9bf317de8748bb2cd4], 
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, , [eafeaf8b3b41b185a62be7828083ff01], 
Stolen.Data, C:\Users\purzelchen\AppData\Roaming\jullli_2012, , [61878eacfa8270c6a6815fed9b6952ae], 
PUP.Optional.AmazonTB.A, C:\Users\purzelchen\AppData\Local\Amazon Browser Bar\protect.xml, , [d90f26143b415cda62d076141fe5956b], 
PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.ini, , [d21694a6700c45f1151e96f4857f42be], 
PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\installer.xml, , [d21694a6700c45f1151e96f4857f42be], 
PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\uninstall.ico, , [d21694a6700c45f1151e96f4857f42be], 
PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\uninstall.json, , [d21694a6700c45f1151e96f4857f42be], 
PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\uninstaller.exe, , [d21694a6700c45f1151e96f4857f42be], 
PUP.Optional.AmazonTB.A, C:\Program Files (x86)\Amazon Browser Bar\update.xml, , [d21694a6700c45f1151e96f4857f42be], 
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, , [598fbe7c225af2443da072900ff4ad53], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\background.html, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\logo_128.png, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\main.js, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\main.js.bak, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\manifest.json, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\npbrowserext.dll, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\libraries\ContentScript.js, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\libraries\DataExchangeScript.js, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.436_0\resources\localscript.js, , [24c4f446a1db47ef85b69a816c97f50b], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\unins000.dat, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\icon.png, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\locale\en-US\overlay.dtd, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\skin\overlay.css, , [00e8b882c7b537ff3804bf5c669da65a], 
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\uninst.exe, , [757363d7c2ba0b2bb01243e67291f40c], 
PUP.Optional.Eazel.A, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "hxxp://en.eazel.com/results.php?oid=1&id=DAF5A5AA5F624549881415CE11CE2A69&cat=web&co=&lg=en&q={searchTerms}");), ,[2fb9370396e6b086019d3c3d59ac6997]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), ,[50982218cdafa195bbfbd9a324e1ab55]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (ferences

/* Do not edit this file.
 *
 * If yo), ,[21c7b981621a2313edc90f6d6c997789]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while t), ,[6880b3879be14de9e9cda9d37c89718f]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (e.
 *
 * If you make changes to this file while the ), ,[38b0c575a4d8ac8a8630c2ba7095fe02]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you ma), ,[5b8d40fa7a026ec88a2c007cc83d38c8]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
 *
 * If you), ,[2abe5dddff7d74c2af07dba16c9947b9]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
 *
 * If you mak), ,[3cac3efc74081a1c06b03547d23342be]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you make changes to this file w), ,[a741dd5d89f3290dddd90478e71e3cc4]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: ( this file.
 *
 * If you make changes to this file w), ,[de0aa397413b37ffb7ff1e5e17ee40c0]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you make), ,[af39ed4db4c83006c8ee58247f867789]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
 *
 * If you ), ,[cc1cba80106cec4a9224087412f34cb4]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
 *
 * If you make ), ,[b2361f1b9be17abc5066285406ff2ed2]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (

/* Do not edit this file.
 *
 * If you make changes t), ,[8a5e1d1dcdaf60d62195126a768fbc44]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (
/* Do not edit this file.
 *
 * If you make ch), ,[3cac59e16418171f4d69d0ac679e52ae]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
 *
 * If you ), ,[cb1d54e6b2ca74c2b3032b51838206fa]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten whe), ,[03e5102a9fddd363e4d20379b0557d83]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: ( is running,
 * the changes will be overwritten wh), ,[20c84af0e99356e0a70f6517b2532dd3]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when th), ,[f1f799a198e45fd79b1bc7b54db827d9]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (unning,
 * the changes will be overwritten when the ), ,[d2166ad06517122405b1710b6b9a5ba5]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: (nces

/* Do not edit this file.
 *
 * If you make changes t), ,[c325d76326566dc9704689f33cc941bf]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\prefs.js, Good: (), Bad: ( Do not edit this file.
 *
 * If you make changes to), ,[07e127134d2f71c54c6a681412f350b0]
PUP.Optional.BuenoSearch.A, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=A6F0162F6878B112&affID=127690&tsp=5183");), ,[ecfcb5855f1d13238049e09b0ef704fc]
PUP.Optional.BuenoSearch.A, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (earchTerms}&babsrc=TB_ss&mntrId=A6F0162F6878B112&affID=127690&tsp=5183");
user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q=), ,[28c074c68defa2947653ccafbc49c937]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (78B112&affID=127690&tsp=5183");
user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=A6F0162F), ,[d5133cfe90ec072ff2c3631990752ad6]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (62F6878B112&affID=127690&tsp=5183");
user_pref("extensions.buenosearch.tb_), ,[c325eb4fe597a2947e3777054bbad927]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (l", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=A6F0162F6878B11), ,[34b4d86228545adc03b23547e223f60a]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&m), ,[3dab74c61666a98dd2e34e2ec2436e92]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (uenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/), ,[cf19dc5e95e77bbbddd836469b6a1de3]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/), ,[6b7d1e1c5c2048eec3f2205cd62f01ff]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (uenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={search), ,[c32561d9f4881b1b50650a72917426da]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (h.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms), ,[b83066d486f669cdd9dc82fa1bea3fc1]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (earch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searc), ,[796f39019be1ef47991c1d5ffa0b867a]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (osearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?), ,[a444be7c81fb9c9a268fd0ac53b2bf41]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (s.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.), ,[20c83bff552753e31e97dba174911fe1]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.), ,[3eaa89b10973b97d7b3a601c6f968e72]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch), ,[f5f39aa0cdafd462862f512b83827d83]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (ns.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearc), ,[84641a20d0acce682491710b3acb5ea2]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (s.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.co), ,[08e0ed4d097380b6496ca5d70cf9a957]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (uenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.), ,[a64286b4f08c65d15461215bd5308878]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (ons.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.), ,[a44454e6d5a781b512a35329fe07a957]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (uenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.c), ,[ad3b1c1ebebe95a111a47705a560d22e]
PUP.Optional.BuenoSearch, C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js, Good: (), Bad: (ns.buenosearch.tlbrSrchUrl", "hxxp://www.buenosear), ,[c226f54583f9f2445b5a86f68a7bcc34]

