Windows 7: Tcp Verbindungen (System Process) vielleicht Malware?

sill · 20.03.2015, 01:17

Hallo liebes Trojaner-Board Team,

irgendwie traue ich meinem System nicht so, da auch mein Bruder vor einigen Tagen sich infiziert hat, würde ich gerne mein System überprüfen. Unsere PCs sind im Netzwerk miteinander verbunden.

Screenshot TcpView.exe :

defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:37 on 20/03/2015 (Waldi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-

FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Waldi (administrator) on WALDI-PC on 20-03-2015 00:44:30
Running from C:\Users\Waldi\Desktop
Loaded Profiles: Waldi (Available profiles: Waldi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Beepa P/L) J:\Program Files\Fraps\fraps.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(REALiX) C:\Program Files\HWiNFO64\HWiNFO64.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Beepa P/L) J:\Program Files\Fraps\fraps64.dat
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\...\MountPoints2: {00ba8107-a76e-11e2-a4cb-902b3450573b} - H:\pushinst.exe
Startup: C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HWiNFO64.EXE.lnk
ShortcutTarget: HWiNFO64.EXE.lnk -> C:\Program Files\HWiNFO64\HWiNFO64.EXE (REALiX)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP62698F15-1543-4F58-A1BA-C0DD59DB70FF&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-17] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default
FF SearchEngineOrder.3: Bing 
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> J:\Spiele\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-09-23] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2863928453-3540503222-4138622775-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2863928453-3540503222-4138622775-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Extension: Battlefield Heroes Updater - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\battlefieldheroespatcher@ea.com [2014-10-20]
FF Extension: Battlefield Play4Free - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\battlefieldplay4free@ea.com [2014-10-20]
FF Extension: 360网页保护 - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\webshield@360safe.com [2014-12-12]
FF Extension: ProxTube - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\ich@maltegoetz.de.xpi [2014-09-14]
FF Extension: X-Forwarded-For Header - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi [2014-07-19]
FF Extension: NoSquint - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\nosquint@urandom.ca.xpi [2013-12-11]
FF Extension: Session Manager - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-06-04]
FF Extension: YouTube High Definition - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-21]
FF Extension: Adblock Plus - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-29]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Waldi\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-10-31] (Kingsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-01-02] (EasyAntiCheat Ltd)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-02-06] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-05] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-13] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2013-05-19] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [130536 2011-11-03] (ASMedia Technology Inc) [File not signed]
R3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-12] (Disc Soft Ltd)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-02-16] (<Turtle Entertainment>)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-23] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-02-06] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [26528 2014-12-01] (REALiX(tm))
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4221440 2014-01-25] (Intel Corporation) [File not signed]
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-10-31] (Kingsoft Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S1 atitray; \??\C:\Program Files (x86)\ATI Tray Tools\atitray64.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 cpuz136; \??\C:\Users\Waldi\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Users\Waldi\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 DRIVER_B; \??\C:\Windows\system32\Drivers\DRIVER_BIN64 [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 00:44 - 2015-03-20 00:44 - 00023166 _____ () C:\Users\Waldi\Desktop\FRST.txt
2015-03-20 00:43 - 2015-03-20 00:44 - 00000000 ____D () C:\FRST
2015-03-20 00:41 - 2015-03-20 00:41 - 02095616 _____ (Farbar) C:\Users\Waldi\Desktop\FRST64.exe
2015-03-20 00:37 - 2015-03-20 00:37 - 00050477 _____ () C:\Users\Waldi\Desktop\Defogger.exe
2015-03-20 00:37 - 2015-03-20 00:37 - 00000542 _____ () C:\Users\Waldi\Desktop\defogger_disable.log
2015-03-20 00:37 - 2015-03-20 00:37 - 00000168 _____ () C:\Users\Waldi\defogger_reenable
2015-03-19 17:25 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-19 17:21 - 2015-03-19 17:21 - 00000000 ____D () C:\Users\Waldi\ncftp
2015-03-16 13:32 - 2015-03-16 13:32 - 00000460 __RSH () C:\ProgramData\ntuser.pol
2015-03-15 11:05 - 2015-03-20 00:39 - 00001904 _____ () C:\Windows\setupact.log
2015-03-15 11:05 - 2015-03-15 11:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-14 03:22 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-14 03:22 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-14 03:22 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-14 03:22 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-14 03:22 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-14 03:22 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-14 03:22 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-14 03:22 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-14 03:22 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-14 03:22 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-14 03:22 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-14 03:22 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-14 03:22 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-14 03:22 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-14 03:22 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-14 03:22 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-14 03:22 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-14 03:22 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-14 03:22 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-14 03:22 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-14 03:22 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-14 03:22 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-14 03:22 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-14 03:22 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-14 03:21 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-14 03:21 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-14 03:21 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-14 03:21 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-14 03:21 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-14 03:21 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-14 03:21 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-14 03:21 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-14 03:21 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-14 03:21 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-14 03:21 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-14 03:21 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-14 03:21 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-14 03:21 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-14 03:21 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-14 03:21 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-14 03:21 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-14 03:21 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-14 03:21 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-14 03:21 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-14 03:21 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-14 03:21 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-14 03:21 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-14 03:21 - 2015-02-03 04:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-14 03:21 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-14 03:21 - 2015-02-03 04:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-14 03:21 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-14 03:21 - 2015-01-31 04:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-14 03:21 - 2015-01-31 04:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-14 03:21 - 2015-01-31 04:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-14 03:21 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-14 03:21 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-14 03:21 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-14 03:20 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-14 03:20 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-14 03:20 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-14 03:20 - 2015-02-04 04:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-14 03:20 - 2015-02-04 03:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-14 03:20 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-14 03:20 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-14 02:22 - 2015-03-14 02:22 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Windows Performance Analyzer
2015-03-14 00:40 - 2015-03-14 00:41 - 00005465 _____ () C:\Users\Waldi\Desktop\schoof.txt
2015-03-13 17:40 - 2015-03-20 00:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-13 17:40 - 2015-03-13 17:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 17:40 - 2015-03-13 17:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 17:40 - 2015-03-13 17:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-08 13:40 - 2015-03-14 11:35 - 00327488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-08 04:54 - 2015-03-08 04:54 - 00062800 _____ () C:\Users\Waldi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-06 03:16 - 2015-03-12 17:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-04 00:30 - 2015-03-04 00:30 - 00000000 ____D () C:\Users\Waldi\Tracing
2015-03-01 19:05 - 2015-03-01 19:06 - 00000655 _____ () C:\Users\Waldi\Desktop\Verkauf hwluxx.txt
2015-02-27 13:16 - 2015-02-27 13:37 - 00000000 ____D () C:\Users\TEMP
2015-02-27 09:51 - 2015-02-27 09:51 - 00000222 _____ () C:\Users\Waldi\Desktop\Arma 3.url
2015-02-19 12:20 - 2015-02-19 12:20 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Steam
2015-02-18 18:52 - 2015-02-18 18:52 - 00001327 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio 15.lnk
2015-02-18 18:52 - 2015-02-18 18:52 - 00000000 ____D () C:\ProgramData\ashampoo
2015-02-18 18:51 - 2015-02-18 18:51 - 00000000 ____D () C:\Program Files (x86)\Ashampoo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 00:43 - 2009-07-14 18:58 - 21495282 _____ () C:\Windows\system32\perfh007.dat
2015-03-20 00:43 - 2009-07-14 18:58 - 06735244 _____ () C:\Windows\system32\perfc007.dat
2015-03-20 00:43 - 2009-07-14 06:13 - 00006486 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 00:40 - 2015-02-09 14:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-20 00:39 - 2012-10-14 17:11 - 00003166 _____ () C:\Windows\System32\Tasks\FRAPS
2015-03-20 00:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 00:38 - 2014-07-02 16:32 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-03-20 00:38 - 2013-06-09 02:43 - 00000029 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Usage.ini
2015-03-20 00:37 - 2012-10-14 15:31 - 00000000 ____D () C:\Users\Waldi
2015-03-20 00:26 - 2013-06-03 18:49 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0
2015-03-19 23:38 - 2009-07-14 05:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 23:38 - 2009-07-14 05:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 23:30 - 2012-10-15 19:07 - 00000000 ____D () C:\ProgramData\Origin
2015-03-19 15:22 - 2014-08-02 11:52 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Orbmu2k
2015-03-19 15:02 - 2012-10-17 15:28 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-03-19 10:46 - 2014-10-20 06:18 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\vlc
2015-03-19 08:32 - 2012-12-08 15:22 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Skype
2015-03-19 08:28 - 2012-10-30 21:42 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\HLSW
2015-03-19 01:46 - 2014-11-22 22:57 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\dvdcss
2015-03-19 01:46 - 2012-11-17 20:23 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\DAEMON Tools Lite
2015-03-18 22:05 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-18 17:13 - 2015-02-06 11:58 - 00000000 ____D () C:\Windows\CryptoGuard
2015-03-17 22:04 - 2012-11-17 16:14 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\TS3Client
2015-03-17 13:58 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 12:43 - 2013-06-09 02:45 - 00000884 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Settings.ini
2015-03-15 01:09 - 2014-03-03 12:24 - 00000000 ____D () C:\Windows\Minidump
2015-03-14 14:37 - 2014-11-18 15:46 - 00000000 ____D () C:\Windows\rescache
2015-03-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-14 03:30 - 2013-03-18 11:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 03:27 - 2013-12-30 23:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 00:08 - 2012-10-28 20:24 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-13 17:40 - 2014-10-15 22:37 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Adobe
2015-03-09 04:04 - 2014-07-23 12:45 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-03-06 00:38 - 2013-04-21 21:51 - 00000000 ____D () C:\Users\Waldi\AppData\Local\ESL Wire Game Client
2015-03-05 03:09 - 2012-12-28 23:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-04 01:36 - 2012-10-15 19:48 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-04 00:32 - 2013-03-10 17:08 - 00000000 ____D () C:\Program Files (x86)\DAoC Portal
2015-03-04 00:25 - 2012-12-08 15:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-04 00:25 - 2012-12-08 15:22 - 00000000 ____D () C:\ProgramData\Skype
2015-02-26 21:14 - 2012-10-14 16:20 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-24 04:17 - 2012-10-14 15:48 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-24 00:31 - 2015-02-09 14:20 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Panda Security
2015-02-24 00:31 - 2015-02-09 14:20 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-24 00:31 - 2015-02-09 14:20 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-23 18:28 - 2014-12-25 14:59 - 00000000 ____D () C:\ProgramData\Cakewalk
2015-02-22 23:43 - 2012-11-12 20:36 - 00007658 _____ () C:\Users\Waldi\AppData\Local\Resmon.ResmonCfg
2015-02-20 07:30 - 2013-05-23 09:34 - 00000021 _____ () C:\Users\Waldi\AppData\Roaming\config_data.dat
2015-02-18 18:52 - 2012-10-28 13:00 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Ashampoo
2015-02-18 18:52 - 2012-10-28 13:00 - 00000000 ____D () C:\Users\Waldi\AppData\Local\ashampoo

==================== Files in the root of some directories =======

2013-05-23 09:34 - 2015-02-20 07:30 - 0000021 _____ () C:\Users\Waldi\AppData\Roaming\config_data.dat
2013-06-09 14:56 - 2013-06-09 14:59 - 0000839 _____ () C:\Users\Waldi\AppData\Roaming\Drives Meter_Settings.ini
2013-06-09 14:52 - 2013-06-09 14:52 - 0000458 _____ () C:\Users\Waldi\AppData\Roaming\Drives Monitor_Settings.ini
2013-06-09 02:45 - 2015-03-16 12:43 - 0000884 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Settings.ini
2013-06-09 02:43 - 2015-03-20 00:38 - 0000029 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Usage.ini
2013-09-19 13:58 - 2013-09-19 13:58 - 0225280 _____ (Propellerhead Software AB) C:\Users\Waldi\AppData\Roaming\Rewire.dll
2013-09-19 13:58 - 2013-09-19 13:58 - 0233472 _____ (Propellerhead Software AB) C:\Users\Waldi\AppData\Roaming\REX Shared Library.dll
2014-06-27 10:24 - 2014-06-27 10:24 - 0000000 ___SH () C:\Users\Waldi\AppData\Local\LumaEmu
2012-11-12 20:36 - 2015-02-22 23:43 - 0007658 _____ () C:\Users\Waldi\AppData\Local\Resmon.ResmonCfg
2015-02-09 14:01 - 2015-02-09 14:01 - 0266614 _____ () C:\ProgramData\1423486835.bdinstall.bin
2013-11-03 19:27 - 2013-11-03 19:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\ProgramData\StartMenuReviver.exe


Some content of TEMP:
====================
C:\Users\Waldi\AppData\Local\Temp\proxy_vole8684402324355599846.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 12:42

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Waldi at 2015-03-20 00:44:45
Running from C:\Users\Waldi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Ashampoo Burning Studio 15 v.15.0.0 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.0 - Ashampoo GmbH & Co. KG)
ASUS Xonar U7 Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F39206632A}) (Version:   - ASUSTeK Computer Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.97 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 2.4.4948 - Corsair)
Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\CMIUSB&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DAoC Portal (HKLM-x32\...\{951D4810-1C32-47D1-A5BD-7A1BFB526D94}) (Version: 2.1.0 - DAoC Portal)
DAOC-Charplan (HKLM-x32\...\DAOCCharplan) (Version:  - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ESL Wire 1.18.0 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free MP4 Video Converter version 5.0.55.113 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.55.113 - DVDVideoSoft Ltd.)
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HWiNFO64 Version 4.48 (HKLM\...\HWiNFO64_is1) (Version: 4.48 - Martin Malík - REALiX)
Intel(R) Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
IsoTools (HKLM-x32\...\{E53520BA-ECDA-42A6-8971-E96CBDD8523D}) (Version: 1.34.34.0 - 3K3Y Team)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SlowView (HKLM-x32\...\SlowView) (Version: 1.0 RC2 - Nikolaus Brennig)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000_Classes\CLSID\{85A0641D-324D-4b47-9E5C-D2F33CCB14C3}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-15 23:21 - 2015-01-30 14:05 - 00001295 ___RA C:\Windows\system32\Drivers\etc\hosts
255.255.255.255    easyanticheat.se    # misleading site
255.255.255.255    www.easyanticheat.se    # misleading site
255.255.255.255    easyanticheat.com    # misleading site
255.255.255.255    www.easyanticheat.com    # misleading site
255.255.255.255    easyanticheat.info    # misleading site
255.255.255.255    www.easyanticheat.info    # misleading site
255.255.255.255    easyanticheat.org    # misleading site
255.255.255.255    www.easyanticheat.org    # misleading site


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02455DE1-5B53-47DB-B476-0F1F2F4F37FD} - System32\Tasks\FRAPS => J:\Program Files\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {174900C7-9C28-4EE0-A066-0430A886712E} - \Start CorsairLINK Hardware Monitor No Task File <==== ATTENTION
Task: {209C88B4-8199-4A7A-BE01-FD6644B1B218} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {327017E1-FBB5-44D7-9446-375C8D038642} - \Start Corsair Link No Task File <==== ATTENTION
Task: {34F4F72C-0CE8-407E-891C-B3B6CCE6374F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9B42847E-A1F5-4B7F-AB28-6A64E9CDDE16} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()
Task: {E43FEA2F-52F3-4995-912E-538EA916E6B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-04-21 21:51 - 2014-01-28 11:40 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2013-04-21 21:51 - 2014-10-09 15:22 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2013-05-07 20:35 - 2015-02-13 22:58 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-05 10:41 - 2014-11-09 12:37 - 00402432 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2014-12-06 08:03 - 2014-12-06 08:03 - 00565760 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-12-25 14:44 - 2013-08-06 11:34 - 02453504 ____N () C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
2014-11-09 12:37 - 2014-11-09 12:37 - 00197632 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2014-11-09 12:37 - 2014-11-09 12:37 - 00026112 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2014-11-09 12:37 - 2014-11-09 12:37 - 00088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2014-12-06 08:02 - 2014-12-06 08:02 - 00217600 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00353792 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-12-06 08:02 - 2014-12-06 08:02 - 00649216 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2014-06-05 10:40 - 2014-11-09 12:37 - 00356864 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2015-02-09 14:57 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-09 14:57 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-09 14:57 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-09 14:57 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-09 14:57 - 2015-02-19 00:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-09 14:57 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-09 14:57 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-09 14:57 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-09 14:57 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-09 14:57 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-09 14:57 - 2015-02-19 00:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-02-09 14:57 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2014-11-09 12:37 - 2014-11-09 12:37 - 00071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: DTSAudioSvc => 2
MSCONFIG\Services: PandaAgent => 2

==================== Accounts: =============================

Administrator (S-1-5-21-2863928453-3540503222-4138622775-500 - Administrator - Disabled)
Gast (S-1-5-21-2863928453-3540503222-4138622775-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2863928453-3540503222-4138622775-1002 - Limited - Enabled)
Waldi (S-1-5-21-2863928453-3540503222-4138622775-1000 - Administrator - Enabled) => C:\Users\Waldi

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 00:43:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (03/20/2015 00:43:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (03/20/2015 00:43:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (03/20/2015 00:08:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Tcpview.exe, Version: 3.5.0.0, Zeitstempel: 0x4dd3b18b
Name des fehlerhaften Moduls: Tcpview.exe, Version: 3.5.0.0, Zeitstempel: 0x4dd3b18b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001431e
ID des fehlerhaften Prozesses: 0x1acc
Startzeit der fehlerhaften Anwendung: 0xTcpview.exe0
Pfad der fehlerhaften Anwendung: Tcpview.exe1
Pfad des fehlerhaften Moduls: Tcpview.exe2
Berichtskennung: Tcpview.exe3

Error: (03/19/2015 08:18:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (03/19/2015 08:18:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (03/19/2015 08:18:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (03/19/2015 05:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (03/19/2015 05:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (03/19/2015 05:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (03/20/2015 00:39:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147014854

Error: (03/20/2015 00:39:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014854

Error: (03/20/2015 00:39:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
atitray

Error: (03/20/2015 00:39:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (03/19/2015 08:31:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147014854

Error: (03/19/2015 08:31:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014854

Error: (03/19/2015 08:14:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147014854

Error: (03/19/2015 08:14:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014854

Error: (03/19/2015 08:14:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
atitray

Error: (03/19/2015 08:14:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (03/20/2015 00:43:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/20/2015 00:43:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (03/20/2015 00:43:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (03/20/2015 00:08:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Tcpview.exe3.5.0.04dd3b18bTcpview.exe3.5.0.04dd3b18bc00000050001431e1acc01d06288361f776eJ:\Programme\TCPView\Tcpview.exeJ:\Programme\TCPView\Tcpview.exee36082f2-ce8c-11e4-aa8b-08606ee7ef78

Error: (03/19/2015 08:18:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/19/2015 08:18:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (03/19/2015 08:18:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (03/19/2015 05:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/19/2015 05:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (03/19/2015 05:56:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2015-03-20 00:39:25.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 00:33:55.087
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 00:07:19.802
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-19 23:48:02.125
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-19 23:33:10.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-19 22:37:32.646
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-19 21:40:21.733
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-19 20:33:45.461
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-19 20:14:31.291
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-19 19:55:47.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8136.77 MB
Available physical RAM: 5763.3 MB
Total Pagefile: 10182.96 MB
Available Pagefile: 7420.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:15.25 GB) NTFS
Drive i: () (Fixed) (Total:931.5 GB) (Free:3.12 GB) NTFS
Drive j: () (Fixed) (Total:596.17 GB) (Free:82.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 67046FE6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: CBE52ACE)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 03F237E4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

==================== End Of Log ============================

Würde mich über jede Hilfe sehr freuen.

