GMER Logfile - bitte um Analyse

torstendlp · 14.05.2015, 16:54

Hallo,

ich habe das Problem, dass ich seit einiger Zeit keinerlei Windows Updates mehr installieren kann.
Alle Versuche, das Problem zu lösen mit diversen Ansätzen aus diversen Foren (MS FixIt, PC Welt FixIt, Kaspersky TDSS Killer uvm.) waren erfolglos.

SFC /scannow ist unauffällig, Super Antispyware ist unauffällig, Kasperky Internet Security ist unauffällig etc.

Deshalb habe ich jetzt mal mit GMER gescannt und das hat folgendes Logfile ergeben, wäre klasse, wenn da mal jemand einen Blick drauf werfen könnte! Vielen Dank!

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-14 17:38:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_PRO_Series rev.DXM06B0Q 476,94GB
Running: Gmer-19357.exe; Driver: C:\Users\Agando\AppData\Local\Temp\fwddipoc.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076551401 2 bytes JMP 758fb21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076551419 2 bytes JMP 758fb346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076551431 2 bytes JMP 75978ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007655144a 2 bytes CALL 758d48ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765514dd 2 bytes JMP 759787a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765514f5 2 bytes JMP 75978978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007655150d 2 bytes JMP 75978698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076551525 2 bytes JMP 75978a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007655153d 2 bytes JMP 758efca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076551555 2 bytes JMP 758f68ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007655156d 2 bytes JMP 75978f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076551585 2 bytes JMP 75978ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007655159d 2 bytes JMP 7597865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765515b5 2 bytes JMP 758efd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765515cd 2 bytes JMP 758fb2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765516b2 2 bytes JMP 75978e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765516bd 2 bytes JMP 759785f1 C:\Windows\syswow64\KERNEL32.dll

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88003761edc] \SystemRoot\system32\DRIVERS\klif.sys [unknown section]
---- Processes - GMER 2.1 ----

Process C:\Users\Agando\AppData\LocalLow\WOT\IE\WOTUpdater.exe (*** suspicious ***) @ C:\Users\Agando\AppData\LocalLow\WOT\IE\WOTUpdater.exe [3168](2012-01-12 10:23:20) 00000000000c0000

---- EOF - GMER 2.1 ----

schrauber · 14.05.2015, 17:18

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

torstendlp · 14.05.2015, 18:07

Hallo Schrauber,

vielen Dank schonmal für Deine Bereitschaft, mir zu helfen!

Hier sind Scan-Logis und Addition.txt, der Übersicht wg. setze ich es in Zitat-Tags, um es abzuheben.

1. Scan-Log:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by Agando (administrator) on TORSTEN on 14-05-2015 18:47:15
Running from C:\Users\Agando\Downloads
Loaded Profiles: Agando (Available profiles: Agando)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Users\Agando\AppData\LocalLow\WOT\IE\WOTUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Foxmail\Foxmail.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-02-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-07-04] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\Run: [SSync] => C:\Users\Agando\AppData\Roaming\SSync\SSync.exe [37376 2013-12-09] ()
HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\Run: [Amazon Music] => C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-04-21] ()
HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-08] (SUPERAntiSpyware)
HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\MountPoints2: {3961611a-8aa7-11e4-bdb0-448a5b995f16} - D:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-08-07]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-07-01]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{7364C716-1212-4EAE-B0C9-A31D1E797BF8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-4180660468-2940396578-728123060-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.ps-wein.de/
HKU\S-1-5-21-4180660468-2940396578-728123060-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-07-04] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-07-04] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2014-07-05] (Sun Microsystems, Inc.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-07-04] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2014-07-05] (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-07-04] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-07-04] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-07-04] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2014-07-05] (Sun Microsystems, Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2014-07-04] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-07-05] (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2014-07-04] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default
FF NewTab: 
FF Homepage: hxxp://www.ps-wein.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2014-07-05] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2014-07-05] (Sun Microsystems, Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-07-05] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2014-07-05] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-06-26] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-4180660468-2940396578-728123060-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\user.js [2014-02-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\searchplugins\conduit.xml [2011-05-25]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\searchplugins\google-images.xml [2014-10-01]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\searchplugins\google-maps.xml [2014-10-01]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\searchplugins\Mysearchdial.xml [2014-03-29]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\searchplugins\Web Search.xml [2013-10-24]
FF Extension: Google+Tweet - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\crossriderapp529@crossrider.com [2014-07-11]
FF Extension: CodeBurner for Firebug - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\firebug@tools.sitepoint.com [2014-07-03]
FF Extension: DOM Inspector - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\inspector@mozilla.org [2014-12-17]
FF Extension: WOT - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\wotstats@mywot.com [2015-01-26]
FF Extension: Page Speed - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-07-03]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-07-03]
FF Extension: Firebug - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\firebug@software.joehewitt.com.xpi [2014-07-03]
FF Extension: Hide Favicons - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\hidefavicons@maarten.xpi [2014-07-03]
FF Extension: ProxTube - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2014-07-03]
FF Extension: SEO Status PageRank/Alexa Toolbar - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\seostatus@rubyweb.xpi [2014-07-03]
FF Extension: Status-4-Evar - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\status4evar@caligonstudios.com.xpi [2014-07-03]
FF Extension: TinEye Reverse Image Search - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\tineye@ideeinc.com.xpi [2014-07-03]
FF Extension: YSlow - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\yslow@yahoo-inc.com.xpi [2014-07-03]
FF Extension: MeasureIt - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-07-03]
FF Extension: ReloadEvery - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-10-18]
FF Extension: Video DownloadHelper - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\76feful1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-04-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2014-07-04]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.ps-wein.de/"
CHR Profile: C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-04]
CHR Extension: (Google Drive) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]
CHR Extension: (YouTube) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-04]
CHR Extension: (Google Search) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-04]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-04]
CHR Extension: (Bookmark Manager) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Safe Money) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-04]
CHR Extension: (Content Blocker) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-07-04]
CHR Extension: (Virtual Keyboard) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Skype Click to Call) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-15]
CHR Extension: (Google Wallet) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR Extension: (WOT) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphjeokkkbngjpiofnfpnafjeofjomfb [2015-02-02]
CHR Extension: (Gmail) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-04]
CHR Extension: (Anti-Banner) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-04]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [nphjeokkkbngjpiofnfpnafjeofjomfb] - C:\Users\Agando\AppData\LocalLow\WOT\CHROME\WOT.crx [2012-01-12]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