Physical Sectors: 0
(No malicious items detected)


(end)
ADWCleaner

Code:
ATTFilter
# AdwCleaner v4.101 - Bericht erstellt am 12/11/2014 um 19:51:00
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-12.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : purzelchen - PURZELCHEN-PC
# Gestartet von : C:\Users\purzelchen\Desktop\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : wStLibG64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files (x86)\iRobinHood
Ordner Gelöscht : C:\Program Files (x86)\PC Cleaner
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Users\purzelchen\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\purzelchen\AppData\LocalLow\buenosearch LTD
Ordner Gelöscht : C:\Users\purzelchen\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\purzelchen\AppData\Roaming\UpdaterEX
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\invalidprefs.js
Datei Gelöscht : C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\user.js
Datei Gelöscht : C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\Classes\keepmysearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{53F6A516-3DCC-48F4-835C-6C670CB39CEA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\SoftwareUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.3 (x86 de)

[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false);
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true);
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.id", "a6f0b0c5000000000000162f6878b112");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16140");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false);
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=A6F0162F6878B112&affID=127690&tsp=5183");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=A6F0162F6878B112&affID=127690&tsp=5183");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.718:11:25");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("{EBD839AE-B08C-4fb7-859B-F54AF16C159F}.BrowserSearch", "hxxp://en.eazel.com/results.php?oid=1&id=DAF5A5AA5F624549881415CE11CE2A69&cat=web&co=&lg=en&q={searchTerms}");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("{EBD839AE-B08C-4fb7-859B-F54AF16C159F}.Homepage", "hxxp://en.eazel.com?oid=1&id=DAF5A5AA5F624549881415CE11CE2A69");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("{EBD839AE-B08C-4fb7-859B-F54AF16C159F}.ToolbarName", "EazelBar");
[u1lkanrv.default\prefs.js] - Zeile gelöscht : user_pref("{EBD839AE-B08C-4fb7-859B-F54AF16C159F}.UpdateURL", "hxxp://media.eazel.com/xmlbar/EazelBar/LatestVersion.xml");

-\\ Google Chrome v38.0.2125.111

[C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A6F0162F6878B112&affID=127690&tsp=5183