Liebe Grüße

sill · 20.03.2015, 01:18

Gmer

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-20 01:04:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Waldi\AppData\Local\Temp\pgloqpob.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                      fffff96000134c00 7 bytes [00, 93, F3, FF, 41, A4, F0]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                                                                                  fffff96000134c08 3 bytes [00, 07, 02]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                                       00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                           00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                        00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                     00000000761d1401 2 bytes JMP 7557b21b C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                       00000000761d1419 2 bytes JMP 7557b346 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                     00000000761d1431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                     00000000761d144a 2 bytes CALL 755548ad C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                                                                  * 9
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                        00000000761d14dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                 00000000761d14f5 2 bytes JMP 755f8978 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                        00000000761d150d 2 bytes JMP 755f8698 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                 00000000761d1525 2 bytes JMP 755f8a62 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                       00000000761d153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                            00000000761d1555 2 bytes JMP 755768ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                     00000000761d156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                       00000000761d1585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                          00000000761d159d 2 bytes JMP 755f865c C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                       00000000761d15b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                     00000000761d15cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                 00000000761d16b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                 00000000761d16bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\System32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\System32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\System32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\System32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\System32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\System32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\System32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\System32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                         00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                             00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                          00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\system32\atieclxx.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                         0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\atieclxx.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                             0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\atieclxx.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                          00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\atieclxx.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                      00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\svchost.exe[1676] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                   0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                       0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                    00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    c:\program files (x86)\cmcm\Clean Master\cmcore.exe[1876] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                                      00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    c:\program files (x86)\cmcm\Clean Master\cmcore.exe[1876] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                          00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    c:\program files (x86)\cmcm\Clean Master\cmcore.exe[1876] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                       00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Windows\System32\spoolsv.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\System32\spoolsv.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\System32\spoolsv.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\System32\spoolsv.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\svchost.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                               0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                   0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                            00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\EslWire\service\WireHelperSvc.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                       0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\EslWire\service\WireHelperSvc.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                           0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\EslWire\service\WireHelperSvc.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                        00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\EslWire\service\WireHelperSvc.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                    00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                             00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                 00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                              00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                   00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                       00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                    00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                         00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                                             00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                                          00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                                                                     0000000072dd17fa 2 bytes CALL 755511a9 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                                                                 0000000072dd1860 2 bytes CALL 755511a9 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                                                               0000000072dd1942 2 bytes JMP 75c77089 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                                                              0000000072dd194d 2 bytes JMP 75c7cba6 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                       00000000761d1401 2 bytes JMP 7557b21b C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                         00000000761d1419 2 bytes JMP 7557b346 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                       00000000761d1431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                       00000000761d144a 2 bytes CALL 755548ad C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                                                                  * 9
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                          00000000761d14dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                   00000000761d14f5 2 bytes JMP 755f8978 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                          00000000761d150d 2 bytes JMP 755f8698 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                   00000000761d1525 2 bytes JMP 755f8a62 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                         00000000761d153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                              00000000761d1555 2 bytes JMP 755768ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                       00000000761d156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                         00000000761d1585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                            00000000761d159d 2 bytes JMP 755f865c C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                         00000000761d15b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                       00000000761d15cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                   00000000761d16b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                   00000000761d16bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                               00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                   00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Windows\system32\svchost.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\svchost.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\svchost.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\svchost.exe[2580] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\system32\wbem\wmiprvse.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                    0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\wbem\wmiprvse.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                        0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\wbem\wmiprvse.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                     00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\wbem\wmiprvse.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                 00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\System32\svchost.exe[3448] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\System32\svchost.exe[3448] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\System32\svchost.exe[3448] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\System32\svchost.exe[3448] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\taskeng.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\system32\Dwm.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                              0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\Dwm.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                                  0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\Dwm.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                               00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\Dwm.exe[3988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                           00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\Explorer.EXE[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                                  0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\Explorer.EXE[2620] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                                      0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\Explorer.EXE[2620] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                                   00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\Explorer.EXE[2620] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                               00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Windows\system32\taskhost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                         0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\taskhost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                             0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\taskhost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                          00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\taskhost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                      00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                                00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                    00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                 00000000779d0038 5 bytes JMP 0000000175378d80
.text    J:\Program Files\Fraps\fraps.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                         00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    J:\Program Files\Fraps\fraps.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                                             00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    J:\Program Files\Fraps\fraps.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                                          00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\VIA_XHCI\usb3Monitor.exe[3920] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                              00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\VIA_XHCI\usb3Monitor.exe[3920] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                                                  00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\VIA_XHCI\usb3Monitor.exe[3920] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                                               00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                      0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                          0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                       00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                   00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                             0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                 0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                              00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                          00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                             0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                 0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                              00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\Windows Sidebar\sidebar.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                          00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\HWiNFO64\HWiNFO64.EXE[3356] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                   0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\HWiNFO64\HWiNFO64.EXE[3356] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                       0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\HWiNFO64\HWiNFO64.EXE[3356] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                    00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\HWiNFO64\HWiNFO64.EXE[3356] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\HWiNFO64\HWiNFO64.EXE[3356] C:\Windows\system32\OPENGL32.dll!wglSwapLayerBuffers                                                                                                                                    000007feed6a48c0 9 bytes {MOV RAX, 0x6a1ed490; JMP RAX}
.text    C:\Program Files\HWiNFO64\HWiNFO64.EXE[3356] C:\Windows\system32\OPENGL32.dll!wglSwapBuffers                                                                                                                                         000007feed6baaa0 9 bytes {MOV RAX, 0x6a1ed3d0; JMP RAX}
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                 00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                     00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                  00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                  00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                      00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                   00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                   0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                       0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                    00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                   0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                       0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                    00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                   0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                       0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                    00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                             0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                 0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                              00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                          00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe[4620] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                          00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe[4620] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                              00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe[4620] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                           00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                           0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                               0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                            00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                        00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                            0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                             00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                         00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                       0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                           0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                        00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                    00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                   0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                       0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                    00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe[4864] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                     00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe[4864] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                         00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe[4864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                      00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                              00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                  00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                               00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                           00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                               00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                            00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                         00000000761d1401 2 bytes JMP 7557b21b C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                           00000000761d1419 2 bytes JMP 7557b346 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                         00000000761d1431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                         00000000761d144a 2 bytes CALL 755548ad C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                                                                  * 9
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                            00000000761d14dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                     00000000761d14f5 2 bytes JMP 755f8978 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                            00000000761d150d 2 bytes JMP 755f8698 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                     00000000761d1525 2 bytes JMP 755f8a62 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                           00000000761d153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                00000000761d1555 2 bytes JMP 755768ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                         00000000761d156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                           00000000761d1585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                              00000000761d159d 2 bytes JMP 755f865c C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                           00000000761d15b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                         00000000761d15cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                     00000000761d16b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                     00000000761d16bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\system32\svchost.exe[4576] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                          0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Windows\system32\svchost.exe[4576] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                              0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Windows\system32\svchost.exe[4576] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                           00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Windows\system32\svchost.exe[4576] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                       00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    J:\Program Files\Fraps\fraps64.dat[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                       0000000077821430 5 bytes JMP 00000001777c0010
.text    J:\Program Files\Fraps\fraps64.dat[5572] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                                                           0000000077821490 5 bytes JMP 00000001777c0028
.text    J:\Program Files\Fraps\fraps64.dat[5572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                                                        00000000778217b0 1 byte JMP 00000001777c0040
.text    J:\Program Files\Fraps\fraps64.dat[5572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                                                                    00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                              00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                  00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                               00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                     00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                         00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                      00000000779d0038 5 bytes JMP 0000000175378d80
.text    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                                                 0000000077821430 5 bytes JMP 00000001777c0010
.text    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                                                     0000000077821490 5 bytes JMP 00000001777c0028
.text    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                                                  00000000778217b0 1 byte JMP 00000001777c0040
.text    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                                              00000000778217b2 3 bytes {JMP 0xfffffffffff9e890}
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                         00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                                             00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                                          00000000779d0038 5 bytes JMP 0000000175378d80
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                       00000000761d1401 2 bytes JMP 7557b21b C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                         00000000761d1419 2 bytes JMP 7557b346 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                       00000000761d1431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                       00000000761d144a 2 bytes CALL 755548ad C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                                                                  * 9
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                          00000000761d14dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                   00000000761d14f5 2 bytes JMP 755f8978 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                          00000000761d150d 2 bytes JMP 755f8698 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                   00000000761d1525 2 bytes JMP 755f8a62 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                         00000000761d153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                              00000000761d1555 2 bytes JMP 755768ef C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                       00000000761d156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                         00000000761d1585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                            00000000761d159d 2 bytes JMP 755f865c C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                         00000000761d15b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                       00000000761d15cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                   00000000761d16b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\KERNEL32.dll
.text    J:\Programme\TCPView\Tcpview.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                   00000000761d16bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Users\Waldi\Desktop\Gmer-19357.exe[7008] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                                                                                    00000000779cfac0 5 bytes JMP 0000000175378cf0
.text    C:\Users\Waldi\Desktop\Gmer-19357.exe[7008] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                                                                        00000000779cfb58 5 bytes JMP 0000000175378ea0
.text    C:\Users\Waldi\Desktop\Gmer-19357.exe[7008] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                                     00000000779d0038 5 bytes JMP 0000000175378d80
---- Processes - GMER 2.1 ----

Library  C:\Users\Waldi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUObserver37.gadget\GPUStatusReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [4028] (GPUStatusReader/Orbmu2k)(2013-06-09 01:35:51)    000000006f680000
Library  C:\Users\Waldi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\IntelDTSReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [4028] (IntelDTSReader/Orbmu2k)(2013-06-09 01:38:49)  000000006f670000
Library  C:\Users\Waldi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [4028] (WinRing0/OpenLibSys.org)(2013-06-09 01:38:49)    0000000180000000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dc85de675afd                                                                                                                                                          
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dc85de675afd (not active ControlSet)                                                                                                                                      

---- EOF - GMER 2.1 ----

Danke

schrauber · 20.03.2015, 06:20

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

sill · 20.03.2015, 13:20

Hallo schrauber,

hier die 2 Scans:

Mbar

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.20.03
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Waldi :: WALDI-PC [administrator]

20.03.2015 13:07:54
mbar-log-2015-03-20 (13-07-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 401611
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

TDSSKiller

Code:

ATTFilter

13:13:19.0789 0x0d34  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:13:26.0708 0x0d34  ============================================================
13:13:26.0708 0x0d34  Current date / time: 2015/03/20 13:13:26.0708
13:13:26.0708 0x0d34  SystemInfo:
13:13:26.0708 0x0d34  
13:13:26.0708 0x0d34  OS Version: 6.1.7601 ServicePack: 1.0
13:13:26.0708 0x0d34  Product type: Workstation
13:13:26.0708 0x0d34  ComputerName: WALDI-PC
13:13:26.0708 0x0d34  UserName: Waldi
13:13:26.0708 0x0d34  Windows directory: C:\Windows
13:13:26.0708 0x0d34  System windows directory: C:\Windows
13:13:26.0708 0x0d34  Running under WOW64
13:13:26.0708 0x0d34  Processor architecture: Intel x64
13:13:26.0708 0x0d34  Number of processors: 4
13:13:26.0708 0x0d34  Page size: 0x1000
13:13:26.0708 0x0d34  Boot type: Normal boot
13:13:26.0708 0x0d34  ============================================================
13:13:26.0913 0x0d34  KLMD registered as C:\Windows\system32\drivers\76484737.sys
13:13:26.0930 0x0d34  System UUID: {C70A5BB4-529F-CC44-4A75-7FB1458A5D80}
13:13:27.0080 0x0d34  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:13:27.0098 0x0d34  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:13:27.0098 0x0d34  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:13:27.0100 0x0d34  ============================================================
13:13:27.0100 0x0d34  \Device\Harddisk0\DR0:
13:13:27.0101 0x0d34  MBR partitions:
13:13:27.0101 0x0d34  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:13:27.0101 0x0d34  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
13:13:27.0101 0x0d34  \Device\Harddisk1\DR1:
13:13:27.0101 0x0d34  MBR partitions:
13:13:27.0101 0x0d34  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
13:13:27.0101 0x0d34  \Device\Harddisk2\DR2:
13:13:27.0101 0x0d34  MBR partitions:
13:13:27.0111 0x0d34  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F04, BlocksNum 0x74701ABD
13:13:27.0111 0x0d34  ============================================================
13:13:27.0113 0x0d34  C: <-> \Device\Harddisk0\DR0\Partition2
13:13:27.0168 0x0d34  I: <-> \Device\Harddisk2\DR2\Partition1
13:13:27.0213 0x0d34  J: <-> \Device\Harddisk1\DR1\Partition1
13:13:27.0213 0x0d34  ============================================================
13:13:27.0213 0x0d34  Initialize success
13:13:27.0213 0x0d34  ============================================================
13:14:50.0682 0x163c  ============================================================
13:14:50.0682 0x163c  Scan started
13:14:50.0682 0x163c  Mode: Manual; SigCheck; TDLFS; 
13:14:50.0682 0x163c  ============================================================
13:14:50.0682 0x163c  KSN ping started
13:15:04.0052 0x163c  KSN ping finished: true
13:15:04.0633 0x163c  ================ Scan system memory ========================
13:15:04.0633 0x163c  System memory - ok
13:15:04.0633 0x163c  ================ Scan services =============================
13:15:04.0664 0x163c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:15:04.0700 0x163c  1394ohci - ok
13:15:04.0709 0x163c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:15:04.0719 0x163c  ACPI - ok
13:15:04.0721 0x163c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:15:04.0729 0x163c  AcpiPmi - ok
13:15:04.0751 0x163c  [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:15:04.0759 0x163c  AdobeFlashPlayerUpdateSvc - ok
13:15:04.0769 0x163c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:15:04.0781 0x163c  adp94xx - ok
13:15:04.0788 0x163c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:15:04.0797 0x163c  adpahci - ok
13:15:04.0802 0x163c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:15:04.0809 0x163c  adpu320 - ok
13:15:04.0813 0x163c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:15:04.0831 0x163c  AeLookupSvc - ok
13:15:04.0840 0x163c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
13:15:04.0854 0x163c  AFD - ok
13:15:04.0857 0x163c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:15:04.0862 0x163c  agp440 - ok
13:15:04.0865 0x163c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:15:04.0873 0x163c  ALG - ok
13:15:04.0875 0x163c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:15:04.0880 0x163c  aliide - ok
13:15:04.0887 0x163c  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:15:04.0898 0x163c  AMD External Events Utility - ok
13:15:04.0900 0x163c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:15:04.0905 0x163c  amdide - ok
13:15:04.0908 0x163c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:15:04.0915 0x163c  AmdK8 - ok
13:15:05.0142 0x163c  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:15:05.0413 0x163c  amdkmdag - ok
13:15:05.0437 0x163c  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:15:05.0453 0x163c  amdkmdap - ok
13:15:05.0456 0x163c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:15:05.0463 0x163c  AmdPPM - ok
13:15:05.0474 0x163c  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:15:05.0480 0x163c  amdsata - ok
13:15:05.0486 0x163c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:15:05.0493 0x163c  amdsbs - ok
13:15:05.0495 0x163c  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:15:05.0500 0x163c  amdxata - ok
13:15:05.0503 0x163c  [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
13:15:05.0514 0x163c  androidusb - ok
13:15:05.0521 0x163c  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
13:15:05.0528 0x163c  AppHostSvc - ok
13:15:05.0531 0x163c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
13:15:05.0540 0x163c  AppID - ok
13:15:05.0542 0x163c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:15:05.0549 0x163c  AppIDSvc - ok
13:15:05.0553 0x163c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:15:05.0561 0x163c  Appinfo - ok
13:15:05.0567 0x163c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:15:05.0576 0x163c  AppMgmt - ok
13:15:05.0579 0x163c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:15:05.0585 0x163c  arc - ok
13:15:05.0588 0x163c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:15:05.0595 0x163c  arcsas - ok
13:15:05.0598 0x163c  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
13:15:05.0604 0x163c  asmthub3 - detected UnsignedFile.Multi.Generic ( 1 )
13:15:07.0918 0x163c  Detect skipped due to KSN trusted
13:15:07.0918 0x163c  asmthub3 - ok
13:15:07.0927 0x163c  [ 74ADFFE949F3C742E42C81E57E120486, D78AB780C8871CA179BC0578AA9EC739F27478E4836E9BA9A3EDDD94FAFF81A3 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
13:15:07.0937 0x163c  asmtxhci - ok
13:15:07.0950 0x163c  [ 041672BAC20B34EAEDEB033129655DD8, 14264732F0CACF5732C7652C411F0A1C3B4A4417C31DD289C8AFF170BE683E5A ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:15:07.0957 0x163c  aspnet_state - ok
13:15:07.0966 0x163c  [ 81793AD0AAD0C6A6246CC47AA2FDC2FA, 2DDD09BC698A4A40E9FB379FFC94D3B831684F4BA027F8D6A52643B74812064A ] ASUSU7          C:\Windows\system32\DRIVERS\ASUSU7.SYS
13:15:07.0978 0x163c  ASUSU7 - ok
13:15:07.0981 0x163c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:15:07.0998 0x163c  AsyncMac - ok
13:15:08.0000 0x163c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:15:08.0005 0x163c  atapi - ok
13:15:08.0009 0x163c  atitray - ok
13:15:08.0021 0x163c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:15:08.0037 0x163c  AudioEndpointBuilder - ok
13:15:08.0047 0x163c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:15:08.0060 0x163c  AudioSrv - ok
13:15:08.0063 0x163c  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
13:15:08.0068 0x163c  avmeject - ok
13:15:08.0071 0x163c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:15:08.0081 0x163c  AxInstSV - ok
13:15:08.0090 0x163c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:15:08.0103 0x163c  b06bdrv - ok
13:15:08.0109 0x163c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:15:08.0119 0x163c  b57nd60a - ok
13:15:08.0123 0x163c  [ 638AC077E7EF7D27D03062E486E8BF01, 613E1DB1BDF020B6AAA808CB3E2487E7505B8B954E69475026648C2D89751A70 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
13:15:08.0129 0x163c  bcbtums - ok
13:15:08.0132 0x163c  [ A365D0728CDB73B0207B2C5BD4C0D5FB, 7BC987F00A14755EA4C1083D06F473E0996B6259E63EE003DD1B3A484AE32A82 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
13:15:08.0136 0x163c  BCM42RLY - ok
13:15:08.0195 0x163c  [ FBC76C8D561D0AD159EF9452D9F328F6, 3A1A3E8ED48316ACF833554C50CAA3278C980F139332E9F35D889F1C46532FAA ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
13:15:08.0264 0x163c  BCM43XX - ok
13:15:08.0270 0x163c  [ B6FA52DE682784889E700B9B467F4D7A, 1D87AC22F42C5F5445AC59CF983CD1D0CEAB48C67DB8EFB6FD288FE2482C6420 ] BcmVWL          C:\Windows\system32\DRIVERS\bcmvwl64.sys
13:15:08.0275 0x163c  BcmVWL - ok
13:15:08.0278 0x163c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:15:08.0285 0x163c  BDESVC - ok
13:15:08.0288 0x163c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:15:08.0304 0x163c  Beep - ok
13:15:08.0313 0x163c  [ BE43A13207D6428947248AF7EE05E772, 4118288ECD13B77738070DC298A64732693EEF9679CCFA59FD523CCAACF6335B ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
13:15:08.0324 0x163c  BEService - ok
13:15:08.0337 0x163c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:15:08.0353 0x163c  BFE - ok
13:15:08.0367 0x163c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:15:08.0396 0x163c  BITS - ok
13:15:08.0399 0x163c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:15:08.0406 0x163c  blbdrive - ok
13:15:08.0415 0x163c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:15:08.0424 0x163c  Bonjour Service - ok
13:15:08.0428 0x163c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:15:08.0435 0x163c  bowser - ok
13:15:08.0437 0x163c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:15:08.0444 0x163c  BrFiltLo - ok
13:15:08.0447 0x163c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:15:08.0454 0x163c  BrFiltUp - ok
13:15:08.0458 0x163c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:15:08.0466 0x163c  Browser - ok
13:15:08.0472 0x163c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:15:08.0481 0x163c  Brserid - ok
13:15:08.0484 0x163c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:15:08.0492 0x163c  BrSerWdm - ok
13:15:08.0494 0x163c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:15:08.0500 0x163c  BrUsbMdm - ok
13:15:08.0502 0x163c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:15:08.0508 0x163c  BrUsbSer - ok
13:15:08.0511 0x163c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
13:15:08.0517 0x163c  BthEnum - ok
13:15:08.0520 0x163c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:15:08.0528 0x163c  BTHMODEM - ok
13:15:08.0532 0x163c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:15:08.0541 0x163c  BthPan - ok
13:15:08.0550 0x163c  [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
13:15:08.0564 0x163c  BTHPORT - ok
13:15:08.0567 0x163c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:15:08.0585 0x163c  bthserv - ok
13:15:08.0588 0x163c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
13:15:08.0594 0x163c  BTHUSB - ok
13:15:08.0596 0x163c  btwampfl - ok
13:15:08.0598 0x163c  btwaudio - ok
13:15:08.0599 0x163c  btwavdt - ok
13:15:08.0602 0x163c  [ 41933521A618475644B6E8D8487AF326, A50D6CF096E45E4EA2491D61CFE165C8C8A8956E699519C4314918DE1FD31056 ] BTWDPAN         C:\Windows\system32\DRIVERS\btwdpan.sys
13:15:08.0607 0x163c  BTWDPAN - ok
13:15:08.0609 0x163c  btwl2cap - ok
13:15:08.0611 0x163c  btwrchid - ok
13:15:08.0614 0x163c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:15:08.0633 0x163c  cdfs - ok
13:15:08.0637 0x163c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:15:08.0645 0x163c  cdrom - ok
13:15:08.0649 0x163c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:15:08.0666 0x163c  CertPropSvc - ok
13:15:08.0668 0x163c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:15:08.0676 0x163c  circlass - ok
13:15:08.0683 0x163c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:15:08.0693 0x163c  CLFS - ok
13:15:08.0698 0x163c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:15:08.0704 0x163c  clr_optimization_v2.0.50727_32 - ok
13:15:08.0709 0x163c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:15:08.0716 0x163c  clr_optimization_v2.0.50727_64 - ok
13:15:08.0724 0x163c  [ 397C2677C25CBE213F3270245A401624, 8121E37108DE7A0402DC5111EBF452F91893B63EECE3AAD9EACF61C40D3FC182 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:15:08.0731 0x163c  clr_optimization_v4.0.30319_32 - ok
13:15:08.0734 0x163c  [ 29139759FCC4E4E0531ABE2EA82CE646, CFF7B2F4A9B37D343BE18DC40161DC03FA9DB308CAE9E0B3DF1FCDC3EBAC0C08 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:15:08.0742 0x163c  clr_optimization_v4.0.30319_64 - ok
13:15:08.0745 0x163c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:15:08.0751 0x163c  CmBatt - ok
13:15:08.0759 0x163c  [ E6D260721A9DF6A254FEDB7990FB5E77, BD6DAD6DDEDA86B4D2FFF080142FFE83838574BA84409F2C5399253B3B0097AB ] cmcore          c:\program files (x86)\cmcm\Clean Master\cmcore.exe
13:15:08.0767 0x163c  cmcore - ok
13:15:08.0770 0x163c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:15:08.0775 0x163c  cmdide - ok
13:15:08.0784 0x163c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
13:15:08.0799 0x163c  CNG - ok
13:15:08.0802 0x163c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:15:08.0807 0x163c  Compbatt - ok
13:15:08.0810 0x163c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:15:08.0818 0x163c  CompositeBus - ok
13:15:08.0820 0x163c  COMSysApp - ok
13:15:08.0840 0x163c  [ 6DB7264A95FE984FFA072BA79FA087C8, CF180663B24B1660CD04CB26D8663FB7F357C9CF5731B315635D63B7DB76BCEC ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:15:08.0849 0x163c  cphs - ok
13:15:08.0858 0x163c  cpuz136 - ok
13:15:08.0860 0x163c  cpuz137 - ok
13:15:08.0863 0x163c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:15:08.0868 0x163c  crcdisk - ok
13:15:08.0873 0x163c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:15:08.0882 0x163c  CryptSvc - ok
13:15:08.0891 0x163c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:15:08.0904 0x163c  CSC - ok
13:15:08.0916 0x163c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:15:08.0931 0x163c  CscService - ok
13:15:08.0941 0x163c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:15:08.0964 0x163c  DcomLaunch - ok
13:15:08.0971 0x163c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:15:08.0991 0x163c  defragsvc - ok
13:15:08.0995 0x163c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:15:09.0012 0x163c  DfsC - ok
13:15:09.0018 0x163c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:15:09.0038 0x163c  Dhcp - ok
13:15:09.0041 0x163c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:15:09.0057 0x163c  discache - ok
13:15:09.0061 0x163c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:15:09.0066 0x163c  Disk - ok
13:15:09.0071 0x163c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:15:09.0080 0x163c  Dnscache - ok
13:15:09.0085 0x163c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:15:09.0105 0x163c  dot3svc - ok
13:15:09.0109 0x163c  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:15:09.0118 0x163c  dot4 - ok
13:15:09.0120 0x163c  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
13:15:09.0128 0x163c  Dot4Print - ok
13:15:09.0130 0x163c  [ 488669CD1CD3BDCFDD9A5FDA72209069, CCB6BCB23A30CFD016E4086ED010A0E9DA647D3FAD9724200A29938D2B79A3C0 ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys
13:15:09.0138 0x163c  Dot4Scan - ok
13:15:09.0141 0x163c  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
13:15:09.0148 0x163c  dot4usb - ok
13:15:09.0152 0x163c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:15:09.0171 0x163c  DPS - ok
13:15:09.0173 0x163c  DRIVER_B - ok
13:15:09.0175 0x163c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:15:09.0181 0x163c  drmkaud - ok
13:15:09.0188 0x163c  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:15:09.0196 0x163c  dtsoftbus01 - ok
13:15:09.0212 0x163c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:15:09.0231 0x163c  DXGKrnl - ok
13:15:09.0240 0x163c  [ 1BEF2C2E229452EC49FFE5A27283341D, 7010273570BD38E578FCF1DD2EB00C21E8FA3504CE2342AEE3755F6EFC4581E9 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
13:15:09.0251 0x163c  e1cexpress - ok
13:15:09.0254 0x163c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:15:09.0272 0x163c  EapHost - ok
13:15:09.0275 0x163c  EasyAntiCheat - ok
13:15:09.0327 0x163c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:15:09.0379 0x163c  ebdrv - ok
13:15:09.0383 0x163c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe
13:15:09.0389 0x163c  EFS - ok
13:15:09.0399 0x163c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:15:09.0411 0x163c  elxstor - ok
13:15:09.0413 0x163c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:15:09.0419 0x163c  ErrDev - ok
13:15:09.0426 0x163c  [ AC7C06EB303CCDE4D01669B030EE947B, AEC1B4E96A8261F31A0B9E216F166284632005E55A785B793DFD112B22680D69 ] ESLWireAC       C:\Windows\system32\drivers\ESLWireACD.sys
13:15:09.0433 0x163c  ESLWireAC - ok
13:15:09.0446 0x163c  [ A2941FF542EFF81B32575EB964A89E48, E0C98E6648EF0B2E4819FA5656A8EF79855C39E0C1D43FCD08B36F1951FBF71A ] EslWireHelper   C:\Program Files\EslWire\service\WireHelperSvc.exe
13:15:09.0459 0x163c  EslWireHelper - ok
13:15:09.0462 0x163c  [ 84486624268E078255BC7AA47F0960BC, EC2540698B974572F0AC4A93D57C63295BAF66BF50F7416B9DFF5DE790EBDBE7 ] etdrv           C:\Windows\etdrv.sys
13:15:09.0466 0x163c  etdrv - ok
13:15:09.0474 0x163c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:15:09.0496 0x163c  EventSystem - ok
13:15:09.0500 0x163c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:15:09.0519 0x163c  exfat - ok
13:15:09.0524 0x163c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:15:09.0542 0x163c  fastfat - ok
13:15:09.0554 0x163c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:15:09.0569 0x163c  Fax - ok
13:15:09.0572 0x163c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:15:09.0579 0x163c  fdc - ok
13:15:09.0581 0x163c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:15:09.0597 0x163c  fdPHost - ok
13:15:09.0599 0x163c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:15:09.0616 0x163c  FDResPub - ok
13:15:09.0619 0x163c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:15:09.0625 0x163c  FileInfo - ok
13:15:09.0627 0x163c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:15:09.0645 0x163c  Filetrace - ok
13:15:09.0647 0x163c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:15:09.0653 0x163c  flpydisk - ok
13:15:09.0659 0x163c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:15:09.0667 0x163c  FltMgr - ok
13:15:09.0685 0x163c  [ 76C196B109E4BFA50132EF50AF6A1C1B, 6452E96C3C9D35433890FFE72CDBBECBD1D0F56BBAD92DDC31551C1EE44B5860 ] FontCache       C:\Windows\system32\FntCache.dll
13:15:09.0707 0x163c  FontCache - ok
13:15:09.0712 0x163c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:15:09.0716 0x163c  FontCache3.0.0.0 - ok
13:15:09.0719 0x163c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:15:09.0725 0x163c  FsDepends - ok
13:15:09.0727 0x163c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:15:09.0732 0x163c  Fs_Rec - ok
13:15:09.0737 0x163c  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:15:09.0746 0x163c  fvevol - ok
13:15:09.0766 0x163c  [ 4632BB93B668004965246D7911E2DD05, B4CCFFC488C94A0D82A6CC11A9BA2616B339217164719EABA3CF59913EA899FB ] fwlanusb4       C:\Windows\system32\DRIVERS\fwlanusb4.sys
13:15:09.0790 0x163c  fwlanusb4 - ok
13:15:09.0793 0x163c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:15:09.0799 0x163c  gagp30kx - ok
13:15:09.0801 0x163c  [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv            C:\Windows\gdrv.sys
13:15:09.0805 0x163c  gdrv - ok
13:15:09.0818 0x163c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:15:09.0845 0x163c  gpsvc - ok
13:15:09.0849 0x163c  [ 8126331FBD4ED29EB3B356F9C905064D, A58BCE904591DD762410E99960FD956FB579C2CE78FA7BF1406075D29537EF82 ] GVTDrv64        C:\Windows\GVTDrv64.sys
13:15:09.0853 0x163c  GVTDrv64 - ok
13:15:09.0856 0x163c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:15:09.0862 0x163c  hcw85cir - ok
13:15:09.0869 0x163c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:15:09.0881 0x163c  HdAudAddService - ok
13:15:09.0885 0x163c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:15:09.0894 0x163c  HDAudBus - ok
13:15:09.0896 0x163c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:15:09.0903 0x163c  HidBatt - ok
13:15:09.0906 0x163c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:15:09.0915 0x163c  HidBth - ok
13:15:09.0918 0x163c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:15:09.0925 0x163c  HidIr - ok
13:15:09.0928 0x163c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:15:09.0945 0x163c  hidserv - ok
13:15:09.0947 0x163c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:15:09.0953 0x163c  HidUsb - ok
13:15:09.0956 0x163c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:15:09.0974 0x163c  hkmsvc - ok
13:15:09.0978 0x163c  [ CF07C0A9D38A248D036DD9C47E4D0D6E, 6952DA6466DAE2E378F92934E1925887DD122A511BC5D6A0EF2194108E320126 ] hmpalert        C:\Windows\system32\drivers\hmpalert.sys
13:15:09.0984 0x163c  hmpalert - ok
13:15:10.0012 0x163c  [ 2638395F6E61889D75C363A80A0E17F4, D61FD993DA6605F32E6CDAC889285EB67F1A112BB9A294838BB90FCBF5FA11C1 ] hmpalertsvc     C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
13:15:10.0038 0x163c  hmpalertsvc - ok
13:15:10.0044 0x163c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:15:10.0054 0x163c  HomeGroupListener - ok
13:15:10.0058 0x163c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:15:10.0067 0x163c  HomeGroupProvider - ok
13:15:10.0070 0x163c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:15:10.0077 0x163c  HpSAMD - ok
13:15:10.0089 0x163c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:15:10.0115 0x163c  HTTP - ok
13:15:10.0118 0x163c  [ E5805896A55D4166C20F216249F40FA3, F426BF60D5B916E7A778EF24C49FE1FFE1B2977C2ABD2977FD5C38C6E6CB139F ] HWiNFO32        C:\Windows\system32\drivers\HWiNFO64A.SYS
13:15:10.0123 0x163c  HWiNFO32 - ok
13:15:10.0125 0x163c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:15:10.0130 0x163c  hwpolicy - ok
13:15:10.0133 0x163c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:15:10.0141 0x163c  i8042prt - ok
13:15:10.0152 0x163c  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:15:10.0164 0x163c  iaStor - ok
13:15:10.0173 0x163c  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:15:10.0183 0x163c  iaStorV - ok
13:15:10.0189 0x163c  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
13:15:10.0195 0x163c  ICCS - ok
13:15:10.0199 0x163c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:15:10.0203 0x163c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:15:12.0518 0x163c  Detect skipped due to KSN trusted
13:15:12.0518 0x163c  IDriverT - ok
13:15:12.0533 0x163c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:15:12.0550 0x163c  idsvc - ok