Opera: 
=======
OPR StartupUrls: "hxxp://www.ps-wein.de/"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-07-04] (Kaspersky Lab ZAO)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-01-22] (Qualcomm Atheros) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WOTUpdater; C:\Users\Agando\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [80080 2013-11-08] (Qualcomm Atheros, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-04] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-07-04] (Kaspersky Lab ZAO) [File not signed]
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-07-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-07-04] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-07-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-07-04] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-07-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-04] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-07-04] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-07-04] (Acronis International GmbH)
S3 ALSysIO; \??\C:\Users\Agando\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 18:47 - 2015-05-14 18:47 - 00034829 _____ () C:\Users\Agando\Downloads\FRST.txt.txt
2015-05-14 18:47 - 2015-05-14 18:47 - 00000000 ____D () C:\FRST
2015-05-14 18:46 - 2015-05-14 18:46 - 02105856 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2015-05-14 17:56 - 2015-05-14 18:45 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ac022640-301f-43ef-9d67-75ace0cb2031.job
2015-05-14 17:56 - 2015-05-14 18:45 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 000c8c2c-f40b-47e3-90ed-ec6f4640dcb7.job
2015-05-14 17:56 - 2015-05-14 17:56 - 00003590 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ac022640-301f-43ef-9d67-75ace0cb2031
2015-05-14 17:56 - 2015-05-14 17:56 - 00003516 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 000c8c2c-f40b-47e3-90ed-ec6f4640dcb7
2015-05-14 17:56 - 2015-05-14 17:56 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\SUPERAntiSpyware.com
2015-05-14 17:55 - 2015-05-14 18:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-14 17:55 - 2015-05-14 17:55 - 21901888 _____ (SUPERAntiSpyware) C:\Users\Agando\Downloads\SUPERAntiSpyware.exe
2015-05-14 17:55 - 2015-05-14 17:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-14 17:55 - 2015-05-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-05-14 17:31 - 2015-05-14 17:31 - 01203488 _____ () C:\Users\Agando\Downloads\Gmer-19357 - CHIP-Installer.exe
2015-05-14 17:05 - 2015-05-14 17:05 - 00863476 _____ (IDG Magazine Media GmbH ) C:\Users\Agando\Downloads\pcwFixWindowsUpdate.exe
2015-05-14 17:02 - 2015-05-14 17:02 - 00985600 _____ () C:\Users\Agando\Downloads\MicrosoftFixit50123(1).msi
2015-05-14 00:30 - 2015-05-14 00:30 - 00011626 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
2015-05-13 17:15 - 2015-05-13 17:15 - 00008452 _____ () C:\Users\Agando\Downloads\PATCH_SUPEE-5388_CE_1.4.0.0-1.5.0.1_v1-2015-03-03-09-43-19.sh
2015-05-12 16:43 - 2015-05-12 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91
2015-05-12 16:43 - 2015-05-12 16:43 - 00000000 ____D () C:\Program Files\Inkscape
2015-05-12 16:42 - 2015-05-12 16:42 - 97868152 _____ () C:\Users\Agando\Downloads\inkscape-0.91-x64.msi
2015-05-12 16:37 - 2015-05-12 16:37 - 00000043 _____ () C:\Windows\gswin64.ini
2015-05-12 15:47 - 2015-05-12 15:48 - 08381369 _____ () C:\Users\Agando\Downloads\ghostpcl-9.16-linux-x86_64.tgz
2015-05-12 15:46 - 2015-05-12 15:46 - 14441561 _____ () C:\Users\Agando\Downloads\gs916w64.exe
2015-05-05 17:26 - 2015-05-14 18:46 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TORSTEN-Agando Torsten
2015-04-30 16:54 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-30 12:59 - 2015-05-14 17:06 - 00005210 _____ () C:\Windows\PFRO.log
2015-04-27 17:53 - 2015-04-27 17:53 - 00024815 _____ () C:\Users\Agando\Downloads\SteuerFuchsESt(4).xml
2015-04-27 17:45 - 2015-04-27 17:45 - 00004097 _____ () C:\Users\Agando\Downloads\SteuerFuchsESt(3).xml
2015-04-27 17:43 - 2015-04-27 17:43 - 00004063 _____ () C:\Users\Agando\Downloads\SteuerFuchsESt(2).xml
2015-04-27 17:38 - 2015-04-27 17:38 - 00003653 _____ () C:\Users\Agando\Downloads\SteuerFuchsESt(1).xml
2015-04-27 17:33 - 2015-04-27 17:34 - 00003061 _____ () C:\Users\Agando\Downloads\SteuerFuchsESt.xml
2015-04-27 11:47 - 2015-05-14 18:45 - 00012920 _____ () C:\Windows\setupact.log
2015-04-27 11:47 - 2015-04-27 11:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-26 19:46 - 2015-05-14 18:22 - 01136420 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 14:03 - 2015-04-24 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 18:46 - 2014-07-03 22:06 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Skype
2015-05-14 18:45 - 2014-07-04 01:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 18:45 - 2014-07-04 01:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-14 18:45 - 2014-07-01 20:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-14 18:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 18:22 - 2014-07-01 20:18 - 00009728 _____ () C:\Windows\SysWOW64\Gms.log
2015-05-14 18:20 - 2014-07-03 17:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 17:49 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 17:49 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 17:47 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 17:47 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 17:47 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 17:32 - 2015-03-28 16:49 - 00000000 ____D () C:\Users\Agando\AppData\Local\CrashDumps
2015-05-14 17:30 - 2014-07-04 01:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 00:49 - 2014-07-05 18:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:46 - 2014-07-05 18:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 21:48 - 2014-07-05 17:06 - 00000030 _____ () C:\Windows\iedit_.INI
2015-05-13 21:20 - 2014-07-04 00:12 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\vlc
2015-05-13 20:55 - 2014-07-04 16:30 - 00004686 _____ () C:\Windows\ULEAD32.INI
2015-05-12 16:37 - 2014-11-26 16:02 - 00000000 ____D () C:\Users\Agando\AppData\Local\gtk-2.0
2015-05-12 15:54 - 2014-07-03 19:31 - 00000000 ____D () C:\Program Files\gs
2015-05-12 15:46 - 2014-07-03 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
2015-05-12 15:19 - 2014-07-03 22:06 - 00000000 ____D () C:\ProgramData\Skype
2015-05-11 15:58 - 2014-07-03 16:46 - 00000000 ____D () C:\Users\Agando\Documents\hm_rechnungen
2015-05-11 15:50 - 2014-07-03 16:47 - 00000000 ____D () C:\Users\Agando\Documents\ust-voranmeldung
2015-05-06 14:11 - 2014-07-03 16:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-05 22:43 - 2014-07-04 17:21 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\inkscape
2015-05-05 18:35 - 2014-07-04 15:28 - 00387072 _____ () C:\Users\Agando\Documents\Monatseinnahmen.xls
2015-05-03 20:16 - 2014-07-03 16:47 - 00000000 ____D () C:\Users\Agando\Documents\hm_steuer
2015-05-02 00:28 - 2015-04-03 00:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-30 16:54 - 2014-07-01 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-30 16:54 - 2014-07-01 20:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-28 14:15 - 2014-07-04 01:39 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1404430747
2015-04-28 14:15 - 2014-07-04 01:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-27 17:16 - 2014-07-04 17:29 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-04-27 17:13 - 2014-07-04 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-04-27 17:13 - 2014-07-01 19:55 - 00000000 ____D () C:\Users\Agando
2015-04-26 19:46 - 2014-08-13 13:05 - 00000000 ____D () C:\Windows\Minidump
2015-04-26 19:46 - 2014-07-17 13:07 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-04-26 19:45 - 2014-07-03 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 12:31 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-21 12:52 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-16 18:20 - 2014-07-03 17:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 18:20 - 2014-07-03 17:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 18:20 - 2014-07-03 17:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 18:04 - 2014-07-07 13:47 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-04-16 18:04 - 2014-07-05 18:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 18:04 - 2014-07-03 17:24 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-16 18:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-16 18:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 17:16 - 2014-07-01 20:01 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-07-01 20:25 - 2014-07-01 20:25 - 1065984 _____ () C:\Users\Agando\AppData\Local\file__0.localstorage
2014-11-04 23:45 - 2014-11-07 18:25 - 0000600 _____ () C:\Users\Agando\AppData\Local\PUTTY.RND
2015-05-14 00:30 - 2015-05-14 00:30 - 0011626 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Agando\stlport_vc7145.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 14:58

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Addition.txt

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 01
Ran by Agando at 2015-05-14 18:47:30
Running from C:\Users\Agando\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4180660468-2940396578-728123060-500 - Administrator - Disabled)
Agando (S-1-5-21-4180660468-2940396578-728123060-1000 - Administrator - Enabled) => C:\Users\Agando
Gast (S-1-5-21-4180660468-2940396578-728123060-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{4198fd8f-98bd-4240-9b3a-ab2643e532f6}) (Version: 1.3.708.0 - Futuremark)
3DMark (Version: 1.3.708.0 - Futuremark) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Amazon Music (HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
BSC Cleanitol TM NAM Version (HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\BSC Cleanitol TM NAM Version) (Version: - )
BSC SFBT MML Mod 1.0 (HKLM-x32\...\BSC SFBT MML Mod) (Version: 1.0 - daeley und Andreas)
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.27.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.2.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
dp4 Font Viewer (HKLM\...\{6E46ABB7-DE6D-44D2-BC3B-9E4CC4166491}) (Version: 1.0.0 - digital performance)
Duden-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.1.0 - Bibliographisches Institut GmbH)
EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
FixFoto 3.50 X64 (HKLM\...\FixFoto_is1) (Version: - Joachim Koopmann Software)
Futuremark SystemInfo (HKLM-x32\...\{4115C9AA-35E0-45D8-9363-47635B8750C7}) (Version: 4.29.438.0 - Futuremark)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.16) (Version: 9.16 - Artifex Software Inc.)
Inkscape 0.48 (HKLM-x32\...\Inkscape) (Version: 0.48 - Partha Bagchi)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}) (Version: 5.0.10.2793 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Ipswitch WS_FTP 12 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.2 - Ipswitch)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java(TM) 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
LibreOffice 4.0.0.3 (HKLM-x32\...\{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}) (Version: 4.0.0.3 - The Document Foundation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
NAM Essentials r132 (HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\NAM Essentials) (Version: r132 - Das NAM Team)
Network Addon Mod (HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\Network Addon Mod) (Version: 32 - The NAM Team)
Network Widening Mod Version 2.0 (HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\Network Widening Mod) (Version: Version 2.0 - Das NAM Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
PantsOff 2.0 (HKLM-x32\...\{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1) (Version: 2.0 - Christoph Bünger Software)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.2 - Tracker Software Products Ltd)
PhotoImpact X3 (x32 Version: 13.0 - Corel) Hidden
Photomatix Pro Version 5.0.4 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.4 - HDRsoft Ltd)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version: - Obsidian Entertainment)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.39.1040 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
RealHighway Mod Version 5.0 (HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\RealHighway Mod) (Version: Version 5.0 - Das NAM Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SC4 Mapper 2013 (HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\SC4 Mapper 2013) (Version: - )
schrankplaner (HKLM-x32\...\schrankplaner3.600) (Version: 3.600 - Schrankplaner GmbH)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.06 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Traffic Simulator Configuration Tool (HKU\S-1-5-21-4180660468-2940396578-728123060-1000\...\Traffic Simulator Configuration Tool) (Version: - )
Ulead Drop Spot 1.0 (HKLM-x32\...\{3BCC5640-5360-11D4-A44A-0000E86D2305}) (Version: - )
Ulead PhotoImpact 10 (HKLM-x32\...\{FE58B892-3825-4610-A6A2-E6EFCA83BD97}) (Version: 10.0 - Ulead System)
Ulead PhotoImpact 6 (HKLM-x32\...\{D0F02CE0-491C-11D4-A44A-0000E86D2305}) (Version: - )
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4180660468-2940396578-728123060-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Agando\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4180660468-2940396578-728123060-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Agando\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4180660468-2940396578-728123060-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Agando\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4180660468-2940396578-728123060-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Agando\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4180660468-2940396578-728123060-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Agando\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

12-05-2015 13:29:01 Windows Update
12-05-2015 16:42:56 Installed Inkscape 0.91
14-05-2015 00:45:09 Windows Update
14-05-2015 16:57:16 Windows Update
14-05-2015 17:02:19 Installed Microsoft Fix it 50123
14-05-2015 17:02:58 Windows Update
14-05-2015 17:07:59 Windows Update
14-05-2015 17:11:02 Windows Update
14-05-2015 17:22:52 Windows Update
14-05-2015 17:25:46 Windows Update
14-05-2015 18:21:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-26 19:32 - 00001399 ____A C:\Windows\system32\Drivers\etc\hosts
95.129.54.82 ps-wein.de
95.129.54.82 www.ps-wein.de
37.202.7.87 www.drm-dev.de
37.202.7.87 drm-dev.de
127.0.0.1 localhost
127.0.0.1 ps-wein.local
127.0.0.1 www.ps-wein.local
127.0.0.1 hoerplus.local
127.0.0.1 www.hoerplus.local
127.0.0.1 texbis.local
127.0.0.1 www.texbis.local
127.0.0.1 sonicshop.local
127.0.0.1 www.sonicshop.local
127.0.0.1 profiplugs.local
127.0.0.1 www.profiplugs.local
127.0.0.1 hoershop.local
127.0.0.1 www.hoershop.local
127.0.0.1 www.hoerstudio.local
127.0.0.1 hoerstudio.local
127.0.0.1 www.grid.local
127.0.0.1 grid.local