*************************

AdwCleaner[R0].txt - [9347 octets] - [12/11/2014 19:50:13]
AdwCleaner[S0].txt - [9284 octets] - [12/11/2014 19:51:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9344 octets] ##########
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by purzelchen on 12.11.2014 at 19:54:17,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\purzelchen\AppData\Roaming\mozilla\firefox\profiles\u1lkanrv.default\minidumps [178 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.11.2014 at 19:57:32,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by purzelchen (administrator) on PURZELCHEN-PC on 12-11-2014 19:58:29
Running from C:\Users\purzelchen\Downloads
Loaded Profile: purzelchen (Available profiles: purzelchen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4285952 2011-06-19] (Sentelic Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [RoccatKone+] => C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [552960 2011-07-12] (ROCCAT GmbH)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x35D63A38C2BECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = 
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_cr_sp_adppi15"
CHR DefaultSearchURL: Default -> hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-cr-21&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_cr_ds_adppi15&query={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}&output=chrome
CHR Profile: C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (Google Wallet) - C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-30] (Atheros Commnucations) [File not signed]
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-09-30] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-15] (Disc Soft Ltd)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2014-05-18] (Huawei Technologies Co., Ltd.) [File not signed]
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-19] (Fresco Logic)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [53760 2011-06-19] (Windows (R) Win 7 DDK provider)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2014-05-18] (Huawei Technologies Co., Ltd.) [File not signed]
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ALSysIO; \??\C:\Users\PURZEL~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 19:57 - 2014-11-12 19:57 - 00000838 _____ () C:\Users\purzelchen\Documents\JRT.txt
2014-11-12 19:57 - 2014-11-12 19:57 - 00000838 _____ () C:\Users\purzelchen\Desktop\JRT.txt
2014-11-12 19:54 - 2014-11-12 19:54 - 00000000 ____D () C:\Windows\ERUNT
2014-11-12 19:53 - 2014-11-12 19:36 - 01706808 _____ (Thisisu) C:\Users\purzelchen\Desktop\JRT.exe
2014-11-12 19:52 - 2014-11-12 19:52 - 00009504 _____ () C:\Users\purzelchen\Documents\AdwCleaner[S0].txt
2014-11-12 19:50 - 2014-11-12 19:51 - 00000000 ___DC () C:\AdwCleaner
2014-11-12 19:44 - 2014-11-12 19:44 - 00030927 ____C () C:\mbam.txt
2014-11-12 19:37 - 2014-11-12 19:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 19:36 - 2014-11-12 19:36 - 01706808 _____ (Thisisu) C:\Users\purzelchen\Downloads\JRT.exe
2014-11-12 19:36 - 2014-11-12 19:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-12 19:36 - 2014-11-12 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-12 19:36 - 2014-11-12 19:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-12 19:36 - 2014-11-12 19:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-12 19:36 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 19:36 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 19:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 19:35 - 2014-11-12 19:35 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\purzelchen\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-12 19:35 - 2014-11-12 19:35 - 02140160 _____ () C:\Users\purzelchen\Desktop\AdwCleaner_4.101.exe
2014-11-11 17:09 - 2014-11-11 17:09 - 00017133 ____C () C:\ComboFix.txt
2014-11-11 17:00 - 2014-11-11 17:09 - 00000000 ___DC () C:\Qoobox
2014-11-11 17:00 - 2014-11-11 17:09 - 00000000 ____D () C:\Windows\erdnt
2014-11-11 17:00 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-11 17:00 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-11 17:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-11 16:54 - 2014-11-11 16:54 - 00000000 ___DC () C:\TDSSKiller_Quarantine
2014-11-11 16:51 - 2014-11-11 16:51 - 05598118 ____R (Swearware) C:\Users\purzelchen\Desktop\ComboFix.exe
2014-11-10 15:06 - 2014-11-10 15:06 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\purzelchen\Downloads\tdsskiller.exe
2014-11-10 14:59 - 2014-11-10 14:59 - 00001226 _____ () C:\Users\purzelchen\Desktop\Revo Uninstaller.lnk
2014-11-10 14:59 - 2014-11-10 14:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-10 14:58 - 2014-11-10 14:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\purzelchen\Downloads\revosetup95.exe
2014-11-10 14:30 - 2014-11-10 14:30 - 00039525 _____ () C:\Users\purzelchen\Downloads\deadfly-GMER.log
2014-11-10 14:23 - 2014-11-10 14:54 - 00028924 _____ () C:\Users\purzelchen\Downloads\Addition.txt
2014-11-10 14:22 - 2014-11-12 19:58 - 00012054 _____ () C:\Users\purzelchen\Downloads\FRST.txt
2014-11-10 14:22 - 2014-11-12 19:58 - 00000000 ___DC () C:\FRST
2014-11-10 14:21 - 2014-11-10 14:21 - 00000482 _____ () C:\Users\purzelchen\Downloads\defogger_disable.log
2014-11-10 14:21 - 2014-11-10 14:21 - 00000000 _____ () C:\Users\purzelchen\defogger_reenable
2014-11-10 14:15 - 2014-11-10 14:15 - 00380416 _____ () C:\Users\purzelchen\Downloads\rv3wvh5j.exe
2014-11-10 14:15 - 2014-11-10 14:15 - 00050477 _____ () C:\Users\purzelchen\Downloads\Defogger.exe
2014-11-10 14:14 - 2014-11-10 14:14 - 02116096 _____ (Farbar) C:\Users\purzelchen\Downloads\FRST64.exe
2014-11-09 15:07 - 2011-06-21 05:09 - 00200976 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2014-11-09 15:06 - 2014-11-09 15:06 - 03437368 _____ (tuneuppro.com ) C:\Users\purzelchen\Downloads\setup (2).exe
2014-11-09 15:06 - 2014-11-09 15:06 - 02002376 _____ (Trend Micro Inc.) C:\Users\purzelchen\Downloads\HousecallLauncher.exe
2014-11-02 12:16 - 2014-11-02 12:16 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\TrojanHunter
2014-11-02 10:23 - 2014-11-02 12:26 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2014-11-02 10:23 - 2014-11-02 10:23 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-11-02 10:23 - 2014-11-02 10:23 - 00001047 _____ () C:\Users\purzelchen\Desktop\TrojanHunter.lnk
2014-11-02 10:23 - 2014-11-02 10:23 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-11-02 10:23 - 2014-11-02 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2014-11-01 13:47 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-01 13:46 - 2014-11-01 13:47 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\NVIDIA Corporation
2014-11-01 13:46 - 2014-11-01 13:46 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-01 13:46 - 2014-10-16 17:54 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-01 13:46 - 2014-10-16 17:54 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-01 13:46 - 2014-10-16 17:54 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-01 13:46 - 2014-10-16 17:54 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-01 13:46 - 2014-10-16 13:27 - 00614544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-01 13:45 - 2014-10-16 15:11 - 06883136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 00933064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-01 13:45 - 2014-10-16 15:11 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-01 13:45 - 2014-10-15 01:48 - 04047877 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-01 13:44 - 2014-10-16 17:54 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 24555840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 20968040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 18499648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 17260864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 13190288 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-01 13:44 - 2014-10-16 17:54 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00962376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00931984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00921928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00895176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-01 13:44 - 2014-10-16 17:54 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-01 13:44 - 2014-10-16 17:54 - 00034976 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-11-01 13:42 - 2014-11-01 13:43 - 306270552 _____ (NVIDIA Corporation) C:\Users\purzelchen\Downloads\344.48-notebook-win8-win7-64bit-international-whql.exe