13:15:12.0609 0x163c  [ 0AECABC08F9AB4E504935B7662123B6E, 79D1C801A8FB0920469D6088158C518481485A065E8AF2E580FE4FCC1DE8F39B ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:15:12.0672 0x163c  igfx - detected UnsignedFile.Multi.Generic ( 1 )
13:15:14.0987 0x163c  Detect skipped due to KSN trusted
13:15:14.0987 0x163c  igfx - ok
13:15:14.0990 0x163c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:15:14.0996 0x163c  iirsp - ok
13:15:15.0010 0x163c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:15:15.0029 0x163c  IKEEXT - ok
13:15:15.0033 0x163c  IntcAzAudAddService - ok
13:15:15.0042 0x163c  [ 8E4044C6B71B2F837166F6EDB6BF9100, 441A4EA0C3EF686B8B7884EC96FD8EE1017EB3F462FB4376638F461E41D97C72 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:15:15.0053 0x163c  IntcDAud - ok
13:15:15.0055 0x163c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:15:15.0060 0x163c  intelide - ok
13:15:15.0063 0x163c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:15:15.0070 0x163c  intelppm - ok
13:15:15.0074 0x163c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:15:15.0092 0x163c  IPBusEnum - ok
13:15:15.0095 0x163c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:15:15.0112 0x163c  IpFilterDriver - ok
13:15:15.0122 0x163c  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:15:15.0146 0x163c  iphlpsvc - ok
13:15:15.0150 0x163c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:15:15.0157 0x163c  IPMIDRV - ok
13:15:15.0160 0x163c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:15:15.0178 0x163c  IPNAT - ok
13:15:15.0181 0x163c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:15:15.0189 0x163c  IRENUM - ok
13:15:15.0191 0x163c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:15:15.0196 0x163c  isapnp - ok
13:15:15.0202 0x163c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:15:15.0211 0x163c  iScsiPrt - ok
13:15:15.0214 0x163c  [ EB56D7AC688BCB1171812EF6CBB32193, 3423D53842CAB2473EECE6EF90ED25765B3DB9D85EA5D3A4D2C59A947A959F4D ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
13:15:15.0219 0x163c  iusb3hcs - ok
13:15:15.0226 0x163c  [ 3DD76F45DA45CEDCDFC7BF7AB93E6216, 11757969FCAA14C1DCD4CF06C11BA9EA528C2CD4C6F0C2F5C4EFFFA82AAA22A6 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
13:15:15.0235 0x163c  iusb3hub - ok
13:15:15.0248 0x163c  [ B0342584DAB73797F584CADD41EEC6BD, 517938881A8395B36847838407E1BDE2C0A982AF544CECC44C86BEEA382E9E63 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:15:15.0264 0x163c  iusb3xhc - ok
13:15:15.0267 0x163c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:15:15.0272 0x163c  kbdclass - ok
13:15:15.0275 0x163c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:15:15.0281 0x163c  kbdhid - ok
13:15:15.0283 0x163c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe
13:15:15.0289 0x163c  KeyIso - ok
13:15:15.0292 0x163c  [ 6968FC608A61791C13CEFE6C8496CBD2, E934C1410E41D95762D303CACFC1322F0F79DDBAC5566D0F196BB52AC5494DF0 ] ksapi64         C:\Windows\system32\drivers\ksapi64.sys
13:15:15.0297 0x163c  ksapi64 - ok
13:15:15.0300 0x163c  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:15:15.0306 0x163c  KSecDD - ok
13:15:15.0310 0x163c  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:15:15.0317 0x163c  KSecPkg - ok
13:15:15.0319 0x163c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:15:15.0336 0x163c  ksthunk - ok
13:15:15.0343 0x163c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:15:15.0365 0x163c  KtmRm - ok
13:15:15.0366 0x163c  L1C - ok
13:15:15.0372 0x163c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:15:15.0392 0x163c  LanmanServer - ok
13:15:15.0396 0x163c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:15:15.0414 0x163c  LanmanWorkstation - ok
13:15:15.0417 0x163c  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
13:15:15.0422 0x163c  LGBusEnum - ok
13:15:15.0424 0x163c  [ F705A641C18DF31B48B5DBDA94B425E4, 1F47EE43CAFE5458E56467E127EE99B5FDBFF8B810CF92B232094B475DD42B21 ] LGPBTDD         C:\Windows\system32\Drivers\LGPBTDD.sys
13:15:15.0428 0x163c  LGPBTDD - ok
13:15:15.0431 0x163c  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
13:15:15.0435 0x163c  LGVirHid - ok
13:15:15.0437 0x163c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:15:15.0454 0x163c  lltdio - ok
13:15:15.0460 0x163c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:15:15.0481 0x163c  lltdsvc - ok
13:15:15.0483 0x163c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:15:15.0500 0x163c  lmhosts - ok
13:15:15.0504 0x163c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:15:15.0510 0x163c  LSI_FC - ok
13:15:15.0513 0x163c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:15:15.0519 0x163c  LSI_SAS - ok
13:15:15.0522 0x163c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:15:15.0528 0x163c  LSI_SAS2 - ok
13:15:15.0531 0x163c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:15:15.0538 0x163c  LSI_SCSI - ok
13:15:15.0541 0x163c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:15:15.0559 0x163c  luafv - ok
13:15:15.0620 0x163c  [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
13:15:15.0693 0x163c  LVUVC64 - ok
13:15:15.0698 0x163c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:15:15.0704 0x163c  megasas - ok
13:15:15.0710 0x163c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:15:15.0718 0x163c  MegaSR - ok
13:15:15.0721 0x163c  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:15:15.0726 0x163c  MEIx64 - ok
13:15:15.0730 0x163c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:15:15.0747 0x163c  MMCSS - ok
13:15:15.0749 0x163c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:15:15.0766 0x163c  Modem - ok
13:15:15.0768 0x163c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:15:15.0776 0x163c  monitor - ok
13:15:15.0778 0x163c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:15:15.0783 0x163c  mouclass - ok
13:15:15.0786 0x163c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:15:15.0792 0x163c  mouhid - ok
13:15:15.0795 0x163c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:15:15.0801 0x163c  mountmgr - ok
13:15:15.0805 0x163c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:15:15.0812 0x163c  mpio - ok
13:15:15.0815 0x163c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:15:15.0832 0x163c  mpsdrv - ok
13:15:15.0846 0x163c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:15:15.0874 0x163c  MpsSvc - ok
13:15:15.0879 0x163c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:15:15.0887 0x163c  MRxDAV - ok
13:15:15.0891 0x163c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:15:15.0899 0x163c  mrxsmb - ok
13:15:15.0905 0x163c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:15:15.0915 0x163c  mrxsmb10 - ok
13:15:15.0919 0x163c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:15:15.0926 0x163c  mrxsmb20 - ok
13:15:15.0929 0x163c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:15:15.0934 0x163c  msahci - ok
13:15:15.0938 0x163c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:15:15.0945 0x163c  msdsm - ok
13:15:15.0948 0x163c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:15:15.0957 0x163c  MSDTC - ok
13:15:15.0961 0x163c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:15:15.0978 0x163c  Msfs - ok
13:15:15.0980 0x163c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:15:15.0996 0x163c  mshidkmdf - ok
13:15:15.0998 0x163c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:15:16.0003 0x163c  msisadrv - ok
13:15:16.0008 0x163c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:15:16.0026 0x163c  MSiSCSI - ok
13:15:16.0028 0x163c  msiserver - ok
13:15:16.0030 0x163c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:15:16.0047 0x163c  MSKSSRV - ok
13:15:16.0049 0x163c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:15:16.0065 0x163c  MSPCLOCK - ok
13:15:16.0067 0x163c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:15:16.0084 0x163c  MSPQM - ok
13:15:16.0091 0x163c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:15:16.0100 0x163c  MsRPC - ok
13:15:16.0102 0x163c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:15:16.0107 0x163c  mssmbios - ok
13:15:16.0109 0x163c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:15:16.0126 0x163c  MSTEE - ok
13:15:16.0128 0x163c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:15:16.0134 0x163c  MTConfig - ok
13:15:16.0137 0x163c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:15:16.0143 0x163c  Mup - ok
13:15:16.0149 0x163c  [ 97CCA67FCDABB8441149F04B34ABF510, 25043EC25193E2968F9112330DF63C7F9B9BEBDEEE323ACB3C396AB9494E577F ] mvs91xx         C:\Windows\system32\DRIVERS\mvs91xx.sys
13:15:16.0158 0x163c  mvs91xx - ok
13:15:16.0165 0x163c  [ 395278D3A1C559D864EAF788587C581C, E20CCE48D031316BBA003179B87A2027ECB8CC760D6D4298F8A7C40E2E22357E ] NanoServiceMain C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
13:15:16.0171 0x163c  NanoServiceMain - ok
13:15:16.0180 0x163c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:15:16.0203 0x163c  napagent - ok
13:15:16.0210 0x163c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:15:16.0222 0x163c  NativeWifiP - ok
13:15:16.0237 0x163c  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:15:16.0256 0x163c  NDIS - ok
13:15:16.0259 0x163c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:15:16.0275 0x163c  NdisCap - ok
13:15:16.0278 0x163c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:15:16.0294 0x163c  NdisTapi - ok
13:15:16.0297 0x163c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:15:16.0314 0x163c  Ndisuio - ok
13:15:16.0318 0x163c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:15:16.0336 0x163c  NdisWan - ok
13:15:16.0339 0x163c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:15:16.0354 0x163c  NDProxy - ok
13:15:16.0357 0x163c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:15:16.0374 0x163c  NetBIOS - ok
13:15:16.0380 0x163c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:15:16.0399 0x163c  NetBT - ok
13:15:16.0401 0x163c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe
13:15:16.0407 0x163c  Netlogon - ok
13:15:16.0414 0x163c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:15:16.0435 0x163c  Netman - ok
13:15:16.0444 0x163c  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:16.0452 0x163c  NetMsmqActivator - ok
13:15:16.0456 0x163c  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:16.0463 0x163c  NetPipeActivator - ok
13:15:16.0472 0x163c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:15:16.0495 0x163c  netprofm - ok
13:15:16.0499 0x163c  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:16.0506 0x163c  NetTcpActivator - ok
13:15:16.0509 0x163c  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:16.0516 0x163c  NetTcpPortSharing - ok
13:15:16.0519 0x163c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:15:16.0524 0x163c  nfrd960 - ok
13:15:16.0531 0x163c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:15:16.0541 0x163c  NlaSvc - ok
13:15:16.0545 0x163c  [ ACC47D60E202EBA0A8A80768EC5D3C97, 3A26BA0A97201B55151D649DBCF048E0D72A933D4DDBE5FD415AB772C7C6C250 ] NNSALPC         C:\Windows\system32\DRIVERS\NNSAlpc.sys
13:15:16.0551 0x163c  NNSALPC - ok
13:15:16.0556 0x163c  [ 4C7EAD79B914ADE44D68171AFEEF2AB3, 78D805FFC0DF4EB3D36B43CFD05CF7F5AFCC81B196224A09834EB17FA4D29838 ] NNSHTTP         C:\Windows\system32\DRIVERS\NNSHttp.sys
13:15:16.0563 0x163c  NNSHTTP - ok
13:15:16.0567 0x163c  [ B40C57451477334E8A66F4823BE04AE3, B3E52FA1570D569F2C40716ED925E3D588489DF37D9639E3BA5B5C0AAFE91543 ] NNSHTTPS        C:\Windows\system32\DRIVERS\NNSHttps.sys
13:15:16.0574 0x163c  NNSHTTPS - ok
13:15:16.0578 0x163c  [ 222CF23D6FCEB616CA48BBA55FC4D5C0, DB61FEA4126005A226E88FD6590BC57B440047DFAC6531B3C91AFFEFB0AD6F6C ] NNSIDS          C:\Windows\system32\DRIVERS\NNSIds.sys
13:15:16.0584 0x163c  NNSIDS - ok
13:15:16.0589 0x163c  [ C5332A1FB751B8D5FD9D424D330BC91B, B2FEBEA06252457FF87B74D693E75B29CCF6839EA6FFD60007996B23A6D80154 ] NNSPICC         C:\Windows\system32\DRIVERS\NNSPicc.sys
13:15:16.0594 0x163c  NNSPICC - ok
13:15:16.0598 0x163c  [ AA1A311C019288FFCCF3661B5EA27A99, BC91048E82C820CECBBDEDD9D9F7EDDBF6CBC88CE1D9C83A12C4A0E59CFAAC76 ] NNSPIHSW        C:\Windows\system32\DRIVERS\NNSPihsw.sys
13:15:16.0603 0x163c  NNSPIHSW - ok
13:15:16.0607 0x163c  [ EB153B4FA5200D1D3352D6C3FB7C9C38, 306805080F8FDB5D9299E93C7074F3B46F8E4B6623A3A75A83E98E6EB0E5BDC5 ] NNSPOP3         C:\Windows\system32\DRIVERS\NNSPop3.sys
13:15:16.0614 0x163c  NNSPOP3 - ok
13:15:16.0621 0x163c  [ 425356A7A3657174C206AA3FDB3DDD35, 9634D9A2271C57051BBEC58020082B4CCF2A6583B8FB3C6AC22E9C81728E10F8 ] NNSPROT         C:\Windows\system32\DRIVERS\NNSProt.sys
13:15:16.0629 0x163c  NNSPROT - ok
13:15:16.0635 0x163c  [ FFDF3257F83A094941005EE607B8A905, D3E676A13175D329E2F3677D9B56ED7B4DCDCE6794C96025171B24140B543EDC ] NNSPRV          C:\Windows\system32\DRIVERS\NNSPrv.sys
13:15:16.0642 0x163c  NNSPRV - ok
13:15:16.0646 0x163c  [ DE87A11CB1767ABDDE223D4CC0F7C221, 3D24BC83E4D88174CA08281C0B3E3E7BC44218F4C6950D28D37029AE39F68E50 ] NNSSMTP         C:\Windows\system32\DRIVERS\NNSSmtp.sys
13:15:16.0653 0x163c  NNSSMTP - ok
13:15:16.0659 0x163c  [ 537FB2F711E65475562FE29877F108E1, D2B486CBF3D4CF4AB5D6CCF34CAA57725C3027A2C3E0A1CF628D33546ACBF072 ] NNSSTRM         C:\Windows\system32\DRIVERS\NNSStrm.sys
13:15:16.0667 0x163c  NNSSTRM - ok
13:15:16.0672 0x163c  [ 4F37DC4420A00BC6E9D22E3590806BFC, C65CEE11AFA68F9B870FB256AB53A04C32C1F73F6F4F209944815CC96F8FEB17 ] NNSTLSC         C:\Windows\system32\DRIVERS\NNSTlsc.sys
13:15:16.0678 0x163c  NNSTLSC - ok
13:15:16.0680 0x163c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:15:16.0697 0x163c  Npfs - ok
13:15:16.0700 0x163c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:15:16.0717 0x163c  nsi - ok
13:15:16.0719 0x163c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:15:16.0736 0x163c  nsiproxy - ok
13:15:16.0760 0x163c  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:15:16.0785 0x163c  Ntfs - ok
13:15:16.0788 0x163c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:15:16.0804 0x163c  Null - ok
13:15:16.0807 0x163c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:15:16.0814 0x163c  ohci1394 - ok
13:15:16.0846 0x163c  [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
13:15:16.0877 0x163c  Origin Client Service - ok
13:15:16.0890 0x163c  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:15:16.0897 0x163c  ose64 - ok
13:15:16.0960 0x163c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:15:17.0023 0x163c  osppsvc - ok
13:15:17.0033 0x163c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:15:17.0044 0x163c  p2pimsvc - ok
13:15:17.0052 0x163c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:15:17.0065 0x163c  p2psvc - ok
13:15:17.0069 0x163c  [ 742FC7886B2F155317723F1D6B045F94, BCB0DC50A64423973694DD35A270C6C9F4BB5A0A0819ECA0287B8BB9458DB137 ] PandaAgent      C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
13:15:17.0073 0x163c  PandaAgent - ok
13:15:17.0077 0x163c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:15:17.0084 0x163c  Parport - ok
13:15:17.0087 0x163c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:15:17.0093 0x163c  partmgr - ok
13:15:17.0097 0x163c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:15:17.0106 0x163c  PcaSvc - ok
13:15:17.0111 0x163c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:15:17.0118 0x163c  pci - ok
13:15:17.0120 0x163c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:15:17.0125 0x163c  pciide - ok
13:15:17.0130 0x163c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:15:17.0138 0x163c  pcmcia - ok
13:15:17.0141 0x163c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:15:17.0146 0x163c  pcw - ok
13:15:17.0157 0x163c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:15:17.0172 0x163c  PEAUTH - ok
13:15:17.0192 0x163c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:15:17.0218 0x163c  PeerDistSvc - ok
13:15:17.0237 0x163c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:15:17.0244 0x163c  PerfHost - ok
13:15:17.0266 0x163c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:15:17.0302 0x163c  pla - ok
13:15:17.0311 0x163c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:15:17.0323 0x163c  PlugPlay - ok
13:15:17.0327 0x163c  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
13:15:17.0333 0x163c  PnkBstrA - ok
13:15:17.0335 0x163c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:15:17.0342 0x163c  PNRPAutoReg - ok
13:15:17.0348 0x163c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:15:17.0357 0x163c  PNRPsvc - ok
13:15:17.0368 0x163c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:15:17.0391 0x163c  PolicyAgent - ok
13:15:17.0396 0x163c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:15:17.0415 0x163c  Power - ok
13:15:17.0419 0x163c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:15:17.0436 0x163c  PptpMiniport - ok
13:15:17.0439 0x163c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:15:17.0446 0x163c  Processor - ok
13:15:17.0451 0x163c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:15:17.0460 0x163c  ProfSvc - ok
13:15:17.0462 0x163c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:15:17.0468 0x163c  ProtectedStorage - ok
13:15:17.0474 0x163c  [ ABF42AF66C50E3FBAD2280020360920E, 0F2FB1C117DE989AB615D673B09B5DACC1592ED895505F1880EAA09788E0E3E1 ] PSINAflt        C:\Windows\system32\DRIVERS\PSINAflt.sys
13:15:17.0481 0x163c  PSINAflt - ok
13:15:17.0487 0x163c  [ 54C28488E5F038B29E2D80DBFC910666, 5386D279375DC737E3E3FBE6576B8C97D2346ED98061CBA1982C09832FDF9E78 ] PSINFile        C:\Windows\system32\DRIVERS\PSINFile.sys
13:15:17.0493 0x163c  PSINFile - ok
13:15:17.0500 0x163c  [ 305FCF2F725B806BC5E69AC95340A271, FCA0EF28DE5F4DAF8E3E4BB70C7668A0E1990CC080D52BA711DFB9CC5C369230 ] PSINKNC         C:\Windows\system32\DRIVERS\psinknc.sys
13:15:17.0507 0x163c  PSINKNC - ok
13:15:17.0512 0x163c  [ ED6B1CDE5B178B057F64B2AF682EB45A, BDD46380BF51A48982E81F1D5EDAC2D9B16D2C03E886144279F4505ADA247EE2 ] PSINProc        C:\Windows\system32\DRIVERS\PSINProc.sys
13:15:17.0518 0x163c  PSINProc - ok
13:15:17.0524 0x163c  [ 171F1C6F49142F2D1C174B817F46EC0F, 96F6B021CBEA2F0787A01E323EED626B380DAD13FC91EE4552F4DEEEC95DBD2C ] PSINProt        C:\Windows\system32\DRIVERS\PSINProt.sys
13:15:17.0530 0x163c  PSINProt - ok
13:15:17.0535 0x163c  [ 6A19A5665FBE15D63046B20BB0BFD7AB, 45EBDAD1E5CF5747EB5600F74969123428094E7FAC68CAE29AF02E31FFC3FB8D ] PSINReg         C:\Windows\system32\DRIVERS\PSINReg.sys
13:15:17.0541 0x163c  PSINReg - ok
13:15:17.0544 0x163c  [ 105ACC469DF34C8BD0D5E68A70C774E5, 983A759339E058AAE779EB9476EC2AEE8B379F0C60E5E2FD73826155827F5518 ] PSKMAD          C:\Windows\system32\DRIVERS\PSKMAD.sys
13:15:17.0550 0x163c  PSKMAD - ok
13:15:17.0552 0x163c  [ CAB0E7856EA9AB97E270E53AE0833EA6, E73C77578F6FFD8B4A3E4BD198EE3795C9A65567D8894F14136804393EBA7A61 ] PSUAService     C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
13:15:17.0556 0x163c  PSUAService - ok
13:15:17.0578 0x163c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:15:17.0604 0x163c  ql2300 - ok
13:15:17.0608 0x163c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:15:17.0615 0x163c  ql40xx - ok
13:15:17.0620 0x163c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:15:17.0632 0x163c  QWAVE - ok
13:15:17.0634 0x163c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:15:17.0643 0x163c  QWAVEdrv - ok
13:15:17.0645 0x163c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:15:17.0662 0x163c  RasAcd - ok
13:15:17.0665 0x163c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:15:17.0682 0x163c  RasAgileVpn - ok
13:15:17.0686 0x163c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:15:17.0704 0x163c  RasAuto - ok
13:15:17.0708 0x163c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:15:17.0725 0x163c  Rasl2tp - ok
13:15:17.0732 0x163c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:15:17.0753 0x163c  RasMan - ok
13:15:17.0757 0x163c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:15:17.0774 0x163c  RasPppoe - ok
13:15:17.0777 0x163c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:15:17.0795 0x163c  RasSstp - ok
13:15:17.0801 0x163c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:15:17.0821 0x163c  rdbss - ok
13:15:17.0823 0x163c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:15:17.0831 0x163c  rdpbus - ok
13:15:17.0833 0x163c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:15:17.0849 0x163c  RDPCDD - ok
13:15:17.0854 0x163c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:15:17.0862 0x163c  RDPDR - ok
13:15:17.0865 0x163c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:15:17.0881 0x163c  RDPENCDD - ok
13:15:17.0884 0x163c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:15:17.0901 0x163c  RDPREFMP - ok
13:15:17.0905 0x163c  [ 76D8CC526512ECAE2AEF63B1A6D018A1, 7281AFEBA5455BB879D4BA2DBADDCF6DAC87C1040605907CC907142609985B17 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:15:17.0910 0x163c  RdpVideoMiniport - ok
13:15:17.0915 0x163c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:15:17.0924 0x163c  RDPWD - ok
13:15:17.0929 0x163c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:15:17.0937 0x163c  rdyboost - ok
13:15:17.0940 0x163c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:15:17.0958 0x163c  RemoteAccess - ok
13:15:17.0962 0x163c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:15:17.0981 0x163c  RemoteRegistry - ok
13:15:17.0985 0x163c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:15:17.0994 0x163c  RFCOMM - ok
13:15:17.0997 0x163c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:15:18.0015 0x163c  RpcEptMapper - ok
13:15:18.0017 0x163c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:15:18.0023 0x163c  RpcLocator - ok
13:15:18.0032 0x163c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:15:18.0054 0x163c  RpcSs - ok
13:15:18.0057 0x163c  [ 742186A23B9B3E7F90FAA4595291ED0C, 9AD43DB642E27074D4792B6E6A12EFDC3C1C22B0828EF6B84265D295CA4F7424 ] rspLLL          C:\Windows\system32\DRIVERS\rspLLL64.sys
13:15:18.0062 0x163c  rspLLL - ok
13:15:18.0065 0x163c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:15:18.0083 0x163c  rspndr - ok
13:15:18.0085 0x163c  [ 0D992B69029D1F23A872FF5A3352FB5B, 0ACA4447EE54D635F76B941F6100B829DC8B2E0DF27BDF584ACB90F15F12FBDA ] RTCore64        C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
13:15:18.0090 0x163c  RTCore64 - ok
13:15:18.0092 0x163c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:15:18.0098 0x163c  s3cap - ok
13:15:18.0100 0x163c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe
13:15:18.0105 0x163c  SamSs - ok
13:15:18.0109 0x163c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:15:18.0115 0x163c  sbp2port - ok
13:15:18.0119 0x163c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:15:18.0139 0x163c  SCardSvr - ok
13:15:18.0142 0x163c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:15:18.0167 0x163c  scfilter - ok