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {030208B7-2FA6-4AD5-B0C2-CC3145AC5FD2} - System32\Tasks\AdobeAAMUpdater-1.0-TORSTEN-Agando => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {090236A1-4F4B-48F6-8CAA-2FB341803F95} - System32\Tasks\{4EF3520A-485F-4200-BF45-B556E5E74182} => pcalua.exe -a C:\Users\Agando\Downloads\pantsoff(2).exe -d C:\Users\Agando\Downloads
Task: {0A26CF02-00A1-4428-BF97-769B96B98269} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TORSTEN-Agando Torsten => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {280C2D4E-300A-411F-A855-789F7E358174} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {5B85F33D-96D4-44A1-8CAC-AF98213D8B93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {6BE68AF4-F315-409D-AC17-104D63B68D4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {9FDD6056-3F7D-4379-A2EB-5DD910EE0F25} - System32\Tasks\Amazon Music Helper => C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-04-21] ()
Task: {9FF0126F-0FC8-4BD5-BABE-7491A48AE61F} - System32\Tasks\SUPERAntiSpyware Scheduled Task ac022640-301f-43ef-9d67-75ace0cb2031 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {B78200D7-1D8B-42C7-B4E9-EF0B7D17842F} - System32\Tasks\Opera scheduled Autoupdate 1404430747 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {C0F3966B-E0D4-4B6A-92D4-8BAB3ECCFCE5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C72401D2-B1D1-49AB-BC73-C1CBC191D67F} - System32\Tasks\{2A52F60F-1DD2-4118-A28F-B80697443441} => C:\Program Files (x86)\Corel\Ulead PhotoImpact X3\Iedit.exe [2007-11-02] (InterVideo Digital Technology Corporation)
Task: {DA2E6936-FF71-4D26-9AC8-598891B3250F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {DEB89CB1-CC09-416A-9500-AA7CEA535BC2} - System32\Tasks\SUPERAntiSpyware Scheduled Task 000c8c2c-f40b-47e3-90ed-ec6f4640dcb7 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {F156EE69-ABA8-49B8-A48A-49C1317E0797} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {FA3D06ED-424E-40BA-AFCD-B7D68E3BB5BD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 000c8c2c-f40b-47e3-90ed-ec6f4640dcb7.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ac022640-301f-43ef-9d67-75ace0cb2031.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-01 20:21 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-01 10:32 - 2013-10-01 10:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2014-07-01 20:10 - 2014-02-21 11:21 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-07-01 20:10 - 2014-02-21 11:19 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-09-04 13:00 - 2015-04-21 01:37 - 05886784 _____ () C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-22 15:15 - 2014-01-22 15:15 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-07-03 16:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-21 09:47 - 2014-02-21 09:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 09:47 - 2014-02-21 09:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 09:47 - 2014-02-21 09:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-21 09:47 - 2014-02-21 09:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-07-03 16:32 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2012-01-12 12:23 - 2012-01-12 12:23 - 00018432 _____ () C:\Users\Agando\AppData\LocalLow\WOT\IE\WOTUpdater.exe
2014-07-04 15:48 - 2004-06-22 15:48 - 03274752 _____ () C:\Foxmail\Foxmail.exe
2012-08-17 21:39 - 2014-07-04 01:29 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2014-07-01 20:10 - 2014-02-21 11:20 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-07-01 20:10 - 2014-02-21 11:17 - 00274944 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-01-29 19:57 - 2015-01-29 19:57 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-01-29 19:57 - 2015-01-29 19:57 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-07-03 16:32 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 12:02 - 2013-10-10 12:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2014-07-04 15:48 - 2004-03-22 12:09 - 00071168 _____ () C:\Foxmail\FoxAntiSpam.dll
2014-11-21 13:02 - 2014-11-21 13:02 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4180660468-2940396578-728123060-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
MSCONFIG\startupreg: FACT => "C:\Program Files (x86)\Avira\AntiVir Desktop\FACT.EXE"/OEMMODE
MSCONFIG\startupreg: Sixth => "C:\Users\Agando\AppData\Roaming\Sixth\Sixth.exe"
MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{882D36D3-0CBB-4FE2-B3E2-EF23D8FC027C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A6B92A4D-E87E-473B-A62F-EF9C7E674864}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3600DDF7-9A19-4EC1-8296-B35D1056A523}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D24EB6F2-EA16-4E60-B717-BBF5458C1BCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{01C8B5D5-8A5B-4AB3-8556-0C14EA30FB6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD4650DC-3B10-499A-8C57-D65E1943317D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{54207C5B-0029-443E-A3F5-9CE16354CBCB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BE79D9B8-2F5A-4A77-BFE0-6EF164485E55}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{8E29D998-6D29-476B-89CA-96113C87EE9D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{649E0716-59D6-4413-B0F6-7D10131F9C23}] => (Allow) LPort=54925
FirewallRules: [{F257566C-3812-452B-A59D-7F48D0E4849C}] => (Allow) C:\Users\Agando\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{57897EE3-B70F-41A0-BAB6-4D361979E3FF}C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe] => (Allow) C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe
FirewallRules: [UDP Query User{07C81E31-5B40-40DD-9718-EF3B3D03106F}C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe] => (Allow) C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe
FirewallRules: [{11A57584-6E43-4107-ACB6-451BBD694CEA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{963D5AB8-2E39-42EA-B281-A857DFBFEA9B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F8ADF907-CC97-404D-B4A3-01914F8C205E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A7D9028-F195-4959-A376-205A35D404B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{06ED79F7-98B6-42B4-A12E-D07DE59F3DB2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F2F8550-E5EB-44FB-BDE4-7184E2CB6722}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{68AA2E8A-8C3A-4F19-A287-A2C5DAEEDC48}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7E7FF16-05BD-4716-8595-E08042CC7928}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C5D792DE-8758-4C3F-9A91-8C86D4A85543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{8E997F9B-8028-45B4-96A7-BDEED304537F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{EEB439E0-8F9F-4C09-AFA3-2F4DE29AD0F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 06:47:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 05:43:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 05:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x2348
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (05/14/2015 05:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x5fc
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (05/14/2015 05:23:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 05:08:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 02:09:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 09:02:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ac
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x3fa0f50c
ID des fehlerhaften Prozesses: 0x1c18
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (05/12/2015 03:28:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2015 03:21:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/14/2015 06:22:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3061518)

Error: (05/14/2015 06:22:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 11 für Windows 7 für x64-Systeme (KB3049563)

Error: (05/14/2015 06:22:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3055642)

Error: (05/14/2015 06:22:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB3022345)

Error: (05/14/2015 06:22:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3045171)

Error: (05/14/2015 06:22:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3051768)

Error: (05/14/2015 06:22:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3046002)

Error: (05/14/2015 06:22:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB3020370)

Error: (05/14/2015 06:22:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2990214)

Error: (05/14/2015 06:22:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB3013531)

Microsoft Office Sessions:
=========================
Error: (05/14/2015 06:47:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 05:43:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 05:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa234801d08e5b38108129C:\Users\Agando\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\7b48 5ad519eff9d7d5dd42c4b366b648\Gmer-19357.exeC:\Users\Agando\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\7b485ad519eff9d7d5dd42c4b366b648\Gmer-19357.exe7b97df93-fa4e-11e4-8051-448a5b995f16

Error: (05/14/2015 05:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa5fc01d08e5b17b42fcbC:\Users\Agando\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\7b485 ad519eff9d7d5dd42c4b366b648\Gmer-19357.exeC:\Users\Agando\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\7b485ad519eff9d7d5dd42c4b366b648\Gmer-19357.exe5bd84fa2-fa4e-11e4-8051-448a5b995f16

Error: (05/14/2015 05:23:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 05:08:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 02:09:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 09:02:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe37.0.2.5583552ee9acunknown0.0.0.000000000c00000053fa0f50c1c1801d08da23b2968e4C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknowna0233a24-f9a2-11e4-880c-448a5b995f16

Error: (05/12/2015 03:28:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2015 03:21:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2015-02-17 19:48:40.786
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-02-17 19:48:40.726
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-12-11 14:15:17.604
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-12-11 14:15:17.603
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-12-11 14:13:00.911
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-12-11 14:13:00.910
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-14 11:48:04.499
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-14 11:48:04.498
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-14 11:48:04.496
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-11-14 11:48:04.495
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 10%
Total physical RAM: 32714.5 MB
Available physical RAM: 29245.87 MB
Total Pagefile: 65427.18 MB
Available Pagefile: 61760.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.72 GB) (Free:236.92 GB) NTFS
Drive g: (Weinhandel) (Fixed) (Total:488.28 GB) (Free:463 GB) NTFS
Drive k: (WS Eigene) (Fixed) (Total:781.25 GB) (Free:575.06 GB) NTFS
Drive l: (WS Kunden) (Fixed) (Total:292.97 GB) (Free:282.44 GB) NTFS
Drive m: (WS Material) (Fixed) (Total:97.66 GB) (Free:96.35 GB) NTFS
Drive n: (Diverses) (Fixed) (Total:1134.24 GB) (Free:615.04 GB) NTFS
Drive q: (PRIVAT) (Fixed) (Total:931.28 GB) (Free:620.4 GB) FAT32
Drive r: (MEDIEN) (Fixed) (Total:232.83 GB) (Free:158.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 05805B00)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 0580BB00)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 032AF50B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 309A30DF)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=0C)

==================== End Of Log ============================

sorry, wollte das Scan-Log als Zitat einfügen, aber irgendwie wird das trotz zig Versuchen immer durch CODE-Tags ersetzt - hoffe, so ist es auch noch lesbar.

schrauber · 15.05.2015, 18:27

Codetags ist ja auch gewollt

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

torstendlp · 15.05.2015, 18:58

Hallo Schrauber,

vielen Dank!

Habe beides durchgeführt.
Malwarebytes Anti-Rootkit meldet keine Bedrohung sowie, dass kein Cleanup notwendig sei und hat entsprechend keinen Neustart verlangt.