2014-10-30 20:40 - 2014-10-30 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-30 20:40 - 2014-10-30 20:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-30 15:17 - 2014-11-12 19:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 15:17 - 2014-11-01 13:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 15:17 - 2014-11-01 13:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-30 15:17 - 2014-11-01 13:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-30 15:17 - 2014-10-30 15:17 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-29 19:23 - 2014-11-12 16:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-29 19:23 - 2014-10-30 20:40 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-29 19:23 - 2014-10-30 20:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-29 19:23 - 2014-10-29 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-28 19:41 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-28 19:41 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-28 19:41 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-28 19:41 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-28 19:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-28 19:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-28 19:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-28 19:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-28 19:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-28 19:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-28 19:41 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-28 19:41 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-28 19:41 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-28 19:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-28 19:41 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-28 19:41 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-28 19:41 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-28 19:41 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-28 19:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-28 19:41 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-28 19:41 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-28 19:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-28 19:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-28 19:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-28 19:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-28 19:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-28 19:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-28 19:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-28 19:41 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-28 19:41 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-28 19:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-28 19:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-28 19:41 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-28 19:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-28 19:41 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-28 19:41 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-28 19:41 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-28 19:41 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-28 19:41 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-28 19:41 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-28 19:41 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-28 19:40 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-28 19:40 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-28 19:40 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-28 19:40 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-28 19:40 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-28 19:40 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-28 19:40 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-28 19:40 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-28 19:40 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-28 19:40 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-28 19:40 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-28 19:40 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-28 19:40 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-28 19:40 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-28 19:40 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-28 19:40 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-28 19:40 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-28 19:40 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-28 19:40 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-28 19:40 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-28 19:40 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-28 19:40 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-28 19:40 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-28 19:40 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-28 19:40 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-28 19:40 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-28 19:40 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-28 19:40 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-28 19:40 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-28 19:40 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-28 19:40 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-28 19:40 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-28 19:40 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-28 19:40 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-28 19:40 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-28 19:38 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-28 19:38 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-28 19:38 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-28 19:38 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-28 16:22 - 2014-10-30 15:08 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-10-28 16:21 - 2014-11-01 13:56 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\Adobe
2014-10-28 14:50 - 2014-10-28 14:50 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 14:50 - 2014-10-28 14:50 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-28 14:50 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-28 14:50 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-28 14:39 - 2014-11-11 16:55 - 00000000 __SHD () C:\ProgramData\Windows Update Service0
2014-10-16 16:01 - 2014-10-16 16:00 - 00608737 _____ () C:\Users\purzelchen\Desktop\shadowrunchartab.jpeg
2014-10-16 09:59 - 2014-10-16 10:06 - 00000000 ____D () C:\Users\purzelchen\Desktop\adn
2014-10-16 09:59 - 2014-10-16 09:59 - 00000000 ____D () C:\Users\purzelchen\Desktop\Neuer Ordner
2014-10-15 23:44 - 2014-10-15 23:44 - 00001608 _____ () C:\Windows\DCEBOOT.RST
2014-10-15 23:44 - 2014-10-15 23:44 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-10-15 23:40 - 2014-10-15 23:41 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2014-10-15 23:40 - 2014-10-15 23:41 - 00025136 _____ (Trend Micro Inc.) C:\Windows\DCEBoot64.exe
2014-10-15 18:08 - 2014-11-10 00:46 - 00232154 _____ () C:\Users\purzelchen\AppData\Local\census.cache
2014-10-15 18:08 - 2014-11-10 00:46 - 00095598 _____ () C:\Users\purzelchen\AppData\Local\ars.cache
2014-10-15 17:55 - 2014-10-15 17:55 - 00000036 _____ () C:\Users\purzelchen\AppData\Local\housecall.guid.cache
2014-10-15 11:12 - 2014-10-15 11:12 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\dvdcss
2014-10-13 22:07 - 2014-10-13 22:07 - 00292848 _____ () C:\Windows\Minidump\101314-27190-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 19:52 - 2013-10-29 21:13 - 00000443 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-12 19:51 - 2013-11-19 10:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 19:51 - 2013-10-01 22:48 - 00209020 _____ () C:\Windows\PFRO.log
2014-11-12 19:51 - 2013-10-01 17:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-12 19:51 - 2013-10-01 14:02 - 01078696 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 19:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 19:51 - 2009-07-14 05:51 - 00156885 _____ () C:\Windows\setupact.log
2014-11-12 19:51 - 2009-07-14 05:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 19:51 - 2009-07-14 05:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 19:37 - 2014-08-21 18:01 - 00000000 ____D () C:\Users\purzelchen\Desktop\kitty
2014-11-12 19:22 - 2013-11-19 10:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 16:10 - 2009-07-14 18:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-11-12 16:10 - 2009-07-14 18:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-11-12 16:10 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 17:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-11 17:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-11 17:07 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2014-11-11 12:40 - 2013-10-29 21:04 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\CrashDumps
2014-11-10 14:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-10 14:21 - 2013-10-01 14:20 - 00000000 ____D () C:\Users\purzelchen
2014-11-09 14:52 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\purzelchen\Documents\UseNeXT
2014-11-09 14:48 - 2013-10-01 18:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 14:45 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\UseNeXT
2014-11-09 14:22 - 2014-08-23 10:41 - 00000000 ____D () C:\Users\purzelchen\Downloads\Musik
2014-11-02 12:19 - 2014-08-25 12:01 - 00000000 ____D () C:\Users\purzelchen\Desktop\whg
2014-11-02 12:14 - 2014-09-09 15:34 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-01 13:47 - 2013-10-01 18:03 - 00001309 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-11-01 13:47 - 2013-10-01 17:33 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-01 13:47 - 2013-10-01 17:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-01 13:46 - 2013-10-25 15:23 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\NVIDIA
2014-11-01 13:46 - 2013-10-01 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-01 13:46 - 2013-10-01 17:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-01 13:46 - 2011-11-20 15:48 - 00000000 ____D () C:\temp
2014-11-01 13:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-10-28 22:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-28 20:17 - 2009-07-14 05:45 - 00297624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 20:16 - 2014-06-24 16:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-28 19:44 - 2013-10-01 22:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-28 19:42 - 2013-10-01 22:32 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-27 22:23 - 2013-11-19 10:09 - 00002137 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-22 16:49 - 2014-08-19 13:06 - 00000000 ____D () C:\Users\purzelchen\Desktop\Paul
2014-10-21 20:17 - 2013-11-19 10:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 20:17 - 2013-11-19 10:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 09:49 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 17:54 - 2013-10-01 17:33 - 00072904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-16 17:54 - 2013-10-01 17:33 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-15 11:13 - 2014-09-09 19:14 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\vlc
2014-10-14 22:23 - 2014-09-11 09:53 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\QuickPar
2014-10-13 22:07 - 2013-10-14 14:05 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\purzelchen\AppData\Local\Temp\Quarantine.exe
C:\Users\purzelchen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-25 23:59