13:15:18.0184 0x163c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:15:18.0215 0x163c  Schedule - ok
13:15:18.0219 0x163c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:15:18.0235 0x163c  SCPolicySvc - ok
13:15:18.0239 0x163c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:15:18.0248 0x163c  SDRSVC - ok
13:15:18.0250 0x163c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:15:18.0267 0x163c  secdrv - ok
13:15:18.0269 0x163c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:15:18.0286 0x163c  seclogon - ok
13:15:18.0288 0x163c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:15:18.0306 0x163c  SENS - ok
13:15:18.0308 0x163c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:15:18.0315 0x163c  SensrSvc - ok
13:15:18.0317 0x163c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:15:18.0323 0x163c  Serenum - ok
13:15:18.0327 0x163c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:15:18.0334 0x163c  Serial - ok
13:15:18.0336 0x163c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:15:18.0343 0x163c  sermouse - ok
13:15:18.0348 0x163c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:15:18.0366 0x163c  SessionEnv - ok
13:15:18.0368 0x163c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:15:18.0376 0x163c  sffdisk - ok
13:15:18.0378 0x163c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:15:18.0385 0x163c  sffp_mmc - ok
13:15:18.0387 0x163c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:15:18.0394 0x163c  sffp_sd - ok
13:15:18.0396 0x163c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:15:18.0402 0x163c  sfloppy - ok
13:15:18.0409 0x163c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:15:18.0431 0x163c  SharedAccess - ok
13:15:18.0438 0x163c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:15:18.0460 0x163c  ShellHWDetection - ok
13:15:18.0463 0x163c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:15:18.0468 0x163c  SiSRaid2 - ok
13:15:18.0471 0x163c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:15:18.0477 0x163c  SiSRaid4 - ok
13:15:18.0485 0x163c  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:15:18.0495 0x163c  SkypeUpdate - ok
13:15:18.0498 0x163c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:15:18.0516 0x163c  Smb - ok
13:15:18.0520 0x163c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:15:18.0527 0x163c  SNMPTRAP - ok
13:15:18.0529 0x163c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:15:18.0534 0x163c  spldr - ok
13:15:18.0544 0x163c  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
13:15:18.0567 0x163c  Spooler - ok
13:15:18.0613 0x163c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:15:18.0678 0x163c  sppsvc - ok
13:15:18.0684 0x163c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:15:18.0701 0x163c  sppuinotify - ok
13:15:18.0710 0x163c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:15:18.0723 0x163c  srv - ok
13:15:18.0730 0x163c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:15:18.0742 0x163c  srv2 - ok
13:15:18.0747 0x163c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:15:18.0754 0x163c  srvnet - ok
13:15:18.0758 0x163c  [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
13:15:18.0767 0x163c  ssadbus - ok
13:15:18.0769 0x163c  [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:15:18.0776 0x163c  ssadmdfl - ok
13:15:18.0780 0x163c  [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
13:15:18.0789 0x163c  ssadmdm - ok
13:15:18.0794 0x163c  [ ED161B91FDF7EAA39469D72D463D5F4E, FC793E378FB709313D0AC44F59BF5C9488D73235AA2B1A21C50C3DED91C6BE62 ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
13:15:18.0800 0x163c  sscdbus - ok
13:15:18.0803 0x163c  [ 4CB09E77593DBD8D7AF33B37375CA715, 7B14851A8EDAA996D28335FD4DA812C6114DD5012E1E929F4813797CDC77E5BC ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:15:18.0807 0x163c  sscdmdfl - ok
13:15:18.0812 0x163c  [ C7B4CF53497A6E5363F3439427663882, 993278ADAAC18F12FE00CCF76681461451DA335F67BB581FC7326045048EC085 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
13:15:18.0818 0x163c  sscdmdm - ok
13:15:18.0823 0x163c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:15:18.0843 0x163c  SSDPSRV - ok
13:15:18.0846 0x163c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:15:18.0864 0x163c  SstpSvc - ok
13:15:18.0879 0x163c  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:15:18.0895 0x163c  Steam Client Service - ok
13:15:18.0897 0x163c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:15:18.0902 0x163c  stexstor - ok
13:15:18.0913 0x163c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:15:18.0929 0x163c  stisvc - ok
13:15:18.0933 0x163c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:15:18.0939 0x163c  storflt - ok
13:15:18.0941 0x163c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:15:18.0946 0x163c  storvsc - ok
13:15:18.0948 0x163c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:15:18.0954 0x163c  swenum - ok
13:15:18.0963 0x163c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:15:18.0987 0x163c  swprv - ok
13:15:18.0990 0x163c  Synth3dVsc - ok
13:15:19.0014 0x163c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:15:19.0048 0x163c  SysMain - ok
13:15:19.0052 0x163c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:15:19.0062 0x163c  TabletInputService - ok
13:15:19.0068 0x163c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:15:19.0089 0x163c  TapiSrv - ok
13:15:19.0092 0x163c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:15:19.0110 0x163c  TBS - ok
13:15:19.0136 0x163c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:15:19.0168 0x163c  Tcpip - ok
13:15:19.0194 0x163c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:15:19.0221 0x163c  TCPIP6 - ok
13:15:19.0225 0x163c  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:15:19.0242 0x163c  tcpipreg - ok
13:15:19.0245 0x163c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:15:19.0251 0x163c  TDPIPE - ok
13:15:19.0253 0x163c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:15:19.0259 0x163c  TDTCP - ok
13:15:19.0263 0x163c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:15:19.0280 0x163c  tdx - ok
13:15:19.0283 0x163c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:15:19.0288 0x163c  TermDD - ok
13:15:19.0300 0x163c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
13:15:19.0314 0x163c  TermService - ok
13:15:19.0317 0x163c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:15:19.0326 0x163c  Themes - ok
13:15:19.0329 0x163c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:15:19.0345 0x163c  THREADORDER - ok
13:15:19.0349 0x163c  [ 0A03E85A641F2672796D34F506066594, B2AA139CC53F25DB1709844483D404A8FA1D010167BCF164B4A31A029C606F7D ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
13:15:19.0354 0x163c  TomTomHOMEService - ok
13:15:19.0357 0x163c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:15:19.0376 0x163c  TrkWks - ok
13:15:19.0381 0x163c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:15:19.0399 0x163c  TrustedInstaller - ok
13:15:19.0403 0x163c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:15:19.0409 0x163c  tssecsrv - ok
13:15:19.0419 0x163c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:15:19.0426 0x163c  TsUsbFlt - ok
13:15:19.0429 0x163c  tsusbhub - ok
13:15:19.0432 0x163c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:15:19.0450 0x163c  tunnel - ok
13:15:19.0453 0x163c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:15:19.0458 0x163c  uagp35 - ok
13:15:19.0465 0x163c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:15:19.0485 0x163c  udfs - ok
13:15:19.0489 0x163c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:15:19.0497 0x163c  UI0Detect - ok
13:15:19.0500 0x163c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:15:19.0506 0x163c  uliagpkx - ok
13:15:19.0508 0x163c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
13:15:19.0515 0x163c  umbus - ok
13:15:19.0518 0x163c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:15:19.0524 0x163c  UmPass - ok
13:15:19.0529 0x163c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:15:19.0539 0x163c  UmRdpService - ok
13:15:19.0548 0x163c  [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
13:15:19.0557 0x163c  UMVPFSrv - ok
13:15:19.0559 0x163c  UnlockerDriver5 - ok
13:15:19.0567 0x163c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:15:19.0588 0x163c  upnphost - ok
13:15:19.0591 0x163c  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:15:19.0593 0x163c  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
13:15:21.0940 0x163c  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
13:15:24.0358 0x163c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:15:24.0366 0x163c  usbaudio - ok
13:15:24.0370 0x163c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:15:24.0377 0x163c  usbccgp - ok
13:15:24.0381 0x163c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:15:24.0388 0x163c  usbcir - ok
13:15:24.0391 0x163c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:15:24.0398 0x163c  usbehci - ok
13:15:24.0404 0x163c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:15:24.0415 0x163c  usbhub - ok
13:15:24.0418 0x163c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:15:24.0424 0x163c  usbohci - ok
13:15:24.0426 0x163c  USBPNPA - ok
13:15:24.0429 0x163c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:15:24.0436 0x163c  usbprint - ok
13:15:24.0439 0x163c  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:15:24.0447 0x163c  USBSTOR - ok
13:15:24.0450 0x163c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:15:24.0455 0x163c  usbuhci - ok
13:15:24.0460 0x163c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:15:24.0468 0x163c  usbvideo - ok
13:15:24.0478 0x163c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:15:24.0496 0x163c  UxSms - ok
13:15:24.0498 0x163c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe
13:15:24.0504 0x163c  VaultSvc - ok
13:15:24.0506 0x163c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:15:24.0512 0x163c  vdrvroot - ok
13:15:24.0522 0x163c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:15:24.0545 0x163c  vds - ok
13:15:24.0548 0x163c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:15:24.0555 0x163c  vga - ok
13:15:24.0557 0x163c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:15:24.0574 0x163c  VgaSave - ok
13:15:24.0576 0x163c  VGPU - ok
13:15:24.0581 0x163c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:15:24.0589 0x163c  vhdmp - ok
13:15:24.0621 0x163c  [ E066AA9C9866C2001372486A6841108C, 648E39962EDB3D77FBB5E2D5B603E16240AADE181A20E8778EE3D8847E4C0984 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
13:15:24.0656 0x163c  VIAHdAudAddService - ok
13:15:24.0659 0x163c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:15:24.0665 0x163c  viaide - ok
13:15:24.0668 0x163c  [ 1236737C7993FB462610E1A0AA92C40B, 85385740AE7F885ACD605860AB2642DAC7456BB26C6615DAA9EE02AF54FEF77C ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
13:15:24.0672 0x163c  VIAKaraokeService - ok
13:15:24.0677 0x163c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:15:24.0684 0x163c  vmbus - ok
13:15:24.0687 0x163c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:15:24.0693 0x163c  VMBusHID - ok
13:15:24.0695 0x163c  vmci - ok
13:15:24.0697 0x163c  VMnetAdapter - ok
13:15:24.0700 0x163c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:15:24.0705 0x163c  volmgr - ok
13:15:24.0713 0x163c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:15:24.0722 0x163c  volmgrx - ok
13:15:24.0729 0x163c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:15:24.0738 0x163c  volsnap - ok
13:15:24.0742 0x163c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:15:24.0749 0x163c  vsmraid - ok
13:15:24.0772 0x163c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:15:24.0811 0x163c  VSS - ok
13:15:24.0818 0x163c  [ 316A1762BD41C3DB06EB484527838E2D, D358F9008F347BCE673C9EA5027FE9A2C169943A775DF012364965643C9AB794 ] VUSB3HUB        C:\Windows\system32\DRIVERS\ViaHub3.sys
13:15:24.0825 0x163c  VUSB3HUB - ok
13:15:24.0828 0x163c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:15:24.0836 0x163c  vwifibus - ok
13:15:24.0839 0x163c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:15:24.0847 0x163c  vwififlt - ok
13:15:24.0849 0x163c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:15:24.0858 0x163c  vwifimp - ok
13:15:24.0865 0x163c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:15:24.0887 0x163c  W32Time - ok
13:15:24.0897 0x163c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
13:15:24.0909 0x163c  W3SVC - ok
13:15:24.0912 0x163c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:15:24.0918 0x163c  WacomPen - ok
13:15:24.0921 0x163c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:15:24.0938 0x163c  WANARP - ok
13:15:24.0941 0x163c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:15:24.0957 0x163c  Wanarpv6 - ok
13:15:24.0965 0x163c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
13:15:24.0976 0x163c  WAS - ok
13:15:24.0998 0x163c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:15:25.0026 0x163c  wbengine - ok
13:15:25.0032 0x163c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:15:25.0044 0x163c  WbioSrvc - ok
13:15:25.0051 0x163c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:15:25.0065 0x163c  wcncsvc - ok
13:15:25.0068 0x163c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:15:25.0075 0x163c  WcsPlugInService - ok
13:15:25.0077 0x163c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:15:25.0082 0x163c  Wd - ok
13:15:25.0084 0x163c  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
13:15:25.0090 0x163c  WDC_SAM - ok
13:15:25.0103 0x163c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:15:25.0120 0x163c  Wdf01000 - ok
13:15:25.0124 0x163c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:15:25.0134 0x163c  WdiServiceHost - ok
13:15:25.0136 0x163c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:15:25.0146 0x163c  WdiSystemHost - ok
13:15:25.0151 0x163c  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
13:15:25.0164 0x163c  WebClient - ok
13:15:25.0169 0x163c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:15:25.0189 0x163c  Wecsvc - ok
13:15:25.0192 0x163c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:15:25.0211 0x163c  wercplsupport - ok
13:15:25.0214 0x163c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:15:25.0232 0x163c  WerSvc - ok
13:15:25.0235 0x163c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:15:25.0251 0x163c  WfpLwf - ok
13:15:25.0254 0x163c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:15:25.0259 0x163c  WIMMount - ok
13:15:25.0260 0x163c  WinDefend - ok
13:15:25.0263 0x163c  WinHttpAutoProxySvc - ok
13:15:25.0272 0x163c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:15:25.0292 0x163c  Winmgmt - ok
13:15:25.0295 0x163c  WinRing0_1_2_0 - ok
13:15:25.0323 0x163c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:15:25.0368 0x163c  WinRM - ok
13:15:25.0374 0x163c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:15:25.0381 0x163c  WinUsb - ok
13:15:25.0395 0x163c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:15:25.0417 0x163c  Wlansvc - ok
13:15:25.0421 0x163c  [ A18585726C18A64885DD1DB3906DBA21, 34A636B7D08E97F4FF8D4424393408028AD915FF0134B0A121ABEC80F6742223 ] wltrysvc        C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
13:15:25.0423 0x163c  wltrysvc - detected UnsignedFile.Multi.Generic ( 1 )
13:15:35.0424 0x163c  wltrysvc ( UnsignedFile.Multi.Generic ) - warning
13:15:37.0766 0x163c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:15:37.0773 0x163c  WmiAcpi - ok
13:15:37.0779 0x163c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:15:37.0788 0x163c  wmiApSrv - ok
13:15:37.0790 0x163c  WMPNetworkSvc - ok
13:15:37.0792 0x163c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:15:37.0799 0x163c  WPCSvc - ok
13:15:37.0803 0x163c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:15:37.0811 0x163c  WPDBusEnum - ok
13:15:37.0814 0x163c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:15:37.0831 0x163c  ws2ifsl - ok
13:15:37.0834 0x163c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:15:37.0844 0x163c  wscsvc - ok
13:15:37.0880 0x163c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:15:37.0921 0x163c  wuauserv - ok
13:15:37.0925 0x163c  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:15:37.0943 0x163c  WudfPf - ok
13:15:37.0948 0x163c  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:15:37.0966 0x163c  WUDFRd - ok
13:15:37.0969 0x163c  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:15:37.0986 0x163c  wudfsvc - ok
13:15:37.0992 0x163c  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:15:38.0004 0x163c  WwanSvc - ok
13:15:38.0009 0x163c  [ FFDB0ED9D1D453F7F19DE55FE0706195, 926982B6204B3820AF3F9FE5A423938587E07CE1832B103AD77C5AEC2762DF3E ] xhcdrv          C:\Windows\system32\DRIVERS\xhcdrv.sys
13:15:38.0018 0x163c  xhcdrv - ok
13:15:38.0031 0x163c  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
13:15:38.0048 0x163c  xnacc - ok
13:15:38.0053 0x163c  ================ Scan global ===============================
13:15:38.0055 0x163c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:15:38.0061 0x163c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:15:38.0067 0x163c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:15:38.0072 0x163c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:15:38.0079 0x163c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:15:38.0083 0x163c  [ Global ] - ok
13:15:38.0083 0x163c  ================ Scan MBR ==================================
13:15:38.0085 0x163c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:15:38.0293 0x163c  \Device\Harddisk0\DR0 - ok
13:15:38.0313 0x163c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:15:38.0384 0x163c  \Device\Harddisk1\DR1 - ok
13:15:38.0585 0x163c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
13:15:38.0649 0x163c  \Device\Harddisk2\DR2 - ok
13:15:38.0650 0x163c  ================ Scan VBR ==================================
13:15:38.0651 0x163c  [ 638FDA72430B86736621A6EC8BE30993 ] \Device\Harddisk0\DR0\Partition1
13:15:38.0651 0x163c  \Device\Harddisk0\DR0\Partition1 - ok
13:15:38.0653 0x163c  [ 71FE0EE8D795E7A5E96CFFAAC13D0B52 ] \Device\Harddisk0\DR0\Partition2
13:15:38.0653 0x163c  \Device\Harddisk0\DR0\Partition2 - ok
13:15:38.0654 0x163c  [ 05E1DB5C956D61BA109DD866CE45B5A5 ] \Device\Harddisk1\DR1\Partition1
13:15:38.0655 0x163c  \Device\Harddisk1\DR1\Partition1 - ok
13:15:38.0656 0x163c  [ 387E90D7F82670D87E12AAE9962880AC ] \Device\Harddisk2\DR2\Partition1
13:15:38.0698 0x163c  \Device\Harddisk2\DR2\Partition1 - ok
13:15:38.0698 0x163c  ================ Scan generic autorun ======================
13:15:38.0704 0x163c  [ 968EDA6EA6E00DFAE78586BFA6322B74, 8F3A01704E67D2F9212A08F0D5B4FF15DEE4791E1BB303DF4C9CF7DD3871E6E5 ] C:\VIA_XHCI\usb3Monitor.exe
13:15:38.0710 0x163c  VIAxHCUtl - detected UnsignedFile.Multi.Generic ( 1 )
13:15:41.0024 0x163c  Detect skipped due to KSN trusted
13:15:41.0024 0x163c  VIAxHCUtl - ok
13:15:41.0222 0x163c  [ 19ECAAEA3CC248489FE987C10B688C0D, 967CB23A8176B3181EE2A55DFBB04A69988AB22105D4C450C5B5E729B91FAD5A ] C:\Program Files\Logitech Gaming Software\LCore.exe
13:15:41.0372 0x163c  Launch LCore - ok
13:15:41.0411 0x163c  [ 28BB6F44AB880F0326ABF680AB7C03B2, 61FA26828731C0887E0CD908D1BDFD1CB52F9FC6707A98CC044657C20A7DA40C ] C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
13:15:41.0448 0x163c  GamecomSound - detected UnsignedFile.Multi.Generic ( 1 )
13:15:43.0785 0x163c  GamecomSound ( UnsignedFile.Multi.Generic ) - warning
13:15:46.0170 0x163c  [ 5858DE874168C5F0AEA7A353DD520D48, DB77AF431227AEBD92C6E40AC723435E83DCF4620B7366D4FA6D9ACB500AA6EA ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
13:15:46.0213 0x163c  CanonMyPrinter - ok
13:15:46.0220 0x163c  [ 9166C1276B296BC78FA816CD8448CD32, 1D2BF20F9EA7665281E5F9FFE50A8127E4618CB76C6A47A27E7ACA196327C395 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
13:15:46.0228 0x163c  USB3MON - ok
13:15:46.0244 0x163c  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
13:15:46.0259 0x163c  StartCCC - ok
13:15:46.0268 0x163c  [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
13:15:46.0277 0x163c  IJNetworkScannerSelectorEX - ok
13:15:46.0286 0x163c  [ EE864CD35936E4AAD8120321907DA8F5, D4A37E70302DF0A76E20F1AC1CD427A831BA80A8E1729E0E5637DC48E7A85DF3 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
13:15:46.0295 0x163c  Dolby Home Theater v4 - ok
13:15:46.0321 0x163c  [ 00AB2B491C7037BB219BEB26FAD34C72, 95EDBBE07EB85EEE1376252AA975BAA61235C80FC03036357BD4786E5D6B9703 ] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
13:15:46.0347 0x163c  CanonSolutionMenuEx - ok
13:15:46.0350 0x163c  [ 273C4436D232B27AFD8DF3BAF148D932, 62D52E7D215086D1F9CD51ECB10976C9C4EFE1A4BB4C74E57CE6C8DE16A4BAA8 ] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
13:15:46.0354 0x163c  PSUAMain - ok
13:15:46.0371 0x163c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:15:46.0391 0x163c  Sidebar - ok
13:15:46.0394 0x163c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:15:46.0404 0x163c  mctadmin - ok
13:15:46.0421 0x163c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:15:46.0440 0x163c  Sidebar - ok
13:15:46.0443 0x163c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:15:46.0452 0x163c  mctadmin - ok
13:15:46.0490 0x163c  [ 3255867AE34EDD5346C750677EE63354, 3FC8E1EFF33EE83717C285D0CD388886135C5BF977B69CF6ADCFD4196139D483 ] C:\Program Files (x86)\Steam\steam.exe
13:15:46.0526 0x163c  Steam - ok
13:15:46.0549 0x163c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
13:15:46.0575 0x163c  Sidebar - ok
13:15:46.0576 0x163c  Waiting for KSN requests completion. In queue: 14
13:15:47.0576 0x163c  Waiting for KSN requests completion. In queue: 13
13:15:48.0576 0x163c  Waiting for KSN requests completion. In queue: 13
13:15:49.0586 0x163c  AV detected via SS2: Panda Free Antivirus, C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe ( 1.0.0.0 ), 0x71000 ( enabled : updated )
13:15:49.0586 0x163c  FW detected via SS2: Panda Firewall, C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe ( 1.0.0.0 ), 0x70010 ( disabled )
13:15:49.0589 0x163c  Win FW state via NFP2: enabled
13:15:51.0929 0x163c  ============================================================
13:15:51.0929 0x163c  Scan finished
13:15:51.0929 0x163c  ============================================================
13:15:51.0932 0x1590  Detected object count: 3
13:15:51.0932 0x1590  Actual detected object count: 3
13:17:37.0372 0x1590  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:37.0372 0x1590  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:17:37.0373 0x1590  wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:37.0373 0x1590  wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:17:37.0373 0x1590  GamecomSound ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:37.0373 0x1590  GamecomSound ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke

schrauber · 21.03.2015, 09:58

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

sill · 21.03.2015, 22:49

Hallo schrauber ! Combofix hat mein Autostart Objekt "HWINFO.exe" gelöscht, keine Ahnung warum, hoffe ich dann das Tool wieder nutzen, da ich meine Temperaturen per LCD Monitor auf meiner Tastatur anzeigen lassen.

Combofix

Code:

ATTFilter

ComboFix 15-03-14.03 - Waldi 21.03.2015  22:39:10.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8137.5662 [GMT 1:00]
ausgeführt von:: c:\users\Waldi\Desktop\ComboFix.exe
AV: Panda Free Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Free Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1423486835.bdinstall.bin
c:\programdata\ntuser.pol
c:\users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HWiNFO64.EXE.lnk
c:\users\Waldi\ncftp
c:\users\Waldi\ncftp\firewall.txt
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-21 bis 2015-03-21  ))))))))))))))))))))))))))))))
.
.
2015-03-20 22:56 . 2015-03-20 23:08	--------	d-----w-	c:\users\Waldi\AppData\Roaming\NetStat4Win
2015-03-20 22:56 . 2015-01-07 12:16	583048	----a-w-	c:\windows\N4WUn.EXE
2015-03-20 22:56 . 2015-03-20 22:56	--------	d-----w-	c:\program files\NetStat4Win
2015-03-20 22:30 . 2015-03-20 22:30	--------	d-----w-	c:\program files (x86)\WinPcap
2015-03-20 22:29 . 2015-03-20 22:29	--------	d-----w-	c:\users\Waldi\AppData\Roaming\Wireshark
2015-03-20 22:28 . 2015-03-20 22:30	--------	d-----w-	c:\program files\Wireshark
2015-03-20 22:21 . 2015-03-20 22:21	--------	d-----w-	c:\program files\Microsoft Network Monitor 3
2015-03-20 21:06 . 2015-03-21 02:32	--------	d-----w-	c:\users\Waldi\AppData\Roaming\PortForward.com
2015-03-20 21:06 . 2015-03-20 21:06	--------	d-----w-	c:\program files (x86)\Portforward
2015-03-20 21:06 . 2015-03-20 21:06	--------	d-----w-	c:\users\Waldi\AppData\Local\Downloaded Installations
2015-03-20 19:36 . 2015-03-20 19:38	--------	d-----w-	c:\program files (x86)\Smart Port Forwarding
2015-03-20 12:07 . 2015-03-20 12:12	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-20 12:07 . 2015-03-20 12:07	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-20 12:06 . 2015-03-20 12:06	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-19 23:43 . 2015-03-19 23:44	--------	d-----w-	C:\FRST
2015-03-19 16:25 . 2014-03-25 13:15	60400	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2015-03-14 02:30 . 2015-01-29 09:07	11910896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{54A3DC45-FD20-480A-A27E-58EC6BBC7168}\mpengine.dll
2015-03-14 02:21 . 2015-03-06 05:56	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-03-14 02:20 . 2015-02-26 03:25	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-03-14 02:20 . 2015-02-13 05:22	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-03-14 02:20 . 2015-01-17 02:48	1067520	----a-w-	c:\windows\system32\msctf.dll
2015-03-14 02:20 . 2015-01-17 02:30	828928	----a-w-	c:\windows\SysWow64\msctf.dll
2015-03-14 02:20 . 2015-02-04 03:16	392192	----a-w-	c:\windows\system32\WMPhoto.dll
2015-03-14 02:20 . 2015-02-04 02:54	318464	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-03-14 01:22 . 2015-03-14 01:22	--------	d-----w-	c:\users\Waldi\AppData\Local\Windows Performance Analyzer
2015-03-13 16:40 . 2015-03-13 16:40	778928	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-13 16:40 . 2015-03-13 16:40	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-03 23:30 . 2015-03-03 23:30	--------	d-----w-	c:\users\Waldi\Tracing
2015-02-27 12:16 . 2015-02-27 12:37	--------	d-----w-	c:\users\TEMP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-26 20:14 . 2012-10-14 15:20	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-02-24 03:17 . 2012-10-14 14:48	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-17 18:14 . 2014-03-02 12:25	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-17 14:19 . 2015-02-17 14:19	1614496	----a-w-	c:\windows\system32\FM20.DLL
2015-02-14 00:11 . 2013-05-07 19:36	280792	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2015-02-14 00:11 . 2012-10-15 18:36	280792	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2015-02-14 00:11 . 2013-05-07 19:36	281032	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2015-02-13 21:58 . 2013-05-07 19:35	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2015-02-09 12:46 . 2015-02-09 12:46	74000	----a-w-	c:\windows\system32\bdsandboxuiskin32.dll
2015-02-06 11:25 . 2015-02-06 10:58	93144	----a-w-	c:\windows\system32\drivers\hmpalert.sys
2015-02-06 11:25 . 2015-02-06 10:58	548424	----a-w-	c:\windows\system32\hmpalert.dll
2015-02-06 11:25 . 2015-02-06 10:58	477008	----a-w-	c:\windows\SysWow64\hmpalert.dll
2015-01-02 19:28 . 2015-01-02 19:28	174624	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-02-18 2874048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-09-17 292088]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-08-31 508656]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2014-10-16 37624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R1 atitray;atitray;c:\program files (x86)\ATI Tray Tools\atitray64.sys;c:\program files (x86)\ATI Tray Tools\atitray64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz136;cpuz136;c:\users\Waldi\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Waldi\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 cpuz137;cpuz137;c:\users\Waldi\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\Waldi\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
R3 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64;c:\windows\SYSNATIVE\Drivers\DRIVER_BIN64 [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb4.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys;c:\program files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [x]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
S0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cmcore;Clean Master Core Service;c:\program files (x86)\cmcm\Clean Master\cmcore.exe;c:\program files (x86)\cmcm\Clean Master\cmcore.exe [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 ASUSU7;ASUS Xonar U7 Audio Device;c:\windows\system32\DRIVERS\ASUSU7.SYS;c:\windows\SYSNATIVE\DRIVERS\ASUSU7.SYS [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13 16:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-10-14 12697368]
"GamecomSound"="c:\program files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe" [2013-08-06 2453504]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SharedTaskScheduler-{F791A188-699D-4FD4-955A-EB59E89B1907} - (no file)
AddRemove-CMIUSB&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\CMIUSB&1B1C&1C00
AddRemove-SIUSBXP&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\SIUSBXP&1B1C&1C00
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
j:\program files\Fraps\fraps.exe
c:\program files (x86)\Steam\bin\steamwebhelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-21  22:44:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-03-21 21:44
.
Vor Suchlauf: 10 Verzeichnis(se), 16.308.162.560 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 16.126.877.696 Bytes frei
.
- - End Of File - - D37C1ED8A27B288C08DE92BEE14AE159
A36C5E4F47E84449FF07ED3517B43A31

Lieber Gruß

schrauber · 22.03.2015, 11:19

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

sill · 22.03.2015, 14:32

Hi, die neuen Scans.

mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.03.2015
Suchlauf-Zeit: 14:00:50
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.22.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Waldi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 433175
Verstrichene Zeit: 3 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 1
PUP.Optional.BoBrowser.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\bobrowser.exe, In Quarantäne, [17743c0c7e0cd4623b858b2c7e855ca4], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Adwcleaner

Code:

ATTFilter

# AdwCleaner v4.112 - Bericht erstellt 22/03/2015 um 14:21:41
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-22.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Waldi - WALDI-PC
# Gestarted von : C:\Users\Waldi\Desktop\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : WinRing0_1_2_0

***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\foxydeal.sqlite

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7601.18595


-\\ Mozilla Firefox v36.0.4 (x86 de)