TDSSKiller meldet zwei Bedrohungen, Qualcomm Atheros Killer Service V2 und Sound Blaster Cinema 2, beide gemäß Anleitung geskipped.

Hier beide Logs, nun ordnungsgemäß beide in CODE-Tags

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.15.04
  rootkit: v2015.05.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Agando :: TORSTEN [administrator]

15.05.2015 19:46:18
mbar-log-2015-05-15 (19-46-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 396413
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

19:51:36.0992 0x0218  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:51:36.0992 0x0218  UEFI system
19:51:39.0493 0x0218  ============================================================
19:51:39.0493 0x0218  Current date / time: 2015/05/15 19:51:39.0493
19:51:39.0493 0x0218  SystemInfo:
19:51:39.0493 0x0218  
19:51:39.0493 0x0218  OS Version: 6.1.7601 ServicePack: 1.0
19:51:39.0493 0x0218  Product type: Workstation
19:51:39.0493 0x0218  ComputerName: TORSTEN
19:51:39.0493 0x0218  UserName: Agando
19:51:39.0493 0x0218  Windows directory: C:\Windows
19:51:39.0493 0x0218  System windows directory: C:\Windows
19:51:39.0493 0x0218  Running under WOW64
19:51:39.0493 0x0218  Processor architecture: Intel x64
19:51:39.0493 0x0218  Number of processors: 8
19:51:39.0493 0x0218  Page size: 0x1000
19:51:39.0493 0x0218  Boot type: Normal boot
19:51:39.0493 0x0218  ============================================================
19:51:39.0835 0x0218  KLMD registered as C:\Windows\system32\drivers\69705314.sys
19:51:39.0899 0x0218  System UUID: {E8ABA75E-046C-FAB5-06C2-5C1460E714DA}
19:51:40.0127 0x0218  Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 ( 476.94 Gb ), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:51:40.0347 0x0218  Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:51:40.0368 0x0218  Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:51:40.0859 0x0218  Drive \Device\Harddisk4\DR4 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:51:40.0860 0x0218  ============================================================
19:51:40.0860 0x0218  \Device\Harddisk0\DR0:
19:51:40.0860 0x0218  GPT partitions:
19:51:40.0860 0x0218  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D8E846C0-0B35-4ECB-A980-CF0E30A5E8BC}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
19:51:40.0860 0x0218  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {145971E8-24DA-40A1-85AF-8669E965A0DF}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
19:51:40.0860 0x0218  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AC8EEE44-E6EA-46A5-B5C0-D3F348DFBD27}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x3B96E800
19:51:40.0860 0x0218  MBR partitions:
19:51:40.0860 0x0218  \Device\Harddisk1\DR1:
19:51:40.0860 0x0218  GPT partitions:
19:51:40.0861 0x0218  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {0B194D2B-990E-4AEA-B500-E3B14FC9AC79}, Name: Micr, StartLBA 0x800, BlocksNum 0x40000
19:51:40.0861 0x0218  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {78BA58A1-E868-47B8-A17F-26DAC72B8ED3}, Name: , StartLBA 0x40800, BlocksNum 0x3D090000
19:51:40.0861 0x0218  \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8C83FADA-2710-0000-3875-806E6F6E6963}, Name: , StartLBA 0x3D0D0800, BlocksNum 0x61A80000
19:51:40.0861 0x0218  \Device\Harddisk1\DR1\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8E626F71-2710-0000-3875-806E6F6E6963}, Name: , StartLBA 0x9EB50800, BlocksNum 0x249F0000
19:51:40.0861 0x0218  \Device\Harddisk1\DR1\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {90291645-2710-0000-3875-806E6F6E6963}, Name: , StartLBA 0xC3540800, BlocksNum 0xC350000
19:51:40.0861 0x0218  \Device\Harddisk1\DR1\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {91E63798-2710-0000-3875-806E6F6E6963}, Name: , StartLBA 0xCF890800, BlocksNum 0x8DC79B8E
19:51:40.0861 0x0218  MBR partitions:
19:51:40.0861 0x0218  \Device\Harddisk3\DR3:
19:51:40.0861 0x0218  MBR partitions:
19:51:40.0861 0x0218  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
19:51:40.0861 0x0218  \Device\Harddisk4\DR4:
19:51:40.0861 0x0218  MBR partitions:
19:51:40.0861 0x0218  \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
19:51:40.0861 0x0218  ============================================================
19:51:40.0862 0x0218  C: <-> \Device\Harddisk0\DR0\Partition3
19:51:40.0888 0x0218  K: <-> \Device\Harddisk1\DR1\Partition3
19:51:40.0915 0x0218  L: <-> \Device\Harddisk1\DR1\Partition4
19:51:40.0936 0x0218  M: <-> \Device\Harddisk1\DR1\Partition5
19:51:40.0958 0x0218  N: <-> \Device\Harddisk1\DR1\Partition6
19:51:40.0992 0x0218  G: <-> \Device\Harddisk1\DR1\Partition2
19:51:40.0993 0x0218  Q: <-> \Device\Harddisk3\DR3\Partition1
19:51:40.0993 0x0218  R: <-> \Device\Harddisk4\DR4\Partition1
19:51:40.0993 0x0218  ============================================================
19:51:40.0993 0x0218  Initialize success
19:51:40.0993 0x0218  ============================================================
19:52:03.0454 0x08f8  ============================================================
19:52:03.0454 0x08f8  Scan started
19:52:03.0454 0x08f8  Mode: Manual; SigCheck; TDLFS; 
19:52:03.0454 0x08f8  ============================================================
19:52:03.0454 0x08f8  KSN ping started
19:52:05.0728 0x08f8  KSN ping finished: true
19:52:06.0278 0x08f8  ================ Scan system memory ========================
19:52:06.0278 0x08f8  System memory - ok
19:52:06.0278 0x08f8  ================ Scan services =============================
19:52:06.0282 0x08f8  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:52:06.0302 0x08f8  !SASCORE - ok
19:52:06.0331 0x08f8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:52:06.0340 0x08f8  1394ohci - ok
19:52:06.0345 0x08f8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:52:06.0354 0x08f8  ACPI - ok
19:52:06.0355 0x08f8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:52:06.0361 0x08f8  AcpiPmi - ok
19:52:06.0378 0x08f8  [ CD41DFA7A778555B2055E2D388F5CB33, AE149AB7823AE3A97E2826C06968F32A7E50331484203E4581C83E441A1680F9 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
19:52:06.0395 0x08f8  AcrSch2Svc - ok
19:52:06.0400 0x08f8  [ 835CE0647E4E9F01BEB26201DA6705B4, C90CBED7E066ECE2F380CE84B95EAD0E120C02720DB31483BDF0E7EDF7FB4EE1 ] AdobeActiveFileMonitor11.0 C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
19:52:06.0407 0x08f8  AdobeActiveFileMonitor11.0 - ok
19:52:06.0428 0x08f8  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:52:06.0435 0x08f8  AdobeFlashPlayerUpdateSvc - ok
19:52:06.0443 0x08f8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:52:06.0453 0x08f8  adp94xx - ok
19:52:06.0459 0x08f8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:52:06.0467 0x08f8  adpahci - ok
19:52:06.0471 0x08f8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:52:06.0477 0x08f8  adpu320 - ok
19:52:06.0480 0x08f8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:52:06.0496 0x08f8  AeLookupSvc - ok
19:52:06.0502 0x08f8  [ ABCF9C80EAACE03021BB7F450EB8993F, 8E38726C423E82954CA85266D6F38B605D010A659420A4EF99D29035A9474BFB ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
19:52:06.0511 0x08f8  afcdp - ok
19:52:06.0559 0x08f8  [ 3B1C11CB7006495F799F8A2AB8B2D530, B7B0C4922A1843BBF8104CDC705C4FEA1F1A760C1CC2BD6BC5E4213A0E4ED9FD ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
19:52:06.0609 0x08f8  afcdpsrv - ok
19:52:06.0619 0x08f8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
19:52:06.0629 0x08f8  AFD - ok
19:52:06.0632 0x08f8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:52:06.0637 0x08f8  agp440 - ok
19:52:06.0639 0x08f8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:52:06.0645 0x08f8  ALG - ok
19:52:06.0646 0x08f8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:52:06.0651 0x08f8  aliide - ok
19:52:06.0673 0x08f8  ALSysIO - ok
19:52:06.0675 0x08f8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:52:06.0680 0x08f8  amdide - ok
19:52:06.0682 0x08f8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:52:06.0687 0x08f8  AmdK8 - ok
19:52:06.0690 0x08f8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:52:06.0695 0x08f8  AmdPPM - ok
19:52:06.0698 0x08f8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:52:06.0703 0x08f8  amdsata - ok
19:52:06.0707 0x08f8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:52:06.0713 0x08f8  amdsbs - ok
19:52:06.0715 0x08f8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:52:06.0720 0x08f8  amdxata - ok
19:52:06.0722 0x08f8  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
19:52:06.0728 0x08f8  AppID - ok
19:52:06.0729 0x08f8  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:52:06.0734 0x08f8  AppIDSvc - ok
19:52:06.0737 0x08f8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:52:06.0742 0x08f8  Appinfo - ok
19:52:06.0747 0x08f8  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:52:06.0753 0x08f8  AppMgmt - ok
19:52:06.0756 0x08f8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
19:52:06.0761 0x08f8  arc - ok
19:52:06.0764 0x08f8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:52:06.0769 0x08f8  arcsas - ok
19:52:06.0772 0x08f8  [ 10920CCB66203D7EF48F024B1B35AE6F, 3C97FE6C91076C059E54234F54021F5D74FB42638BE14E2C1E4CF2EFC342C274 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
19:52:06.0778 0x08f8  asmthub3 - ok
19:52:06.0784 0x08f8  [ C479BFAF73CF726E01AA0A487B268A5E, D49F7779CD25E098EC9DAF1886C3B3DB8EB22CEC0FEA6FDF4522A2B2D282AE37 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
19:52:06.0793 0x08f8  asmtxhci - ok
19:52:06.0802 0x08f8  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:52:06.0808 0x08f8  aspnet_state - ok
19:52:06.0810 0x08f8  [ 7F31020C06C8EC1B7013F8A8EF6B0C7E, BE94C92127FE88D5512D8C128CC7FFB2DF62285FE315319FF45E132FD3B6D47D ] asstor64        C:\Windows\system32\DRIVERS\asstor64.sys
19:52:06.0815 0x08f8  asstor64 - ok
19:52:06.0817 0x08f8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:52:06.0832 0x08f8  AsyncMac - ok
19:52:06.0834 0x08f8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:52:06.0838 0x08f8  atapi - ok