==================== End Of Log ============================
--- --- ---
Alt 13.11.2014, 16:55   #9
schrauber
/// the machine
/// TB-Ausbilder
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.11.2014, 15:54   #10
Deadfly
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Das einzige "Problem" ist, das ich in den Prozessen die conhost.exe noch sehe. Werde Deine Anweisungen hier bis morgen ausführen und dann alles posten und herzlichen Dank für Deine Hilfe.

Hier die gewünschten Log`s

Eset:

Code:
ATTFilter
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir	Variante von Win64/Systweak.A evtl. unerwünschte Anwendung
C:\Qoobox\Quarantine\C\Users\purzelchen\AppData\Roaming\UseServe.exe.vir	Win32/Ainslot.AA Wurm
C:\TDSSKiller_Quarantine\11.11.2014_16.52.28\uds0000\file0000\tsk0000.dta	Variante von Win32/Injector.BOLD Trojaner
C:\TDSSKiller_Quarantine\11.11.2014_16.52.28\uds0001\file0000\tsk0000.dta	Variante von Win32/Injector.BOLD Trojaner
C:\Users\purzelchen\Downloads\setup (2).exe	Win32/Systweak.K evtl. unerwünschte Anwendung
C:\Users\purzelchen\Downloads\Musik\ARCHOS 70B EREADER user guide provided through pdfretriever.com(2).exe	Variante von Win32/GetNow.B evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]	Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].004	Variante von Win32/Wajam.G evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\wajam_update[1].004	Variante von Win32/Wajam.G evtl. unerwünschte Anwendung
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]	Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].004	Variante von Win32/Wajam.G evtl. unerwünschte Anwendung
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\wajam_update[1].004	Variante von Win32/Wajam.G evtl. unerwünschte Anwendung
E:\down+\DLG_free-driver-scout_chip_de-DE.exe	Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung
E:\down+\Firefox_Setup.exe	Win32/InstallCore.DF evtl. unerwünschte Anwendung
E:\down+\installer_pou_para_pc_1_4_1_Deutsch.exe	Variante von Win32/Vittalia.J evtl. unerwünschte Anwendung
E:\Neuer Ordner\Documents\DTLite4481-0347.exe	Win32/DownWare.L evtl. unerwünschte Anwendung
SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 15.0.0.223  
 Mozilla Firefox (33.0.3) 
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
und ein frisches FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by purzelchen (administrator) on PURZELCHEN-PC on 14-11-2014 15:49:49
Running from C:\Users\purzelchen\Downloads
Loaded Profile: purzelchen (Available profiles: purzelchen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4285952 2011-06-19] (Sentelic Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [RoccatKone+] => C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [552960 2011-07-12] (ROCCAT GmbH)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x35D63A38C2BECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-432217040-4276816697-2371958446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = 
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\purzelchen\AppData\Roaming\Mozilla\Firefox\Profiles\u1lkanrv.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_cr_sp_adppi15"
CHR DefaultSearchURL: Default -> hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-de-cr-21&tbrId=v1_abb-channel-23_8d4915d1c479416bb8e9f950e100cfd4_39_1006_20140614_DE_cr_ds_adppi15&query={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}&output=chrome
CHR Profile: C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (Google Wallet) - C:\Users\purzelchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-30] (Atheros Commnucations) [File not signed]
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-09-30] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-15] (Disc Soft Ltd)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2014-05-18] (Huawei Technologies Co., Ltd.) [File not signed]
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-19] (Fresco Logic)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [53760 2011-06-19] (Windows (R) Win 7 DDK provider)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2014-05-18] (Huawei Technologies Co., Ltd.) [File not signed]
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ALSysIO; \??\C:\Users\PURZEL~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 15:49 - 2014-11-14 15:49 - 00000000 ____D () C:\Users\purzelchen\Downloads\FRST-OlderVersion
2014-11-14 15:46 - 2014-11-14 15:46 - 00854448 _____ () C:\Users\purzelchen\Downloads\SecurityCheck (2).exe
2014-11-14 15:37 - 2014-11-14 15:37 - 00002253 _____ () C:\Users\purzelchen\Desktop\Eset.txt
2014-11-14 14:13 - 2014-11-14 14:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-14 14:09 - 2014-11-14 14:09 - 02347384 _____ (ESET) C:\Users\purzelchen\Downloads\esetsmartinstaller_deu.exe
2014-11-14 14:09 - 2014-11-14 14:09 - 00854448 _____ () C:\Users\purzelchen\Downloads\SecurityCheck.exe
2014-11-14 14:09 - 2014-11-14 14:09 - 00854448 _____ () C:\Users\purzelchen\Downloads\SecurityCheck (1).exe
2014-11-13 14:53 - 2014-11-13 14:54 - 00082315 _____ () C:\Users\purzelchen\Desktop\Bewerbung Paul Oltmanns.odt
2014-11-12 19:57 - 2014-11-12 19:57 - 00000838 _____ () C:\Users\purzelchen\Documents\JRT.txt
2014-11-12 19:57 - 2014-11-12 19:57 - 00000838 _____ () C:\Users\purzelchen\Desktop\JRT.txt
2014-11-12 19:54 - 2014-11-12 19:54 - 00000000 ____D () C:\Windows\ERUNT
2014-11-12 19:53 - 2014-11-12 19:36 - 01706808 _____ (Thisisu) C:\Users\purzelchen\Desktop\JRT.exe
2014-11-12 19:52 - 2014-11-12 19:52 - 00009504 _____ () C:\Users\purzelchen\Documents\AdwCleaner[S0].txt
2014-11-12 19:50 - 2014-11-12 19:51 - 00000000 ___DC () C:\AdwCleaner
2014-11-12 19:44 - 2014-11-12 19:44 - 00030927 ____C () C:\mbam.txt
2014-11-12 19:37 - 2014-11-14 15:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 19:36 - 2014-11-12 19:36 - 01706808 _____ (Thisisu) C:\Users\purzelchen\Downloads\JRT.exe
2014-11-12 19:36 - 2014-11-12 19:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-12 19:36 - 2014-11-12 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-12 19:36 - 2014-11-12 19:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-12 19:36 - 2014-11-12 19:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-12 19:36 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 19:36 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 19:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 19:35 - 2014-11-12 19:35 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\purzelchen\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-12 19:35 - 2014-11-12 19:35 - 02140160 _____ () C:\Users\purzelchen\Desktop\AdwCleaner_4.101.exe
2014-11-11 17:09 - 2014-11-11 17:09 - 00017133 ____C () C:\ComboFix.txt
2014-11-11 17:00 - 2014-11-11 17:09 - 00000000 ___DC () C:\Qoobox
2014-11-11 17:00 - 2014-11-11 17:09 - 00000000 ____D () C:\Windows\erdnt
2014-11-11 17:00 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-11 17:00 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-11 17:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-11 17:00 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-11 16:54 - 2014-11-11 16:54 - 00000000 ___DC () C:\TDSSKiller_Quarantine
2014-11-11 16:51 - 2014-11-11 16:51 - 05598118 ____R (Swearware) C:\Users\purzelchen\Desktop\ComboFix.exe
2014-11-10 15:06 - 2014-11-10 15:06 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\purzelchen\Downloads\tdsskiller.exe
2014-11-10 14:59 - 2014-11-10 14:59 - 00001226 _____ () C:\Users\purzelchen\Desktop\Revo Uninstaller.lnk
2014-11-10 14:59 - 2014-11-10 14:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-10 14:58 - 2014-11-10 14:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\purzelchen\Downloads\revosetup95.exe
2014-11-10 14:30 - 2014-11-10 14:30 - 00039525 _____ () C:\Users\purzelchen\Downloads\deadfly-GMER.log
2014-11-10 14:23 - 2014-11-10 14:54 - 00028924 _____ () C:\Users\purzelchen\Downloads\Addition.txt
2014-11-10 14:22 - 2014-11-14 15:49 - 00012502 _____ () C:\Users\purzelchen\Downloads\FRST.txt
2014-11-10 14:22 - 2014-11-14 15:49 - 00000000 ___DC () C:\FRST
2014-11-10 14:21 - 2014-11-10 14:21 - 00000482 _____ () C:\Users\purzelchen\Downloads\defogger_disable.log
2014-11-10 14:21 - 2014-11-10 14:21 - 00000000 _____ () C:\Users\purzelchen\defogger_reenable
2014-11-10 14:15 - 2014-11-10 14:15 - 00380416 _____ () C:\Users\purzelchen\Downloads\rv3wvh5j.exe
2014-11-10 14:15 - 2014-11-10 14:15 - 00050477 _____ () C:\Users\purzelchen\Downloads\Defogger.exe
2014-11-10 14:14 - 2014-11-14 15:49 - 02116608 ____C (Farbar) C:\Users\purzelchen\Downloads\FRST64.exe
2014-11-09 15:07 - 2011-06-21 05:09 - 00200976 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2014-11-09 15:06 - 2014-11-09 15:06 - 03437368 _____ (tuneuppro.com ) C:\Users\purzelchen\Downloads\setup (2).exe
2014-11-09 15:06 - 2014-11-09 15:06 - 02002376 _____ (Trend Micro Inc.) C:\Users\purzelchen\Downloads\HousecallLauncher.exe
2014-11-02 12:16 - 2014-11-02 12:16 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\TrojanHunter
2014-11-02 10:23 - 2014-11-02 12:26 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2014-11-02 10:23 - 2014-11-02 10:23 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-11-02 10:23 - 2014-11-02 10:23 - 00001047 _____ () C:\Users\purzelchen\Desktop\TrojanHunter.lnk
2014-11-02 10:23 - 2014-11-02 10:23 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-11-02 10:23 - 2014-11-02 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2014-11-01 13:47 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-01 13:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-01 13:46 - 2014-11-01 13:47 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\NVIDIA Corporation