[wycm5npw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [1046 Bytes] - [22/03/2015 14:19:58]
AdwCleaner[S0].txt - [983 Bytes] - [22/03/2015 14:21:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1041  Bytes] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Ultimate x64
Ran by Waldi on 22.03.2015 at 14:23:44,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Waldi\AppData\Roaming\mozilla\firefox\profiles\wycm5npw.default\minidumps [136 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2015 at 14:28:00,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Waldi (administrator) on WALDI-PC on 22-03-2015 14:29:06
Running from C:\Users\Waldi\Desktop
Loaded Profiles: Waldi (Available profiles: Waldi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Beepa P/L) J:\Program Files\Fraps\fraps.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Beepa P/L) J:\Program Files\Fraps\fraps64.dat
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\...\Policies\Explorer: [NoInternetOpenWith] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP62698F15-1543-4F58-A1BA-C0DD59DB70FF&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-17] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default
FF SearchEngineOrder.3: Bing 
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> J:\Spiele\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-09-23] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2863928453-3540503222-4138622775-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2863928453-3540503222-4138622775-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Extension: Battlefield Heroes Updater - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\battlefieldheroespatcher@ea.com [2014-10-20]
FF Extension: Battlefield Play4Free - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\battlefieldplay4free@ea.com [2014-10-20]
FF Extension: 360网页保护 - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\webshield@360safe.com [2014-12-12]
FF Extension: ProxTube - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\ich@maltegoetz.de.xpi [2014-09-14]
FF Extension: X-Forwarded-For Header - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi [2014-07-19]
FF Extension: NoSquint - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\nosquint@urandom.ca.xpi [2013-12-11]
FF Extension: Session Manager - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-06-04]
FF Extension: YouTube High Definition - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-21]
FF Extension: Adblock Plus - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-29]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Waldi\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-10-31] (Kingsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-01-02] (EasyAntiCheat Ltd)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-02-06] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-05] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-13] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2013-05-19] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [130536 2011-11-03] (ASMedia Technology Inc) [File not signed]
R3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-12] (Disc Soft Ltd)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-02-16] (<Turtle Entertainment>)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-23] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-02-06] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [26528 2014-12-01] (REALiX(tm))
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4221440 2014-01-25] (Intel Corporation) [File not signed]
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-10-31] (Kingsoft Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S1 atitray; \??\C:\Program Files (x86)\ATI Tray Tools\atitray64.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\Waldi\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Users\Waldi\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 DRIVER_B; \??\C:\Windows\system32\Drivers\DRIVER_BIN64 [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 14:28 - 2015-03-22 14:28 - 00000824 _____ () C:\Users\Waldi\Desktop\JRT.txt
2015-03-22 14:23 - 2015-03-22 14:23 - 01388672 _____ (Thisisu) C:\Users\Waldi\Desktop\JRT.exe
2015-03-22 14:22 - 2015-03-22 14:22 - 00001121 _____ () C:\Users\Waldi\Desktop\AdwCleaner[S0].txt
2015-03-22 14:19 - 2015-03-22 14:21 - 00000000 ____D () C:\AdwCleaner
2015-03-22 14:19 - 2015-03-22 14:19 - 02171392 _____ () C:\Users\Waldi\Desktop\AdwCleaner_4.112.exe
2015-03-22 14:16 - 2015-03-22 14:16 - 00001332 _____ () C:\Users\Waldi\Desktop\mbam.txt
2015-03-22 14:00 - 2015-03-22 14:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-22 14:00 - 2015-03-22 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-22 13:59 - 2015-03-22 14:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-22 13:59 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 13:59 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 01:22 - 2015-03-22 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 22:45 - 2015-03-22 14:21 - 00010809 _____ () C:\Windows\WindowsUpdate.log
2015-03-21 22:44 - 2015-03-21 22:44 - 00021818 _____ () C:\ComboFix.txt
2015-03-21 22:42 - 2015-03-22 14:22 - 00000924 _____ () C:\Windows\PFRO.log
2015-03-21 22:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-21 22:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-21 22:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-21 22:37 - 2015-03-21 22:44 - 00000000 ____D () C:\Qoobox
2015-03-21 22:37 - 2015-03-21 22:43 - 00000000 ____D () C:\Windows\erdnt
2015-03-21 14:40 - 2015-03-21 14:40 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-21 14:40 - 2015-03-21 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-21 10:50 - 2015-03-22 14:22 - 00000560 _____ () C:\Windows\setupact.log
2015-03-21 10:50 - 2015-03-21 10:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-21 02:04 - 2015-03-21 02:04 - 00000997 _____ () C:\Users\Waldi\Desktop\Tcpview.exe.lnk
2015-03-20 23:56 - 2015-03-21 00:08 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\NetStat4Win
2015-03-20 23:56 - 2015-03-20 23:56 - 00001929 ____R () C:\Windows\NetStat4Win_Uninstall.in
2015-03-20 23:56 - 2015-03-20 23:56 - 00000794 _____ () C:\Users\Waldi\Desktop\NetStat4Win.lnk
2015-03-20 23:56 - 2015-03-20 23:56 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetStat4Win
2015-03-20 23:56 - 2015-03-20 23:56 - 00000000 ____D () C:\Program Files\NetStat4Win
2015-03-20 23:56 - 2015-01-07 13:16 - 00583048 _____ (Mirko Böer) C:\Windows\N4WUn.EXE
2015-03-20 23:30 - 2015-03-20 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-03-20 23:30 - 2015-03-20 23:30 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-03-20 23:29 - 2015-03-20 23:30 - 00001784 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2015-03-20 23:29 - 2015-03-20 23:29 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Wireshark
2015-03-20 23:28 - 2015-03-20 23:30 - 00000000 ____D () C:\Program Files\Wireshark
2015-03-20 23:21 - 2015-03-20 23:21 - 00001034 _____ () C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
2015-03-20 23:21 - 2015-03-20 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
2015-03-20 23:21 - 2015-03-20 23:21 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2015-03-20 22:06 - 2015-03-21 03:32 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\PortForward.com
2015-03-20 22:06 - 2015-03-20 22:06 - 00002887 _____ () C:\Users\Public\Desktop\PortForward Network Utilities.lnk
2015-03-20 22:06 - 2015-03-20 22:06 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Downloaded Installations
2015-03-20 22:06 - 2015-03-20 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
2015-03-20 22:06 - 2015-03-20 22:06 - 00000000 ____D () C:\Program Files (x86)\Portforward
2015-03-20 20:36 - 2015-03-20 20:38 - 00000000 ____D () C:\Program Files (x86)\Smart Port Forwarding
2015-03-20 20:36 - 2015-03-20 20:36 - 00001083 _____ () C:\Users\Public\Desktop\Smart Port Forwarding.lnk
2015-03-20 20:05 - 2015-03-20 20:06 - 05615380 ____R (Swearware) C:\Users\Waldi\Desktop\ComboFix.exe
2015-03-20 13:12 - 2015-03-20 13:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Waldi\Desktop\tdsskiller.exe
2015-03-20 13:07 - 2015-03-22 14:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 13:07 - 2015-03-20 13:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-20 13:06 - 2015-03-20 13:12 - 00000000 ____D () C:\Users\Waldi\Desktop\mbar
2015-03-20 13:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-20 13:05 - 2015-03-20 13:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Waldi\Desktop\mbar-1.09.1.1004.exe
2015-03-20 01:04 - 2015-03-20 01:04 - 00083288 _____ () C:\Users\Waldi\Desktop\Gmer.txt
2015-03-20 00:59 - 2015-03-20 00:59 - 00380416 _____ () C:\Users\Waldi\Desktop\Gmer-19357.exe
2015-03-20 00:44 - 2015-03-22 14:29 - 00023152 _____ () C:\Users\Waldi\Desktop\FRST.txt
2015-03-20 00:44 - 2015-03-20 00:56 - 00035447 _____ () C:\Users\Waldi\Desktop\Addition.txt
2015-03-20 00:43 - 2015-03-22 14:29 - 00000000 ____D () C:\FRST
2015-03-20 00:41 - 2015-03-20 00:41 - 02095616 _____ (Farbar) C:\Users\Waldi\Desktop\FRST64.exe
2015-03-20 00:37 - 2015-03-20 00:37 - 00050477 _____ () C:\Users\Waldi\Desktop\Defogger.exe
2015-03-20 00:37 - 2015-03-20 00:37 - 00000542 _____ () C:\Users\Waldi\Desktop\defogger_disable.log
2015-03-20 00:37 - 2015-03-20 00:37 - 00000168 _____ () C:\Users\Waldi\defogger_reenable
2015-03-14 03:22 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-14 03:22 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-14 03:22 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-14 03:22 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-14 03:22 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-14 03:22 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-14 03:22 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-14 03:22 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-14 03:22 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-14 03:22 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-14 03:22 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-14 03:22 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-14 03:22 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-14 03:22 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-14 03:22 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-14 03:22 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-14 03:22 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-14 03:22 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-14 03:22 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-14 03:22 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-14 03:22 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-14 03:22 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-14 03:22 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-14 03:22 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-14 03:21 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-14 03:21 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-14 03:21 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-14 03:21 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-14 03:21 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-14 03:21 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-14 03:21 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-14 03:21 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-14 03:21 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-14 03:21 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-14 03:21 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-14 03:21 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-14 03:21 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-14 03:21 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-14 03:21 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-14 03:21 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-14 03:21 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-14 03:21 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-14 03:21 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-14 03:21 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-14 03:21 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-14 03:21 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-14 03:21 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-14 03:21 - 2015-02-03 04:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-14 03:21 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-14 03:21 - 2015-02-03 04:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-14 03:21 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-14 03:21 - 2015-01-31 04:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-14 03:21 - 2015-01-31 04:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-14 03:21 - 2015-01-31 04:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-14 03:21 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-14 03:21 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-14 03:21 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-14 03:20 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-14 03:20 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-14 03:20 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-14 03:20 - 2015-02-04 04:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-14 03:20 - 2015-02-04 03:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-14 03:20 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-14 03:20 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-14 02:22 - 2015-03-14 02:22 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Windows Performance Analyzer
2015-03-14 00:40 - 2015-03-20 23:14 - 00000348 _____ () C:\Users\Waldi\Desktop\schoof.txt
2015-03-13 17:40 - 2015-03-22 13:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-13 17:40 - 2015-03-13 17:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 17:40 - 2015-03-13 17:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 17:40 - 2015-03-13 17:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-08 13:40 - 2015-03-14 11:35 - 00327488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-08 04:54 - 2015-03-08 04:54 - 00062800 _____ () C:\Users\Waldi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 00:30 - 2015-03-04 00:30 - 00000000 ____D () C:\Users\Waldi\Tracing
2015-03-01 19:05 - 2015-03-01 19:06 - 00000655 _____ () C:\Users\Waldi\Desktop\Verkauf hwluxx.txt
2015-02-27 13:16 - 2015-02-27 13:37 - 00000000 ____D () C:\Users\TEMP
2015-02-27 09:51 - 2015-02-27 09:51 - 00000222 _____ () C:\Users\Waldi\Desktop\Arma 3.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 14:27 - 2009-07-14 05:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 14:27 - 2009-07-14 05:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 14:26 - 2009-07-14 18:58 - 21507774 _____ () C:\Windows\system32\perfh007.dat
2015-03-22 14:26 - 2009-07-14 18:58 - 06741760 _____ () C:\Windows\system32\perfc007.dat
2015-03-22 14:26 - 2009-07-14 06:13 - 00006486 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 14:24 - 2013-06-09 02:43 - 00000029 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Usage.ini
2015-03-22 14:22 - 2015-02-09 14:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-22 14:22 - 2012-10-14 17:11 - 00003166 _____ () C:\Windows\System32\Tasks\FRAPS
2015-03-22 14:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 14:19 - 2015-02-06 11:58 - 00000000 ____D () C:\Windows\CryptoGuard
2015-03-22 02:22 - 2014-07-02 16:32 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-03-21 22:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-21 22:43 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-21 22:42 - 2012-10-14 15:31 - 00000000 ____D () C:\Users\Waldi
2015-03-21 22:00 - 2013-06-03 18:49 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0
2015-03-21 18:15 - 2012-10-30 21:42 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\HLSW
2015-03-21 17:46 - 2012-10-17 15:28 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-03-21 17:44 - 2012-11-12 20:36 - 00007658 _____ () C:\Users\Waldi\AppData\Local\Resmon.ResmonCfg
2015-03-21 17:24 - 2012-11-17 16:14 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\TS3Client
2015-03-21 14:41 - 2015-02-17 16:59 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-21 11:49 - 2014-10-20 06:18 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\vlc
2015-03-21 04:18 - 2012-10-14 16:54 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-03-21 02:03 - 2014-12-16 14:47 - 00000484 __RSH () C:\Users\Waldi\ntuser.pol
2015-03-20 20:33 - 2012-11-17 20:23 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\DAEMON Tools Lite
2015-03-19 23:30 - 2012-10-15 19:07 - 00000000 ____D () C:\ProgramData\Origin
2015-03-19 15:22 - 2014-08-02 11:52 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Orbmu2k
2015-03-19 08:32 - 2012-12-08 15:22 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Skype
2015-03-19 01:46 - 2014-11-22 22:57 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\dvdcss
2015-03-18 22:05 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-17 13:58 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 12:43 - 2013-06-09 02:45 - 00000884 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Settings.ini
2015-03-15 01:09 - 2014-03-03 12:24 - 00000000 ____D () C:\Windows\Minidump
2015-03-14 14:37 - 2014-11-18 15:46 - 00000000 ____D () C:\Windows\rescache
2015-03-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-14 03:30 - 2013-03-18 11:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 03:27 - 2013-12-30 23:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 00:08 - 2012-10-28 20:24 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-13 17:40 - 2014-10-15 22:37 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Adobe
2015-03-09 04:04 - 2014-07-23 12:45 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-03-06 00:38 - 2013-04-21 21:51 - 00000000 ____D () C:\Users\Waldi\AppData\Local\ESL Wire Game Client
2015-03-05 03:09 - 2012-12-28 23:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-04 01:36 - 2012-10-15 19:48 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-04 00:32 - 2013-03-10 17:08 - 00000000 ____D () C:\Program Files (x86)\DAoC Portal
2015-03-04 00:25 - 2012-12-08 15:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-04 00:25 - 2012-12-08 15:22 - 00000000 ____D () C:\ProgramData\Skype
2015-02-26 21:14 - 2012-10-14 16:20 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-24 04:17 - 2012-10-14 15:48 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-24 00:31 - 2015-02-09 14:20 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Panda Security
2015-02-24 00:31 - 2015-02-09 14:20 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-24 00:31 - 2015-02-09 14:20 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-23 18:28 - 2014-12-25 14:59 - 00000000 ____D () C:\ProgramData\Cakewalk
2015-02-20 07:30 - 2013-05-23 09:34 - 00000021 _____ () C:\Users\Waldi\AppData\Roaming\config_data.dat

==================== Files in the root of some directories =======

2013-05-23 09:34 - 2015-02-20 07:30 - 0000021 _____ () C:\Users\Waldi\AppData\Roaming\config_data.dat
2013-06-09 14:56 - 2013-06-09 14:59 - 0000839 _____ () C:\Users\Waldi\AppData\Roaming\Drives Meter_Settings.ini
2013-06-09 14:52 - 2013-06-09 14:52 - 0000458 _____ () C:\Users\Waldi\AppData\Roaming\Drives Monitor_Settings.ini
2013-06-09 02:45 - 2015-03-16 12:43 - 0000884 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Settings.ini
2013-06-09 02:43 - 2015-03-22 14:24 - 0000029 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Usage.ini
2013-09-19 13:58 - 2013-09-19 13:58 - 0225280 _____ (Propellerhead Software AB) C:\Users\Waldi\AppData\Roaming\Rewire.dll
2013-09-19 13:58 - 2013-09-19 13:58 - 0233472 _____ (Propellerhead Software AB) C:\Users\Waldi\AppData\Roaming\REX Shared Library.dll
2014-06-27 10:24 - 2014-06-27 10:24 - 0000000 ___SH () C:\Users\Waldi\AppData\Local\LumaEmu
2012-11-12 20:36 - 2015-03-21 17:44 - 0007658 _____ () C:\Users\Waldi\AppData\Local\Resmon.ResmonCfg
2013-11-03 19:27 - 2013-11-03 19:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\ProgramData\StartMenuReviver.exe


Some content of TEMP:
====================
C:\Users\Waldi\AppData\Local\Temp\Quarantine.exe
C:\Users\Waldi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-21 14:10

==================== End Of Log ============================

--- --- ---

Grüße

schrauber · 23.03.2015, 09:07

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

sill · 23.03.2015, 12:21

Hi, Probleme sind mir bis jetzt noch keine aufgefallen. Nur das der Autostart von HWinfo64 nicht mehr funktioniert

ESET Online Scanner

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5dd2619502ec9a42a676158e2d633602
# engine=23034
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-23 11:11:31
# local_time=2015-03-23 12:11:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 27202 178738941 0 0
# scanned=338356
# found=13
# cleaned=0
# scan_time=4012
sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=D3B521D5AFD90ED22756DCECCA63B4EEC63E10A2 ft=1 fh=3fe680fa8fe1ca5e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{74739052-6B21-431A-A1F1-2303AF90B2A4}\_Setupx.dll"
sh=D3B521D5AFD90ED22756DCECCA63B4EEC63E10A2 ft=1 fh=3fe680fa8fe1ca5e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{8889DB02-777B-47C4-A52F-3F59536AF9F4}\_Setupx.dll"
sh=D3B521D5AFD90ED22756DCECCA63B4EEC63E10A2 ft=1 fh=3fe680fa8fe1ca5e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{BC04CF40-326F-45F3-A718-7A4D67E7EDB6}\_Setupx.dll"
sh=D3B521D5AFD90ED22756DCECCA63B4EEC63E10A2 ft=1 fh=3fe680fa8fe1ca5e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{74739052-6B21-431A-A1F1-2303AF90B2A4}\_Setupx.dll"
sh=D3B521D5AFD90ED22756DCECCA63B4EEC63E10A2 ft=1 fh=3fe680fa8fe1ca5e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{8889DB02-777B-47C4-A52F-3F59536AF9F4}\_Setupx.dll"
sh=D3B521D5AFD90ED22756DCECCA63B4EEC63E10A2 ft=1 fh=3fe680fa8fe1ca5e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{BC04CF40-326F-45F3-A718-7A4D67E7EDB6}\_Setupx.dll"
sh=614D9529C4AC5698BA44413ED9FF2F2AB7194030 ft=1 fh=fb5c7ba1cde5bf0c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="J:\Programme\FREEAV1504.exe"
sh=2446E82304B2A797346141850D2245916E179BB6 ft=1 fh=4f9fb98a1d8c5ee8 vn="Win32/Packed.Autoit.H evtl. unerwünschte Anwendung" ac=I fn="J:\Programme\Router\ruKernelTool\_Lib_\PrettyPrintFirmwareLinkListe.exe"
sh=3FFD2D8320B02E824B48EEE836430AEF931E7353 ft=1 fh=bb098aee199cba34 vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="J:\Programme\Sidebar Gadgets\NetworkMeter.exe"
sh=1266DC926405F86574CCF459B214404D7BCE3CC0 ft=1 fh=b1f4e5f939d8a772 vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="J:\Programme\Sidebar Gadgets\NetworkMeterVersion96.exe"

Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
Panda Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 17.0.0.134  
 Mozilla Firefox (36.0.4) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Waldi (administrator) on WALDI-PC on 23-03-2015 12:17:10
Running from C:\Users\Waldi\Desktop
Loaded Profiles: Waldi (Available profiles: Waldi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Beepa P/L) J:\Program Files\Fraps\fraps.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Beepa P/L) J:\Program Files\Fraps\fraps64.dat
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(REALiX) C:\Program Files\HWiNFO64\HWiNFO64.EXE
(Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AppWork GmbH) C:\Program Files (x86)\JDownloader v2.0\JDownloader2.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
() C:\Users\Waldi\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\...\Policies\Explorer: [NoInternetOpenWith] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2863928453-3540503222-4138622775-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP62698F15-1543-4F58-A1BA-C0DD59DB70FF&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2863928453-3540503222-4138622775-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-17] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default
FF SearchEngineOrder.3: Bing 
FF Homepage: hxxp://www.t-online.de/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> J:\Spiele\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-09-23] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2863928453-3540503222-4138622775-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2863928453-3540503222-4138622775-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Extension: Battlefield Heroes Updater - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\battlefieldheroespatcher@ea.com [2014-10-20]
FF Extension: Battlefield Play4Free - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\battlefieldplay4free@ea.com [2014-10-20]
FF Extension: 360网页保护 - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\webshield@360safe.com [2014-12-12]
FF Extension: ProxTube - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\ich@maltegoetz.de.xpi [2014-09-14]
FF Extension: X-Forwarded-For Header - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi [2014-07-19]
FF Extension: NoSquint - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\nosquint@urandom.ca.xpi [2013-12-11]
FF Extension: Session Manager - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-06-04]
FF Extension: YouTube High Definition - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-21]
FF Extension: Adblock Plus - C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\wycm5npw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-29]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Waldi\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-10-31] (Kingsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-01-02] (EasyAntiCheat Ltd)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-02-06] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-05] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-13] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2013-05-19] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [130536 2011-11-03] (ASMedia Technology Inc) [File not signed]
R3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-12] (Disc Soft Ltd)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-02-16] (<Turtle Entertainment>)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-23] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-02-06] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [26528 2014-12-01] (REALiX(tm))
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4221440 2014-01-25] (Intel Corporation) [File not signed]
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-10-31] (Kingsoft Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S1 atitray; \??\C:\Program Files (x86)\ATI Tray Tools\atitray64.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\Waldi\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Users\Waldi\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 DRIVER_B; \??\C:\Windows\system32\Drivers\DRIVER_BIN64 [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 11:22 - 2015-03-23 11:22 - 00852604 _____ () C:\Users\Waldi\Desktop\SecurityCheck.exe
2015-03-23 11:01 - 2015-03-23 11:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-22 18:23 - 2015-03-22 18:23 - 00001338 _____ () C:\Users\Waldi\Desktop\Fixlist.txt
2015-03-22 15:41 - 2015-03-22 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2015-03-22 14:28 - 2015-03-22 14:28 - 00000824 _____ () C:\Users\Waldi\Desktop\JRT.txt
2015-03-22 14:23 - 2015-03-22 14:23 - 01388672 _____ (Thisisu) C:\Users\Waldi\Desktop\JRT.exe
2015-03-22 14:22 - 2015-03-22 14:22 - 00001121 _____ () C:\Users\Waldi\Desktop\AdwCleaner[S0].txt
2015-03-22 14:19 - 2015-03-22 14:21 - 00000000 ____D () C:\AdwCleaner
2015-03-22 14:19 - 2015-03-22 14:19 - 02171392 _____ () C:\Users\Waldi\Desktop\AdwCleaner_4.112.exe
2015-03-22 14:16 - 2015-03-22 14:16 - 00001332 _____ () C:\Users\Waldi\Desktop\mbam.txt
2015-03-22 14:00 - 2015-03-22 14:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-22 14:00 - 2015-03-22 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-22 13:59 - 2015-03-22 14:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-22 13:59 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 13:59 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 01:22 - 2015-03-22 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 22:45 - 2015-03-22 23:21 - 00010905 _____ () C:\Windows\WindowsUpdate.log
2015-03-21 22:44 - 2015-03-21 22:44 - 00021818 _____ () C:\ComboFix.txt
2015-03-21 22:42 - 2015-03-22 14:22 - 00000924 _____ () C:\Windows\PFRO.log
2015-03-21 22:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-21 22:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-21 22:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-21 22:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-21 22:37 - 2015-03-21 22:44 - 00000000 ____D () C:\Qoobox
2015-03-21 22:37 - 2015-03-21 22:43 - 00000000 ____D () C:\Windows\erdnt
2015-03-21 14:40 - 2015-03-21 14:40 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-21 14:40 - 2015-03-21 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-21 10:50 - 2015-03-22 15:28 - 00000840 _____ () C:\Windows\setupact.log
2015-03-21 10:50 - 2015-03-21 10:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-21 02:04 - 2015-03-21 02:04 - 00000997 _____ () C:\Users\Waldi\Desktop\Tcpview.exe.lnk
2015-03-20 23:56 - 2015-03-21 00:08 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\NetStat4Win
2015-03-20 23:56 - 2015-03-20 23:56 - 00001929 ____R () C:\Windows\NetStat4Win_Uninstall.in
2015-03-20 23:56 - 2015-03-20 23:56 - 00000794 _____ () C:\Users\Waldi\Desktop\NetStat4Win.lnk
2015-03-20 23:56 - 2015-03-20 23:56 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetStat4Win
2015-03-20 23:56 - 2015-03-20 23:56 - 00000000 ____D () C:\Program Files\NetStat4Win
2015-03-20 23:56 - 2015-01-07 13:16 - 00583048 _____ (Mirko Böer) C:\Windows\N4WUn.EXE
2015-03-20 23:30 - 2015-03-20 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-03-20 23:30 - 2015-03-20 23:30 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-03-20 23:29 - 2015-03-20 23:30 - 00001784 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2015-03-20 23:29 - 2015-03-20 23:29 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Wireshark
2015-03-20 23:28 - 2015-03-20 23:30 - 00000000 ____D () C:\Program Files\Wireshark
2015-03-20 23:21 - 2015-03-20 23:21 - 00001034 _____ () C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
2015-03-20 23:21 - 2015-03-20 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
2015-03-20 23:21 - 2015-03-20 23:21 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2015-03-20 22:06 - 2015-03-21 03:32 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\PortForward.com
2015-03-20 22:06 - 2015-03-20 22:06 - 00002887 _____ () C:\Users\Public\Desktop\PortForward Network Utilities.lnk
2015-03-20 22:06 - 2015-03-20 22:06 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Downloaded Installations
2015-03-20 22:06 - 2015-03-20 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
2015-03-20 22:06 - 2015-03-20 22:06 - 00000000 ____D () C:\Program Files (x86)\Portforward
2015-03-20 20:36 - 2015-03-20 20:38 - 00000000 ____D () C:\Program Files (x86)\Smart Port Forwarding
2015-03-20 20:36 - 2015-03-20 20:36 - 00001083 _____ () C:\Users\Public\Desktop\Smart Port Forwarding.lnk
2015-03-20 20:05 - 2015-03-20 20:06 - 05615380 ____R (Swearware) C:\Users\Waldi\Desktop\ComboFix.exe
2015-03-20 13:12 - 2015-03-20 13:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Waldi\Desktop\tdsskiller.exe
2015-03-20 13:07 - 2015-03-22 14:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 13:07 - 2015-03-20 13:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-20 13:06 - 2015-03-20 13:12 - 00000000 ____D () C:\Users\Waldi\Desktop\mbar
2015-03-20 13:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-20 13:05 - 2015-03-20 13:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Waldi\Desktop\mbar-1.09.1.1004.exe
2015-03-20 01:04 - 2015-03-20 01:04 - 00083288 _____ () C:\Users\Waldi\Desktop\Gmer.txt
2015-03-20 00:59 - 2015-03-20 00:59 - 00380416 _____ () C:\Users\Waldi\Desktop\Gmer-19357.exe
2015-03-20 00:44 - 2015-03-23 12:17 - 00023597 _____ () C:\Users\Waldi\Desktop\FRST.txt
2015-03-20 00:44 - 2015-03-20 00:56 - 00035447 _____ () C:\Users\Waldi\Desktop\Addition.txt
2015-03-20 00:43 - 2015-03-23 12:17 - 00000000 ____D () C:\FRST
2015-03-20 00:41 - 2015-03-20 00:41 - 02095616 _____ (Farbar) C:\Users\Waldi\Desktop\FRST64.exe
2015-03-20 00:37 - 2015-03-20 00:37 - 00050477 _____ () C:\Users\Waldi\Desktop\Defogger.exe
2015-03-20 00:37 - 2015-03-20 00:37 - 00000542 _____ () C:\Users\Waldi\Desktop\defogger_disable.log
2015-03-20 00:37 - 2015-03-20 00:37 - 00000168 _____ () C:\Users\Waldi\defogger_reenable
2015-03-14 03:22 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-14 03:22 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-14 03:22 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-14 03:22 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-14 03:22 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-14 03:22 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-14 03:22 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-14 03:22 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-14 03:22 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-14 03:22 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-14 03:22 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-14 03:22 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-14 03:22 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-14 03:22 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-14 03:22 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-14 03:22 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-14 03:22 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-14 03:22 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-14 03:22 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-14 03:22 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-14 03:22 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-14 03:22 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-14 03:22 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-14 03:22 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-14 03:22 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-14 03:22 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-14 03:22 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-14 03:22 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-14 03:21 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-14 03:21 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-14 03:21 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-14 03:21 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-14 03:21 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-14 03:21 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-14 03:21 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-14 03:21 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-14 03:21 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-14 03:21 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-14 03:21 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-14 03:21 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-14 03:21 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-14 03:21 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-14 03:21 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-14 03:21 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-14 03:21 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-14 03:21 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-14 03:21 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-14 03:21 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-14 03:21 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-14 03:21 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-14 03:21 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-14 03:21 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-14 03:21 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-14 03:21 - 2015-02-03 04:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-14 03:21 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-14 03:21 - 2015-02-03 04:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-14 03:21 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-14 03:21 - 2015-01-31 04:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-14 03:21 - 2015-01-31 04:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-14 03:21 - 2015-01-31 04:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-14 03:21 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-14 03:21 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-14 03:21 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-14 03:20 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-14 03:20 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-14 03:20 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-14 03:20 - 2015-02-04 04:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-14 03:20 - 2015-02-04 03:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-14 03:20 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-14 03:20 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-14 02:22 - 2015-03-14 02:22 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Windows Performance Analyzer
2015-03-14 00:40 - 2015-03-20 23:14 - 00000348 _____ () C:\Users\Waldi\Desktop\schoof.txt
2015-03-13 17:40 - 2015-03-23 11:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-13 17:40 - 2015-03-13 17:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 17:40 - 2015-03-13 17:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 17:40 - 2015-03-13 17:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-08 13:40 - 2015-03-14 11:35 - 00327488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-08 04:54 - 2015-03-08 04:54 - 00062800 _____ () C:\Users\Waldi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 00:30 - 2015-03-04 00:30 - 00000000 ____D () C:\Users\Waldi\Tracing
2015-03-01 19:05 - 2015-03-01 19:06 - 00000655 _____ () C:\Users\Waldi\Desktop\Verkauf hwluxx.txt
2015-02-27 13:16 - 2015-02-27 13:37 - 00000000 ____D () C:\Users\TEMP
2015-02-27 09:51 - 2015-02-27 09:51 - 00000222 _____ () C:\Users\Waldi\Desktop\Arma 3.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 11:58 - 2013-06-03 18:49 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0
2015-03-23 11:24 - 2012-10-17 15:28 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-03-23 00:48 - 2013-06-09 02:43 - 00000029 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Usage.ini
2015-03-23 00:26 - 2015-02-09 14:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-23 00:26 - 2012-12-08 15:22 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Skype
2015-03-23 00:26 - 2012-11-17 16:14 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\TS3Client
2015-03-22 21:37 - 2012-11-12 20:36 - 00007658 _____ () C:\Users\Waldi\AppData\Local\Resmon.ResmonCfg
2015-03-22 21:30 - 2015-02-06 11:58 - 00000000 ____D () C:\Windows\CryptoGuard
2015-03-22 15:41 - 2014-06-15 13:28 - 00000000 ____D () C:\Program Files\Tracker Software
2015-03-22 14:27 - 2009-07-14 05:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 14:27 - 2009-07-14 05:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 14:26 - 2009-07-14 18:58 - 21507774 _____ () C:\Windows\system32\perfh007.dat
2015-03-22 14:26 - 2009-07-14 18:58 - 06741760 _____ () C:\Windows\system32\perfc007.dat
2015-03-22 14:26 - 2009-07-14 06:13 - 00006486 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 14:22 - 2012-10-14 17:11 - 00003166 _____ () C:\Windows\System32\Tasks\FRAPS
2015-03-22 14:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 02:22 - 2014-07-02 16:32 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-03-21 22:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-21 22:43 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-21 22:42 - 2012-10-14 15:31 - 00000000 ____D () C:\Users\Waldi
2015-03-21 18:15 - 2012-10-30 21:42 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\HLSW
2015-03-21 14:41 - 2015-02-17 16:59 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-21 11:49 - 2014-10-20 06:18 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\vlc
2015-03-21 04:18 - 2012-10-14 16:54 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-03-21 02:03 - 2014-12-16 14:47 - 00000484 __RSH () C:\Users\Waldi\ntuser.pol
2015-03-20 20:33 - 2012-11-17 20:23 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\DAEMON Tools Lite
2015-03-19 23:30 - 2012-10-15 19:07 - 00000000 ____D () C:\ProgramData\Origin
2015-03-19 15:22 - 2014-08-02 11:52 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Orbmu2k
2015-03-19 01:46 - 2014-11-22 22:57 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\dvdcss
2015-03-18 22:05 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-17 13:58 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 12:43 - 2013-06-09 02:45 - 00000884 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Settings.ini
2015-03-15 01:09 - 2014-03-03 12:24 - 00000000 ____D () C:\Windows\Minidump
2015-03-14 14:37 - 2014-11-18 15:46 - 00000000 ____D () C:\Windows\rescache
2015-03-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-14 03:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-14 03:30 - 2013-03-18 11:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 03:27 - 2013-12-30 23:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 00:08 - 2012-10-28 20:24 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-13 17:40 - 2014-10-15 22:37 - 00000000 ____D () C:\Users\Waldi\AppData\Local\Adobe
2015-03-09 04:04 - 2014-07-23 12:45 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-03-06 00:38 - 2013-04-21 21:51 - 00000000 ____D () C:\Users\Waldi\AppData\Local\ESL Wire Game Client
2015-03-05 03:09 - 2012-12-28 23:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-04 01:36 - 2012-10-15 19:48 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-04 00:32 - 2013-03-10 17:08 - 00000000 ____D () C:\Program Files (x86)\DAoC Portal
2015-03-04 00:25 - 2012-12-08 15:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-04 00:25 - 2012-12-08 15:22 - 00000000 ____D () C:\ProgramData\Skype
2015-02-26 21:14 - 2012-10-14 16:20 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-24 04:17 - 2012-10-14 15:48 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-24 00:31 - 2015-02-09 14:20 - 00000000 ____D () C:\Users\Waldi\AppData\Roaming\Panda Security
2015-02-24 00:31 - 2015-02-09 14:20 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-24 00:31 - 2015-02-09 14:20 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-23 18:28 - 2014-12-25 14:59 - 00000000 ____D () C:\ProgramData\Cakewalk

==================== Files in the root of some directories =======

2013-05-23 09:34 - 2015-02-20 07:30 - 0000021 _____ () C:\Users\Waldi\AppData\Roaming\config_data.dat
2013-06-09 14:56 - 2013-06-09 14:59 - 0000839 _____ () C:\Users\Waldi\AppData\Roaming\Drives Meter_Settings.ini
2013-06-09 14:52 - 2013-06-09 14:52 - 0000458 _____ () C:\Users\Waldi\AppData\Roaming\Drives Monitor_Settings.ini
2013-06-09 02:45 - 2015-03-16 12:43 - 0000884 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Settings.ini
2013-06-09 02:43 - 2015-03-23 00:48 - 0000029 _____ () C:\Users\Waldi\AppData\Roaming\Network Meter_Usage.ini
2013-09-19 13:58 - 2013-09-19 13:58 - 0225280 _____ (Propellerhead Software AB) C:\Users\Waldi\AppData\Roaming\Rewire.dll
2013-09-19 13:58 - 2013-09-19 13:58 - 0233472 _____ (Propellerhead Software AB) C:\Users\Waldi\AppData\Roaming\REX Shared Library.dll
2014-06-27 10:24 - 2014-06-27 10:24 - 0000000 ___SH () C:\Users\Waldi\AppData\Local\LumaEmu
2012-11-12 20:36 - 2015-03-22 21:37 - 0007658 _____ () C:\Users\Waldi\AppData\Local\Resmon.ResmonCfg
2013-11-03 19:27 - 2013-11-03 19:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\ProgramData\StartMenuReviver.exe


Some content of TEMP:
====================
C:\Users\Waldi\AppData\Local\Temp\Quarantine.exe
C:\Users\Waldi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-21 14:10

==================== End Of Log ============================

--- --- ---

Schönen Mittag !

schrauber · 23.03.2015, 18:34

Java updaten. HWInfo mal neu installieren.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\InstallMate\{74739052-6B21-431A-A1F1-2303AF90B2A4}\_Setupx.dll

C:\ProgramData\InstallMate\{8889DB02-777B-47C4-A52F-3F59536AF9F4}\_Setupx.dll

C:\ProgramData\InstallMate\{BC04CF40-326F-45F3-A718-7A4D67E7EDB6}\_Setupx.dll

C:\Users\All Users\InstallMate\{74739052-6B21-431A-A1F1-2303AF90B2A4}\_Setupx.dll

C:\Users\All Users\InstallMate\{8889DB02-777B-47C4-A52F-3F59536AF9F4}\_Setupx.dll

C:\Users\All Users\InstallMate\{BC04CF40-326F-45F3-A718-7A4D67E7EDB6}\_Setupx.dll

J:\Programme\FREEAV1504.exe

J:\Programme\Router\ruKernelTool\_Lib_\PrettyPrintFirmwareLinkListe.exe

J:\Programme\Sidebar Gadgets\NetworkMeter.exe

J:\Programme\Sidebar Gadgets\NetworkMeterVersion96.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

sill · 24.03.2015, 12:38

Hi,

ich habe HWiNFO64 erstmal deinstalliert. Da ich die *.INI Datei erstmal anpassen muss, installiere ich das Programm später.

Log

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Waldi at 2015-03-24 12:40:12 Run:2
Running from C:\Users\Waldi\Desktop
Loaded Profiles: Waldi (Available profiles: Waldi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\InstallMate\{74739052-6B21-431A-A1F1-2303AF90B2A4}\_Setupx.dll

C:\ProgramData\InstallMate\{8889DB02-777B-47C4-A52F-3F59536AF9F4}\_Setupx.dll

C:\ProgramData\InstallMate\{BC04CF40-326F-45F3-A718-7A4D67E7EDB6}\_Setupx.dll

C:\Users\All Users\InstallMate\{74739052-6B21-431A-A1F1-2303AF90B2A4}\_Setupx.dll

C:\Users\All Users\InstallMate\{8889DB02-777B-47C4-A52F-3F59536AF9F4}\_Setupx.dll

C:\Users\All Users\InstallMate\{BC04CF40-326F-45F3-A718-7A4D67E7EDB6}\_Setupx.dll

J:\Programme\FREEAV1504.exe

J:\Programme\Router\ruKernelTool\_Lib_\PrettyPrintFirmwareLinkListe.exe

J:\Programme\Sidebar Gadgets\NetworkMeter.exe

J:\Programme\Sidebar Gadgets\NetworkMeterVersion96.exe
Emptytemp:
*****************

C:\ProgramData\InstallMate\{74739052-6B21-431A-A1F1-2303AF90B2A4}\_Setupx.dll => Moved successfully.
C:\ProgramData\InstallMate\{8889DB02-777B-47C4-A52F-3F59536AF9F4}\_Setupx.dll => Moved successfully.
C:\ProgramData\InstallMate\{BC04CF40-326F-45F3-A718-7A4D67E7EDB6}\_Setupx.dll => Moved successfully.
"C:\Users\All Users\InstallMate\{74739052-6B21-431A-A1F1-2303AF90B2A4}\_Setupx.dll" => File/Directory not found.
"C:\Users\All Users\InstallMate\{8889DB02-777B-47C4-A52F-3F59536AF9F4}\_Setupx.dll" => File/Directory not found.
"C:\Users\All Users\InstallMate\{BC04CF40-326F-45F3-A718-7A4D67E7EDB6}\_Setupx.dll" => File/Directory not found.
J:\Programme\FREEAV1504.exe => Moved successfully.
J:\Programme\Router\ruKernelTool\_Lib_\PrettyPrintFirmwareLinkListe.exe => Moved successfully.
J:\Programme\Sidebar Gadgets\NetworkMeter.exe => Moved successfully.
J:\Programme\Sidebar Gadgets\NetworkMeterVersion96.exe => Moved successfully.
EmptyTemp: => Removed 13.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 12:40:18 ====

Danke für den Support!

Kann ich mit dem Cleanup nun anfangenm die oben gepostet wurde?

schrauber · 24.03.2015, 19:19

genau

24.03.2015, 19:19	#13
schrauber /// the machine /// TB-Ausbilder	Windows 7: Tcp Verbindungen (System Process) vielleicht Malware? genau __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: Tcp Verbindungen (System Process) vielleicht Malware?

Log-Analyse und Auswertung: Windows 7: Tcp Verbindungen (System Process) vielleicht Malware?