19:52:06.0848 0x08f8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:52:06.0860 0x08f8  AudioEndpointBuilder - ok
19:52:06.0870 0x08f8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:52:06.0883 0x08f8  AudioSrv - ok
19:52:06.0893 0x08f8  [ 15D2DB9BFA8E833ED31FAB2BB088FDDA, 6198C0A5DA01DA146A9A054C3C882A1DBF9BA84466EBFDDA1C1062EF36F9B34B ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
19:52:06.0902 0x08f8  AVP - ok
19:52:06.0905 0x08f8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:52:06.0913 0x08f8  AxInstSV - ok
19:52:06.0921 0x08f8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:52:06.0931 0x08f8  b06bdrv - ok
19:52:06.0936 0x08f8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:52:06.0943 0x08f8  b57nd60a - ok
19:52:06.0947 0x08f8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:52:06.0952 0x08f8  BDESVC - ok
19:52:06.0954 0x08f8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:52:06.0969 0x08f8  Beep - ok
19:52:06.0980 0x08f8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:52:06.0993 0x08f8  BFE - ok
19:52:06.0995 0x08f8  [ 15370F00194819D8194E655B77E24054, D6133DD3A7B08E9E1FDA1A75DB4CEC708DCA760010DE69E1B4F6CF29D2651A96 ] BfLwf           C:\Windows\system32\DRIVERS\bflwfx64.sys
19:52:07.0000 0x08f8  BfLwf - ok
19:52:07.0012 0x08f8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:52:07.0037 0x08f8  BITS - ok
19:52:07.0039 0x08f8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:52:07.0045 0x08f8  blbdrive - ok
19:52:07.0047 0x08f8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:52:07.0053 0x08f8  bowser - ok
19:52:07.0054 0x08f8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:52:07.0060 0x08f8  BrFiltLo - ok
19:52:07.0062 0x08f8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:52:07.0068 0x08f8  BrFiltUp - ok
19:52:07.0071 0x08f8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:52:07.0077 0x08f8  Browser - ok
19:52:07.0082 0x08f8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:52:07.0090 0x08f8  Brserid - ok
19:52:07.0092 0x08f8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:52:07.0099 0x08f8  BrSerWdm - ok
19:52:07.0100 0x08f8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:52:07.0106 0x08f8  BrUsbMdm - ok
19:52:07.0108 0x08f8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:52:07.0113 0x08f8  BrUsbSer - ok
19:52:07.0118 0x08f8  [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
19:52:07.0123 0x08f8  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
19:52:09.0417 0x08f8  Detect skipped due to KSN trusted
19:52:09.0417 0x08f8  BrYNSvc - ok
19:52:09.0420 0x08f8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:52:09.0427 0x08f8  BTHMODEM - ok
19:52:09.0430 0x08f8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:52:09.0446 0x08f8  bthserv - ok
19:52:09.0465 0x08f8  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
19:52:09.0486 0x08f8  c2cautoupdatesvc - ok
19:52:09.0510 0x08f8  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
19:52:09.0536 0x08f8  c2cpnrsvc - ok
19:52:09.0540 0x08f8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:52:09.0556 0x08f8  cdfs - ok
19:52:09.0559 0x08f8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:52:09.0565 0x08f8  cdrom - ok
19:52:09.0568 0x08f8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:52:09.0584 0x08f8  CertPropSvc - ok
19:52:09.0586 0x08f8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:52:09.0593 0x08f8  circlass - ok
19:52:09.0599 0x08f8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:52:09.0607 0x08f8  CLFS - ok
19:52:09.0646 0x08f8  [ 1352A95AD8150440E0A5DD9745154D74, CF78A6267A246F747844FFA255783B5867B0A7232C65AF6224B25B2FBB893313 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
19:52:09.0683 0x08f8  ClickToRunSvc - ok
19:52:09.0689 0x08f8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:52:09.0694 0x08f8  clr_optimization_v2.0.50727_32 - ok
19:52:09.0698 0x08f8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:52:09.0704 0x08f8  clr_optimization_v2.0.50727_64 - ok
19:52:09.0711 0x08f8  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:52:09.0717 0x08f8  clr_optimization_v4.0.30319_32 - ok
19:52:09.0720 0x08f8  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:52:09.0728 0x08f8  clr_optimization_v4.0.30319_64 - ok
19:52:09.0730 0x08f8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:52:09.0734 0x08f8  CmBatt - ok
19:52:09.0736 0x08f8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:52:09.0741 0x08f8  cmdide - ok
19:52:09.0748 0x08f8  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
19:52:09.0760 0x08f8  CNG - ok
19:52:09.0762 0x08f8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:52:09.0766 0x08f8  Compbatt - ok
19:52:09.0768 0x08f8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:52:09.0774 0x08f8  CompositeBus - ok
19:52:09.0775 0x08f8  COMSysApp - ok
19:52:09.0793 0x08f8  cpuz137 - ok
19:52:09.0794 0x08f8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:52:09.0799 0x08f8  crcdisk - ok
19:52:09.0803 0x08f8  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:52:09.0810 0x08f8  CryptSvc - ok
19:52:09.0818 0x08f8  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
19:52:09.0828 0x08f8  CSC - ok
19:52:09.0838 0x08f8  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
19:52:09.0851 0x08f8  CscService - ok
19:52:09.0859 0x08f8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:52:09.0880 0x08f8  DcomLaunch - ok
19:52:09.0886 0x08f8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:52:09.0905 0x08f8  defragsvc - ok
19:52:09.0907 0x08f8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:52:09.0923 0x08f8  DfsC - ok
19:52:09.0929 0x08f8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:52:09.0937 0x08f8  Dhcp - ok
19:52:09.0939 0x08f8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:52:09.0956 0x08f8  discache - ok
19:52:09.0958 0x08f8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
19:52:09.0963 0x08f8  Disk - ok
19:52:09.0966 0x08f8  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
19:52:09.0974 0x08f8  dmvsc - ok
19:52:09.0977 0x08f8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:52:09.0984 0x08f8  Dnscache - ok
19:52:09.0989 0x08f8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:52:10.0007 0x08f8  dot3svc - ok
19:52:10.0010 0x08f8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:52:10.0027 0x08f8  DPS - ok
19:52:10.0029 0x08f8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:52:10.0033 0x08f8  drmkaud - ok
19:52:10.0047 0x08f8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:52:10.0062 0x08f8  DXGKrnl - ok
19:52:10.0066 0x08f8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:52:10.0082 0x08f8  EapHost - ok
19:52:10.0135 0x08f8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:52:10.0179 0x08f8  ebdrv - ok
19:52:10.0183 0x08f8  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe
19:52:10.0188 0x08f8  EFS - ok
19:52:10.0199 0x08f8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:52:10.0212 0x08f8  ehRecvr - ok
19:52:10.0215 0x08f8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:52:10.0221 0x08f8  ehSched - ok
19:52:10.0229 0x08f8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:52:10.0239 0x08f8  elxstor - ok
19:52:10.0242 0x08f8  [ 6106653B08F4F72EEAA7F099E7C408A4, 96B77284744F8761C4F2558388E0AEE2140618B484FF53FA8B222B340D2A9C84 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
19:52:10.0244 0x08f8  epmntdrv - detected UnsignedFile.Multi.Generic ( 1 )
19:52:12.0537 0x08f8  Detect skipped due to KSN trusted
19:52:12.0537 0x08f8  epmntdrv - ok
19:52:12.0539 0x08f8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:52:12.0544 0x08f8  ErrDev - ok
19:52:12.0546 0x08f8  [ 991C04A31777ED77CB92A4F96F14C2E2, 6CC2A311D8E67032D0847D70B20DCA87B52B2B7FB3C380B3A5AB6C233E955DD2 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
19:52:12.0549 0x08f8  EuGdiDrv - detected UnsignedFile.Multi.Generic ( 1 )
19:52:14.0850 0x08f8  Detect skipped due to KSN trusted
19:52:14.0850 0x08f8  EuGdiDrv - ok
19:52:14.0857 0x08f8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:52:14.0878 0x08f8  EventSystem - ok
19:52:14.0882 0x08f8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:52:14.0899 0x08f8  exfat - ok
19:52:14.0903 0x08f8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:52:14.0921 0x08f8  fastfat - ok
19:52:14.0931 0x08f8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:52:14.0943 0x08f8  Fax - ok
19:52:14.0946 0x08f8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
19:52:14.0951 0x08f8  fdc - ok
19:52:14.0952 0x08f8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:52:14.0968 0x08f8  fdPHost - ok
19:52:14.0970 0x08f8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:52:14.0986 0x08f8  FDResPub - ok
19:52:14.0988 0x08f8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:52:14.0993 0x08f8  FileInfo - ok
19:52:14.0995 0x08f8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:52:15.0010 0x08f8  Filetrace - ok
19:52:15.0012 0x08f8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:52:15.0017 0x08f8  flpydisk - ok
19:52:15.0022 0x08f8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:52:15.0030 0x08f8  FltMgr - ok
19:52:15.0033 0x08f8  [ FDD776FAC4159A2983940D1E411FE9F3, 3B147B4D3C5CC67117D65152FA8BD3A603728C92B023AE45CD166E6FF3F474C5 ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
19:52:15.0038 0x08f8  fltsrv - ok
19:52:15.0053 0x08f8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:52:15.0072 0x08f8  FontCache - ok
19:52:15.0075 0x08f8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:52:15.0079 0x08f8  FontCache3.0.0.0 - ok
19:52:15.0081 0x08f8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:52:15.0086 0x08f8  FsDepends - ok
19:52:15.0088 0x08f8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:52:15.0092 0x08f8  Fs_Rec - ok
19:52:15.0101 0x08f8  [ 6A420537442958B8F470CE60C55EDF2B, 4C41D157E5B1C8F4B1B00C454AD8AAEBB672898837B6C6E403398E5B878D18F2 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