2014-11-01 13:46 - 2014-11-01 13:46 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-01 13:46 - 2014-10-16 17:54 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-01 13:46 - 2014-10-16 17:54 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-01 13:46 - 2014-10-16 17:54 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-01 13:46 - 2014-10-16 17:54 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-01 13:46 - 2014-10-16 13:27 - 00614544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-01 13:45 - 2014-10-16 15:11 - 06883136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 00933064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-01 13:45 - 2014-10-16 15:11 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-01 13:45 - 2014-10-16 15:11 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-01 13:45 - 2014-10-15 01:48 - 04047877 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-01 13:44 - 2014-10-16 17:54 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 24555840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 20968040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 18499648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 17260864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 13190288 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-01 13:44 - 2014-10-16 17:54 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00962376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00931984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00921928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00895176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-01 13:44 - 2014-10-16 17:54 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-01 13:44 - 2014-10-16 17:54 - 00034976 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-01 13:44 - 2014-10-16 17:54 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-11-01 13:42 - 2014-11-01 13:43 - 306270552 _____ (NVIDIA Corporation) C:\Users\purzelchen\Downloads\344.48-notebook-win8-win7-64bit-international-whql.exe
2014-10-30 20:40 - 2014-10-30 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-30 20:40 - 2014-10-30 20:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-30 15:17 - 2014-11-14 15:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 15:17 - 2014-11-13 16:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 15:17 - 2014-11-13 16:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-30 15:17 - 2014-11-13 16:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-30 15:17 - 2014-10-30 15:17 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-29 19:23 - 2014-11-12 16:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-29 19:23 - 2014-10-30 20:40 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-29 19:23 - 2014-10-30 20:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-29 19:23 - 2014-10-29 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-28 19:41 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-28 19:41 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-28 19:41 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-28 19:41 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-28 19:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-28 19:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-28 19:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-28 19:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-28 19:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-28 19:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-28 19:41 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-28 19:41 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-28 19:41 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-28 19:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-28 19:41 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-28 19:41 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-28 19:41 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-28 19:41 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-28 19:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-28 19:41 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-28 19:41 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-28 19:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-28 19:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-28 19:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-28 19:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-28 19:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-28 19:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-28 19:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-28 19:41 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-28 19:41 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-28 19:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-28 19:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-28 19:41 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-28 19:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-28 19:41 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-28 19:41 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-28 19:41 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-28 19:41 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-28 19:41 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-28 19:41 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-28 19:41 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-28 19:41 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-28 19:40 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-28 19:40 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-28 19:40 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-28 19:40 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-28 19:40 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-28 19:40 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-28 19:40 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-28 19:40 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-28 19:40 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-28 19:40 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-28 19:40 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-28 19:40 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-28 19:40 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-28 19:40 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-28 19:40 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-28 19:40 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-28 19:40 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-28 19:40 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-28 19:40 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-28 19:40 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-28 19:40 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-28 19:40 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-28 19:40 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-28 19:40 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-28 19:40 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-28 19:40 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-28 19:40 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-28 19:40 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-28 19:40 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-28 19:40 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-28 19:40 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-28 19:40 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-28 19:40 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-28 19:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-28 19:40 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-28 19:40 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-28 19:40 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-28 19:40 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-28 19:38 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-28 19:38 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-28 19:38 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-28 19:38 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-28 16:22 - 2014-10-30 15:08 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-10-28 16:21 - 2014-11-01 13:56 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\Adobe
2014-10-28 14:50 - 2014-10-28 14:50 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 14:50 - 2014-10-28 14:50 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-28 14:50 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-28 14:50 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-28 14:39 - 2014-11-11 16:55 - 00000000 __SHD () C:\ProgramData\Windows Update Service0
2014-10-16 16:01 - 2014-10-16 16:00 - 00608737 _____ () C:\Users\purzelchen\Desktop\shadowrunchartab.jpeg
2014-10-16 09:59 - 2014-10-16 10:06 - 00000000 ____D () C:\Users\purzelchen\Desktop\adn
2014-10-16 09:59 - 2014-10-16 09:59 - 00000000 ____D () C:\Users\purzelchen\Desktop\Neuer Ordner
2014-10-15 23:44 - 2014-10-15 23:44 - 00001608 _____ () C:\Windows\DCEBOOT.RST
2014-10-15 23:44 - 2014-10-15 23:44 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-10-15 23:40 - 2014-10-15 23:41 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2014-10-15 23:40 - 2014-10-15 23:41 - 00025136 _____ (Trend Micro Inc.) C:\Windows\DCEBoot64.exe
2014-10-15 18:08 - 2014-11-10 00:46 - 00232154 _____ () C:\Users\purzelchen\AppData\Local\census.cache
2014-10-15 18:08 - 2014-11-10 00:46 - 00095598 _____ () C:\Users\purzelchen\AppData\Local\ars.cache
2014-10-15 17:55 - 2014-10-15 17:55 - 00000036 _____ () C:\Users\purzelchen\AppData\Local\housecall.guid.cache
2014-10-15 11:12 - 2014-10-15 11:12 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\dvdcss

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 15:28 - 2013-11-19 10:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 13:02 - 2013-10-01 14:02 - 01134114 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 12:52 - 2009-07-14 05:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 12:52 - 2009-07-14 05:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 12:51 - 2009-07-14 18:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 12:51 - 2009-07-14 18:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 12:51 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 12:45 - 2013-11-19 10:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 12:45 - 2013-10-29 21:13 - 00000443 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-14 12:45 - 2013-10-01 17:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-14 12:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 12:45 - 2009-07-14 05:51 - 00157557 _____ () C:\Windows\setupact.log
2014-11-13 01:50 - 2014-08-19 13:06 - 00000000 ____D () C:\Users\purzelchen\Desktop\Paul
2014-11-12 23:23 - 2013-11-19 10:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 23:23 - 2013-11-19 10:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 19:51 - 2013-10-01 22:48 - 00209020 _____ () C:\Windows\PFRO.log
2014-11-12 19:37 - 2014-08-21 18:01 - 00000000 ____D () C:\Users\purzelchen\Desktop\kitty
2014-11-11 17:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-11 17:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-11 17:07 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2014-11-11 12:40 - 2013-10-29 21:04 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\CrashDumps
2014-11-10 14:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-10 14:21 - 2013-10-01 14:20 - 00000000 ____D () C:\Users\purzelchen
2014-11-09 14:52 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\purzelchen\Documents\UseNeXT
2014-11-09 14:48 - 2013-10-01 18:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 14:45 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\UseNeXT
2014-11-09 14:22 - 2014-08-23 10:41 - 00000000 ____D () C:\Users\purzelchen\Downloads\Musik
2014-11-02 12:19 - 2014-08-25 12:01 - 00000000 ____D () C:\Users\purzelchen\Desktop\whg
2014-11-02 12:14 - 2014-09-09 15:34 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-01 13:47 - 2013-10-01 18:03 - 00001309 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-11-01 13:47 - 2013-10-01 17:33 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-01 13:47 - 2013-10-01 17:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-01 13:46 - 2013-10-25 15:23 - 00000000 ____D () C:\Users\purzelchen\AppData\Local\NVIDIA
2014-11-01 13:46 - 2013-10-01 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-01 13:46 - 2013-10-01 17:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-01 13:46 - 2011-11-20 15:48 - 00000000 ____D () C:\temp
2014-11-01 13:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-10-28 22:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-28 20:17 - 2009-07-14 05:45 - 00297624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 20:16 - 2014-06-24 16:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-28 19:44 - 2013-10-01 22:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-28 19:42 - 2013-10-01 22:32 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-27 22:23 - 2013-11-19 10:09 - 00002137 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-19 09:49 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 17:54 - 2013-10-01 17:33 - 00072904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-16 17:54 - 2013-10-01 17:33 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-15 11:13 - 2014-09-09 19:14 - 00000000 ____D () C:\Users\purzelchen\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\purzelchen\AppData\Local\Temp\Checkupdate.exe
C:\Users\purzelchen\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\purzelchen\AppData\Local\Temp\gcapi_dll.dll
C:\Users\purzelchen\AppData\Local\Temp\gtapi_signed.dll
C:\Users\purzelchen\AppData\Local\Temp\Quarantine.exe
C:\Users\purzelchen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-25 23:59