19:52:15.0111 0x08f8  Futuremark SystemInfo Service - ok
19:52:15.0115 0x08f8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:52:15.0123 0x08f8  fvevol - ok
19:52:15.0126 0x08f8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:52:15.0131 0x08f8  gagp30kx - ok
19:52:15.0141 0x08f8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:52:15.0165 0x08f8  gpsvc - ok
19:52:15.0167 0x08f8  GPUZ - ok
19:52:15.0170 0x08f8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:52:15.0175 0x08f8  gupdate - ok
19:52:15.0177 0x08f8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:52:15.0181 0x08f8  gupdatem - ok
19:52:15.0183 0x08f8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:52:15.0188 0x08f8  hcw85cir - ok
19:52:15.0194 0x08f8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:52:15.0204 0x08f8  HdAudAddService - ok
19:52:15.0207 0x08f8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:52:15.0214 0x08f8  HDAudBus - ok
19:52:15.0216 0x08f8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:52:15.0220 0x08f8  HidBatt - ok
19:52:15.0223 0x08f8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:52:15.0230 0x08f8  HidBth - ok
19:52:15.0232 0x08f8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:52:15.0239 0x08f8  HidIr - ok
19:52:15.0241 0x08f8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:52:15.0257 0x08f8  hidserv - ok
19:52:15.0259 0x08f8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:52:15.0263 0x08f8  HidUsb - ok
19:52:15.0266 0x08f8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:52:15.0282 0x08f8  hkmsvc - ok
19:52:15.0286 0x08f8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:52:15.0293 0x08f8  HomeGroupListener - ok
19:52:15.0297 0x08f8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:52:15.0304 0x08f8  HomeGroupProvider - ok
19:52:15.0307 0x08f8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:52:15.0312 0x08f8  HpSAMD - ok
19:52:15.0322 0x08f8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:52:15.0346 0x08f8  HTTP - ok
19:52:15.0348 0x08f8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:52:15.0353 0x08f8  hwpolicy - ok
19:52:15.0355 0x08f8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:52:15.0361 0x08f8  i8042prt - ok
19:52:15.0368 0x08f8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:52:15.0377 0x08f8  iaStorV - ok
19:52:15.0389 0x08f8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:52:15.0403 0x08f8  idsvc - ok
19:52:15.0405 0x08f8  IEEtwCollectorService - ok
19:52:15.0407 0x08f8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:52:15.0412 0x08f8  iirsp - ok
19:52:15.0424 0x08f8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:52:15.0439 0x08f8  IKEEXT - ok
19:52:15.0441 0x08f8  [ 4709FA618952E381ED9BF40B524E8EAC, FA6B7EEA1F122BE8731C4B26F5BA21F5B73F19BBD85F938AFF66E8558C793682 ] INETMON         C:\Windows\System32\Drivers\INETMON.sys
19:52:15.0446 0x08f8  INETMON - ok
19:52:15.0493 0x08f8  [ 70DD225646BF84233E18890583E57EFB, 657CFBEBE5C131873BB0B28F6C719772E19D51B48A795E459C388C8EC5EE655B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:52:15.0543 0x08f8  IntcAzAudAddService - ok
19:52:15.0558 0x08f8  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
19:52:15.0572 0x08f8  Intel(R) Capability Licensing Service TCP IP Interface - ok
19:52:15.0575 0x08f8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:52:15.0579 0x08f8  intelide - ok
19:52:15.0581 0x08f8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:52:15.0586 0x08f8  intelppm - ok
19:52:15.0589 0x08f8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:52:15.0606 0x08f8  IPBusEnum - ok
19:52:15.0608 0x08f8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:52:15.0624 0x08f8  IpFilterDriver - ok
19:52:15.0632 0x08f8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:52:15.0644 0x08f8  iphlpsvc - ok
19:52:15.0646 0x08f8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:52:15.0652 0x08f8  IPMIDRV - ok
19:52:15.0655 0x08f8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:52:15.0671 0x08f8  IPNAT - ok
19:52:15.0673 0x08f8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:52:15.0680 0x08f8  IRENUM - ok
19:52:15.0681 0x08f8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:52:15.0686 0x08f8  isapnp - ok
19:52:15.0691 0x08f8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:52:15.0698 0x08f8  iScsiPrt - ok
19:52:15.0700 0x08f8  [ 35C0995BCDB0E45D1EEBE4FB582D1563, 67B44EE25B8FF5778AC58255265536EC4CC444A5A8368D6311DEDAF58357E5ED ] ISCT            C:\Windows\system32\DRIVERS\ISCTD.sys
19:52:15.0705 0x08f8  ISCT - ok
19:52:15.0710 0x08f8  [ B6064D8C7500E416BC0B7CB2A8474D3A, 824CD7539398119DEF147EEDDBF010EA9B6184B8FA4B17BDDC0D9948F0F66991 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
19:52:15.0716 0x08f8  ISCTAgent - ok
19:52:15.0718 0x08f8  [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:52:15.0722 0x08f8  iusb3hcs - ok
19:52:15.0728 0x08f8  [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
19:52:15.0736 0x08f8  iusb3hub - ok
19:52:15.0747 0x08f8  [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:52:15.0760 0x08f8  iusb3xhc - ok
19:52:15.0764 0x08f8  [ BDC9C7931DB723CB1AF9F7075EA06645, EEBD5DC9C4656F14F8F0A0A5E84657B6B2BA35283E0E571119DA82F131D5C21B ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:52:15.0770 0x08f8  jhi_service - ok
19:52:15.0772 0x08f8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:52:15.0777 0x08f8  kbdclass - ok
19:52:15.0778 0x08f8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:52:15.0783 0x08f8  kbdhid - ok
19:52:15.0787 0x08f8  [ 819433A6CFC8771F0A2B0BB8EF6125B1, 37BE3545E3782CFA56F1A890B389CDF37C48F177CEE3EF23F4FDDF3D2A094DD3 ] Ke2200          C:\Windows\system32\DRIVERS\e22w7x64.sys
19:52:15.0792 0x08f8  Ke2200 - ok
19:52:15.0794 0x08f8  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe
19:52:15.0798 0x08f8  KeyIso - ok
19:52:15.0805 0x08f8  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
19:52:15.0815 0x08f8  kl1 - ok
19:52:15.0825 0x08f8  [ FEA38D7024CD9C27D58A862A19DCFA14, 522A15963A105AD551ED45E7BA2AFA7A90408FE7D349307A17F12FE761AFB903 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
19:52:15.0836 0x08f8  KLIF - ok
19:52:15.0838 0x08f8  [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
19:52:15.0842 0x08f8  KLIM6 - ok
19:52:15.0844 0x08f8  [ AEB50941C6D67128B14F88DB9917C4E0, 2ACE46665DE298CC197660A442A3172B1FB460A40BD18AECEA786ACB011FDA43 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
19:52:15.0848 0x08f8  klkbdflt - ok
19:52:15.0849 0x08f8  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
19:52:15.0853 0x08f8  klmouflt - ok
19:52:15.0855 0x08f8  [ 45ECF097BC6330C2054D7D43B7AD822B, 41684ED54E75FE6BEEA322E7CE888DFDD53EE1F45016E01CE10B84ABB02CBDA8 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
19:52:15.0859 0x08f8  kltdi - ok
19:52:15.0863 0x08f8  [ 0E71FAED99892750DFE1C5237A6F8FE6, 786FEEEF637BC89FDED3DDEA2563144C7128E7C9582261B23F16B98D69149088 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
19:52:15.0869 0x08f8  kneps - ok
19:52:15.0872 0x08f8  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:52:15.0877 0x08f8  KSecDD - ok
19:52:15.0880 0x08f8  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:52:15.0886 0x08f8  KSecPkg - ok
19:52:15.0888 0x08f8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:52:15.0903 0x08f8  ksthunk - ok
19:52:15.0909 0x08f8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:52:15.0929 0x08f8  KtmRm - ok
19:52:15.0934 0x08f8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:52:15.0952 0x08f8  LanmanServer - ok
19:52:15.0955 0x08f8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:52:15.0972 0x08f8  LanmanWorkstation - ok
19:52:15.0974 0x08f8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:52:15.0990 0x08f8  lltdio - ok
19:52:15.0995 0x08f8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:52:16.0014 0x08f8  lltdsvc - ok
19:52:16.0016 0x08f8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:52:16.0032 0x08f8  lmhosts - ok
19:52:16.0039 0x08f8  [ A7D2A96187E5C5F4F7650900A15788AA, F131C3E8206A89A9244ECF2507F4FC1A8550E594A58F75338939A54C973078AF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:52:16.0048 0x08f8  LMS - ok
19:52:16.0051 0x08f8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:52:16.0057 0x08f8  LSI_FC - ok
19:52:16.0060 0x08f8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:52:16.0065 0x08f8  LSI_SAS - ok
19:52:16.0067 0x08f8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:52:16.0072 0x08f8  LSI_SAS2 - ok
19:52:16.0075 0x08f8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:52:16.0080 0x08f8  LSI_SCSI - ok
19:52:16.0083 0x08f8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:52:16.0099 0x08f8  luafv - ok
19:52:16.0101 0x08f8  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
19:52:16.0105 0x08f8  MBfilt - ok
19:52:16.0107 0x08f8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:52:16.0114 0x08f8  Mcx2Svc - ok
19:52:16.0116 0x08f8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:52:16.0120 0x08f8  megasas - ok
19:52:16.0125 0x08f8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:52:16.0133 0x08f8  MegaSR - ok
19:52:16.0136 0x08f8  [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
19:52:16.0142 0x08f8  MEIx64 - ok
19:52:16.0144 0x08f8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:52:16.0161 0x08f8  MMCSS - ok
19:52:16.0162 0x08f8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:52:16.0178 0x08f8  Modem - ok
19:52:16.0180 0x08f8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:52:16.0186 0x08f8  monitor - ok
19:52:16.0188 0x08f8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:52:16.0193 0x08f8  mouclass - ok
19:52:16.0195 0x08f8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:52:16.0200 0x08f8  mouhid - ok
19:52:16.0202 0x08f8  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:52:16.0208 0x08f8  mountmgr - ok
19:52:16.0211 0x08f8  [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:52:16.0217 0x08f8  MozillaMaintenance - ok