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 15.11.2014, 12:08   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Zitat:
Das einzige "Problem" ist, das ich in den Prozessen die conhost.exe noch sehe
Und was is daran das Problem? Das ist ein legitimer WIndows Prozess


Sieht gut aus, berichte mal wie der REchner sonst läuft.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.11.2014, 20:44   #12
Deadfly
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Super. Der Rechner läuft Prima und zum Schutz teste ich gerade mal Kapersky an, wenn ich damit klar kommen, dann wird auch darin investiert. Ich danke Dir vielmals für die Hilfe

Alt 16.11.2014, 17:47   #13
schrauber
/// the machine
/// TB-Ausbilder
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.11.2014, 16:51   #14
Deadfly
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


So erst einmal noch ein ganz herzliches Danke schön, die letzten Anweisungen sind ausgeführt und alles klappt Prima.



Der Thread kann geschlossen werden

Alt 18.11.2014, 10:26   #15
schrauber
/// the machine
/// TB-Ausbilder
 
Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Standard

Win7 mehrfache conhost.exe + cmd.exe + reg.exe


Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7 mehrfache conhost.exe + cmd.exe + reg.exe
bluestacks, browserprotect entfernen, bueno chrome toolbar entfernen, buenosearch toolbar entfernen, extended update entfernen, fehlercode 0x5, fehlercode 0x80000003, fehlercode 0xe0434f4d, fehlercode 22, fehlercode 24, fehlercode windows, file extractor entfernen, montiera, newtab, pup.optional.amazontb.a, pup.optional.babylon.a, pup.optional.bonanzadeals.a, pup.optional.buenosearch.a, pup.optional.eazelbar.a, pup.optional.getnow.a, pup.optional.myscrapnook.a, pup.optional.qone8, pup.optional.qvo6.a, pup.optional.vbates, pup.optional.vbateshelper.a, pup.optional.wajam.a, teredo, this device cannot start. (code10), this device is disabled. (code 22)


« Falsche Telekom Rechnung geöffnet und Zip Datei gestartet | Windows 7 SP 1 Malware endgültig entfernen »


Ähnliche Themen: Win7 mehrfache conhost.exe + cmd.exe + reg.exe


  1. Mehrfache rundll32.exe, Probleme mit Internetzugriff
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (18)
  2. Browser Funktionieren nicht, Mehrfache Prozesse, Grafikfehler und Abstürze
    Log-Analyse und Auswertung - 11.12.2014 (29)
  3. explorer.exe virus, mehrfache ausführung
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (3)
  4. viele conhost.exe im Taskmanager
    Plagegeister aller Art und deren Bekämpfung - 30.08.2014 (18)
  5. Conhost.EXE startet permanent neu
    Plagegeister aller Art und deren Bekämpfung - 28.08.2014 (5)
  6. conhost.exe startet und beendet sich mehrfach alle paar Sekunden in der Prozessliste (win7-64bit)
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (9)
  7. [3x Conhost?] Ständig laufen 3 Conhost.exe -Anwendungen
    Log-Analyse und Auswertung - 17.06.2014 (7)
  8. conhost.exe ohne Benutzername/Beschreibung
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (1)
  9. Unbekannter Prozess conhost.exe
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (15)
  10. c:\Windows\System32\conhost.exe erzeugt 99% GPU-Last
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  11. Mehrfache Viren und Trojaner (PUP. / Trojan. )
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (7)
  12. 3 laufende conhost.exe-Prozesse
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (26)
  13. (2x) conhost.exe läuft doppelt
    Mülltonne - 24.06.2012 (1)
  14. csrss.exe , dwm.exe , conhost.exe
    Log-Analyse und Auswertung - 05.05.2011 (2)
  15. conhost.exe (Crypt.XPACK.Gen)
    Plagegeister aller Art und deren Bekämpfung - 18.02.2011 (28)
  16. Mehrfache Trojaner eingefangen, über Firefox.
    Plagegeister aller Art und deren Bekämpfung - 05.11.2009 (13)
  17. mehrfache iexplor.exe in den prozessen
    Log-Analyse und Auswertung - 18.05.2009 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7 mehrfache conhost.exe + cmd.exe + reg.exe - Moin und hallo erstmal Seit kurzem hat mein PC folgende Probleme: Nach dem start habe ich mehrfach conhost.exe, cmd.exe und reg.exe im Taskmanager. Auch wenn ich zB Chrome starte, erscheint - Win7 mehrfache conhost.exe + cmd.exe + reg.exe...
Archiv
Du betrachtest: Win7 mehrfache conhost.exe + cmd.exe + reg.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19