19:52:16.0220 0x08f8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:52:16.0226 0x08f8  mpio - ok
19:52:16.0229 0x08f8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:52:16.0245 0x08f8  mpsdrv - ok
19:52:16.0256 0x08f8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:52:16.0281 0x08f8  MpsSvc - ok
19:52:16.0285 0x08f8  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:52:16.0291 0x08f8  MRxDAV - ok
19:52:16.0294 0x08f8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:52:16.0300 0x08f8  mrxsmb - ok
19:52:16.0305 0x08f8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:52:16.0313 0x08f8  mrxsmb10 - ok
19:52:16.0316 0x08f8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:52:16.0322 0x08f8  mrxsmb20 - ok
19:52:16.0324 0x08f8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:52:16.0328 0x08f8  msahci - ok
19:52:16.0332 0x08f8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:52:16.0337 0x08f8  msdsm - ok
19:52:16.0341 0x08f8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:52:16.0348 0x08f8  MSDTC - ok
19:52:16.0351 0x08f8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:52:16.0366 0x08f8  Msfs - ok
19:52:16.0368 0x08f8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:52:16.0383 0x08f8  mshidkmdf - ok
19:52:16.0384 0x08f8  MSICDSetup - ok
19:52:16.0386 0x08f8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:52:16.0390 0x08f8  msisadrv - ok
19:52:16.0393 0x08f8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:52:16.0411 0x08f8  MSiSCSI - ok
19:52:16.0412 0x08f8  msiserver - ok
19:52:16.0414 0x08f8  [ A7EDADFB0AE38AE6F0488F0F2448D8B5, 7DC08FF24CC4E2071BF8E876976B22E810A8A407FADE403D119F75AD50088105 ] MSI_Trigger_Service C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
19:52:16.0418 0x08f8  MSI_Trigger_Service - ok
19:52:16.0419 0x08f8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:52:16.0435 0x08f8  MSKSSRV - ok
19:52:16.0436 0x08f8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:52:16.0452 0x08f8  MSPCLOCK - ok
19:52:16.0453 0x08f8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:52:16.0468 0x08f8  MSPQM - ok
19:52:16.0474 0x08f8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:52:16.0483 0x08f8  MsRPC - ok
19:52:16.0486 0x08f8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:52:16.0503 0x08f8  mssmbios - ok
19:52:16.0504 0x08f8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:52:16.0520 0x08f8  MSTEE - ok
19:52:16.0521 0x08f8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:52:16.0526 0x08f8  MTConfig - ok
19:52:16.0528 0x08f8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:52:16.0533 0x08f8  Mup - ok
19:52:16.0540 0x08f8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:52:16.0561 0x08f8  napagent - ok
19:52:16.0567 0x08f8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:52:16.0577 0x08f8  NativeWifiP - ok
19:52:16.0590 0x08f8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:52:16.0605 0x08f8  NDIS - ok
19:52:16.0608 0x08f8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:52:16.0623 0x08f8  NdisCap - ok
19:52:16.0625 0x08f8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:52:16.0640 0x08f8  NdisTapi - ok
19:52:16.0642 0x08f8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:52:16.0658 0x08f8  Ndisuio - ok
19:52:16.0661 0x08f8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:52:16.0678 0x08f8  NdisWan - ok
19:52:16.0680 0x08f8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:52:16.0696 0x08f8  NDProxy - ok
19:52:16.0698 0x08f8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:52:16.0713 0x08f8  NetBIOS - ok
19:52:16.0718 0x08f8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:52:16.0736 0x08f8  NetBT - ok
19:52:16.0738 0x08f8  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe
19:52:16.0742 0x08f8  Netlogon - ok
19:52:16.0748 0x08f8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:52:16.0768 0x08f8  Netman - ok
19:52:16.0776 0x08f8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:52:16.0782 0x08f8  NetMsmqActivator - ok
19:52:16.0785 0x08f8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:52:16.0792 0x08f8  NetPipeActivator - ok
19:52:16.0799 0x08f8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:52:16.0820 0x08f8  netprofm - ok
19:52:16.0823 0x08f8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:52:16.0830 0x08f8  NetTcpActivator - ok
19:52:16.0833 0x08f8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:52:16.0839 0x08f8  NetTcpPortSharing - ok
19:52:16.0841 0x08f8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:52:16.0846 0x08f8  nfrd960 - ok
19:52:16.0851 0x08f8  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:52:16.0859 0x08f8  NlaSvc - ok
19:52:16.0861 0x08f8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:52:16.0877 0x08f8  Npfs - ok
19:52:16.0879 0x08f8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:52:16.0895 0x08f8  nsi - ok
19:52:16.0897 0x08f8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:52:16.0912 0x08f8  nsiproxy - ok
19:52:16.0934 0x08f8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:52:16.0958 0x08f8  Ntfs - ok
19:52:16.0960 0x08f8  NTIOLib_1_0_C - ok
19:52:16.0962 0x08f8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:52:16.0977 0x08f8  Null - ok
19:52:16.0980 0x08f8  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
19:52:16.0986 0x08f8  NVHDA - ok
19:52:17.0108 0x08f8  [ 3B99271224C43ADAB5A7F8D4B574AE3F, 931B011EA7796C61922D892C11D880BCC0383FCECABC4F4855AF89BA20B9B01B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:52:17.0234 0x08f8  nvlddmkm - ok
19:52:17.0262 0x08f8  [ 45D6780D0525D7BC29E2E3605CA73C18, C8BBE8BE9824CD1D3C4314FE370FA03BD6000187B4FC4FC935F8342E1A02FA7E ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
19:52:17.0287 0x08f8  NvNetworkService - ok
19:52:17.0291 0x08f8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:52:17.0297 0x08f8  nvraid - ok
19:52:17.0300 0x08f8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:52:17.0307 0x08f8  nvstor - ok
19:52:17.0309 0x08f8  [ A0D870DCE152EE5B92A41AD927201D19, 67FB025CB380D933BF0FDD4AFE9BE4E3C1D69A59865E02A96533BBE9EC260D71 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
19:52:17.0313 0x08f8  NvStreamKms - ok
19:52:17.0534 0x08f8  [ E5597D09E5239C0F908948DB7057AC26, A6045D4D9D2F8007B0F75DAAABB2AD9FEB4A898E33A51ECE9A9D788D8E8F84A4 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
19:52:17.0768 0x08f8  NvStreamSvc - ok
19:52:17.0793 0x08f8  [ 97ADEBE576474D4CEC53F8E06590FFC8, 2CC8587AAB595D7621AA57A33D94789BD9DC6DBFB4FA9BDEFBB425B7ACCB65AB ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:52:17.0808 0x08f8  nvsvc - ok
19:52:17.0811 0x08f8  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
19:52:17.0815 0x08f8  nvvad_WaveExtensible - ok
19:52:17.0818 0x08f8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:52:17.0824 0x08f8  nv_agp - ok
19:52:17.0826 0x08f8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:52:17.0831 0x08f8  ohci1394 - ok
19:52:17.0835 0x08f8  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:52:17.0841 0x08f8  ose - ok
19:52:17.0903 0x08f8  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:52:17.0968 0x08f8  osppsvc - ok
19:52:17.0977 0x08f8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:52:17.0986 0x08f8  p2pimsvc - ok
19:52:17.0993 0x08f8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:52:18.0003 0x08f8  p2psvc - ok
19:52:18.0006 0x08f8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
19:52:18.0012 0x08f8  Parport - ok
19:52:18.0014 0x08f8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:52:18.0019 0x08f8  partmgr - ok
19:52:18.0023 0x08f8  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:52:18.0030 0x08f8  PcaSvc - ok
19:52:18.0033 0x08f8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:52:18.0040 0x08f8  pci - ok
19:52:18.0041 0x08f8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:52:18.0046 0x08f8  pciide - ok
19:52:18.0050 0x08f8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:52:18.0057 0x08f8  pcmcia - ok
19:52:18.0059 0x08f8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:52:18.0063 0x08f8  pcw - ok
19:52:18.0086 0x08f8  [ F97DC1A5244469D367B1334D47118E34, A36B6C402F92BEBE14082296CBF5F69656ED87AB700789028799768FA1FE2A72 ] PDF Architect 2 C:\Program Files (x86)\PDF Architect 2\ws.exe
19:52:18.0111 0x08f8  PDF Architect 2 - ok
19:52:18.0124 0x08f8  [ E81F7D5371C95904D4105B06405D5EDA, A6A41793AC241801D37A95C25B2DA0C3CDDC804B4F2BD087ECBD30C562F3517B ] pdfforge CrashHandler C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
19:52:18.0137 0x08f8  pdfforge CrashHandler - ok
19:52:18.0147 0x08f8  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:52:18.0160 0x08f8  PEAUTH - ok
19:52:18.0178 0x08f8  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:52:18.0199 0x08f8  PeerDistSvc - ok
19:52:18.0218 0x08f8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:52:18.0223 0x08f8  PerfHost - ok
19:52:18.0244 0x08f8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:52:18.0276 0x08f8  pla - ok
19:52:18.0283 0x08f8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:52:18.0293 0x08f8  PlugPlay - ok
19:52:18.0295 0x08f8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:52:18.0300 0x08f8  PNRPAutoReg - ok
19:52:18.0305 0x08f8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:52:18.0314 0x08f8  PNRPsvc - ok
19:52:18.0321 0x08f8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:52:18.0342 0x08f8  PolicyAgent - ok
19:52:18.0346 0x08f8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:52:18.0364 0x08f8  Power - ok
19:52:18.0367 0x08f8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:52:18.0383 0x08f8  PptpMiniport - ok
19:52:18.0385 0x08f8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
19:52:18.0391 0x08f8  Processor - ok
19:52:18.0395 0x08f8  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:52:18.0402 0x08f8  ProfSvc - ok
19:52:18.0404 0x08f8  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:52:18.0409 0x08f8  ProtectedStorage - ok
19:52:18.0412 0x08f8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:52:18.0428 0x08f8  Psched - ok
19:52:18.0430 0x08f8  [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:52:18.0434 0x08f8  PxHlpa64 - ok
19:52:18.0453 0x08f8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:52:18.0476 0x08f8  ql2300 - ok
19:52:18.0480 0x08f8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:52:18.0485 0x08f8  ql40xx - ok
19:52:18.0491 0x08f8  [ 488936C5C09AC64F35DC817BFE34F3D9, 43DE318D50F30B54EF2BC635AA6FD2179073444F8E78F978D9F87A1F31A6EA26 ] Qualcomm Atheros Killer Service V2 C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
19:52:18.0497 0x08f8  Qualcomm Atheros Killer Service V2 - detected UnsignedFile.Multi.Generic ( 1 )
19:52:20.0814 0x08f8  Qualcomm Atheros Killer Service V2 ( UnsignedFile.Multi.Generic ) - warning
19:52:23.0174 0x08f8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:52:23.0184 0x08f8  QWAVE - ok
19:52:23.0184 0x08f8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:52:23.0194 0x08f8  QWAVEdrv - ok
19:52:23.0194 0x08f8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:52:23.0214 0x08f8  RasAcd - ok
19:52:23.0214 0x08f8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:52:23.0224 0x08f8  RasAgileVpn - ok
19:52:23.0234 0x08f8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:52:23.0244 0x08f8  RasAuto - ok
19:52:23.0254 0x08f8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:52:23.0264 0x08f8  Rasl2tp - ok
19:52:23.0274 0x08f8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:52:23.0294 0x08f8  RasMan - ok
19:52:23.0294 0x08f8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:52:23.0314 0x08f8  RasPppoe - ok
19:52:23.0314 0x08f8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:52:23.0334 0x08f8  RasSstp - ok
19:52:23.0334 0x08f8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:52:23.0354 0x08f8  rdbss - ok
19:52:23.0354 0x08f8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:52:23.0364 0x08f8  rdpbus - ok
19:52:23.0364 0x08f8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:52:23.0374 0x08f8  RDPCDD - ok
19:52:23.0384 0x08f8  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:52:23.0384 0x08f8  RDPDR - ok
19:52:23.0394 0x08f8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:52:23.0404 0x08f8  RDPENCDD - ok
19:52:23.0404 0x08f8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:52:23.0424 0x08f8  RDPREFMP - ok
19:52:23.0424 0x08f8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:52:23.0434 0x08f8  RdpVideoMiniport - ok
19:52:23.0434 0x08f8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:52:23.0444 0x08f8  RDPWD - ok
19:52:23.0444 0x08f8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:52:23.0454 0x08f8  rdyboost - ok
19:52:23.0454 0x08f8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:52:23.0474 0x08f8  RemoteAccess - ok
19:52:23.0474 0x08f8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:52:23.0494 0x08f8  RemoteRegistry - ok
19:52:23.0494 0x08f8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:52:23.0514 0x08f8  RpcEptMapper - ok
19:52:23.0514 0x08f8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:52:23.0514 0x08f8  RpcLocator - ok
19:52:23.0524 0x08f8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:52:23.0544 0x08f8  RpcSs - ok
19:52:23.0544 0x08f8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:52:23.0564 0x08f8  rspndr - ok
19:52:23.0564 0x08f8  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:52:23.0574 0x08f8  s3cap - ok
19:52:23.0574 0x08f8  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe
19:52:23.0574 0x08f8  SamSs - ok
19:52:23.0574 0x08f8  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:52:23.0584 0x08f8  SASDIFSV - ok
19:52:23.0584 0x08f8  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:52:23.0584 0x08f8  SASKUTIL - ok
19:52:23.0594 0x08f8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:52:23.0594 0x08f8  sbp2port - ok
19:52:23.0594 0x08f8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:52:23.0614 0x08f8  SCardSvr - ok
19:52:23.0614 0x08f8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:52:23.0634 0x08f8  scfilter - ok
19:52:23.0644 0x08f8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:52:23.0674 0x08f8  Schedule - ok
19:52:23.0684 0x08f8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:52:23.0694 0x08f8  SCPolicySvc - ok
19:52:23.0694 0x08f8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:52:23.0704 0x08f8  SDRSVC - ok
19:52:23.0704 0x08f8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:52:23.0724 0x08f8  secdrv - ok
19:52:23.0724 0x08f8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:52:23.0744 0x08f8  seclogon - ok
19:52:23.0744 0x08f8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:52:23.0754 0x08f8  SENS - ok
19:52:23.0764 0x08f8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:52:23.0764 0x08f8  SensrSvc - ok
19:52:23.0764 0x08f8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:52:23.0774 0x08f8  Serenum - ok
19:52:23.0774 0x08f8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:52:23.0784 0x08f8  Serial - ok
19:52:23.0784 0x08f8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:52:23.0784 0x08f8  sermouse - ok
19:52:23.0794 0x08f8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:52:23.0814 0x08f8  SessionEnv - ok
19:52:23.0814 0x08f8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:52:23.0814 0x08f8  sffdisk - ok
19:52:23.0814 0x08f8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:52:23.0824 0x08f8  sffp_mmc - ok
19:52:23.0824 0x08f8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:52:23.0834 0x08f8  sffp_sd - ok
19:52:23.0834 0x08f8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:52:23.0834 0x08f8  sfloppy - ok
19:52:23.0844 0x08f8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:52:23.0864 0x08f8  SharedAccess - ok
19:52:23.0874 0x08f8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:52:23.0884 0x08f8  ShellHWDetection - ok
19:52:23.0894 0x08f8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:52:23.0894 0x08f8  SiSRaid2 - ok
19:52:23.0894 0x08f8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:52:23.0904 0x08f8  SiSRaid4 - ok
19:52:23.0914 0x08f8  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:52:23.0914 0x08f8  SkypeUpdate - ok
19:52:23.0924 0x08f8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:52:23.0934 0x08f8  Smb - ok
19:52:23.0944 0x08f8  [ FBE0201AB61E18934C812C34D31A4403, 549E51FC11CCA30B21970C90F4799D6CB94481CDC623B8C319F16DAEFC8A190B ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
19:52:23.0954 0x08f8  snapman - ok
19:52:23.0954 0x08f8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:52:23.0954 0x08f8  SNMPTRAP - ok
19:52:23.0954 0x08f8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:52:23.0964 0x08f8  spldr - ok
19:52:23.0974 0x08f8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:52:23.0984 0x08f8  Spooler - ok
19:52:24.0024 0x08f8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:52:24.0084 0x08f8  sppsvc - ok
19:52:24.0084 0x08f8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:52:24.0104 0x08f8  sppuinotify - ok
19:52:24.0114 0x08f8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:52:24.0124 0x08f8  srv - ok
19:52:24.0124 0x08f8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:52:24.0134 0x08f8  srv2 - ok
19:52:24.0144 0x08f8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:52:24.0144 0x08f8  srvnet - ok
19:52:24.0154 0x08f8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:52:24.0164 0x08f8  SSDPSRV - ok
19:52:24.0174 0x08f8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:52:24.0184 0x08f8  SstpSvc - ok
19:52:24.0194 0x08f8  [ 15E9700890AE50AA6A8B68EBB8F82EAD, 99D909B8A20E47BBDB5902806C700EAF914192561D69182D93357C6C6F30EC0D ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:52:24.0204 0x08f8  Steam Client Service - ok
19:52:24.0214 0x08f8  [ 49B1E5AF3AA400752A20BE169CB73DFA, D990BC79B289912EB07F3FD50F1236C593A45C5E9B7BD8162269687258E07CE2 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:52:24.0224 0x08f8  Stereo Service - ok
19:52:24.0224 0x08f8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:52:24.0224 0x08f8  stexstor - ok
19:52:24.0234 0x08f8  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:52:24.0234 0x08f8  StillCam - ok
19:52:24.0244 0x08f8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:52:24.0254 0x08f8  stisvc - ok
19:52:24.0264 0x08f8  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:52:24.0264 0x08f8  storflt - ok
19:52:24.0264 0x08f8  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
19:52:24.0274 0x08f8  StorSvc - ok
19:52:24.0274 0x08f8  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:52:24.0274 0x08f8  storvsc - ok
19:52:24.0284 0x08f8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:52:24.0284 0x08f8  swenum - ok
19:52:24.0294 0x08f8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:52:24.0314 0x08f8  swprv - ok
19:52:24.0394 0x08f8  [ 0FE29D81F372CA2DCE9E49736A3BD3E6, 10ED93BEE7ECBD2AF5E7AB0197CC82A5424FD63A2ED90F0417B266AD06E5F32C ] syncagentsrv    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
19:52:24.0484 0x08f8  syncagentsrv - ok
19:52:24.0514 0x08f8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:52:24.0544 0x08f8  SysMain - ok
19:52:24.0544 0x08f8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:52:24.0554 0x08f8  TabletInputService - ok
19:52:24.0554 0x08f8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:52:24.0574 0x08f8  TapiSrv - ok
19:52:24.0584 0x08f8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:52:24.0594 0x08f8  TBS - ok
19:52:24.0624 0x08f8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:52:24.0644 0x08f8  Tcpip - ok
19:52:24.0674 0x08f8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:52:24.0704 0x08f8  TCPIP6 - ok
19:52:24.0704 0x08f8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:52:24.0714 0x08f8  tcpipreg - ok
19:52:24.0714 0x08f8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:52:24.0714 0x08f8  TDPIPE - ok
19:52:24.0734 0x08f8  [ 07330E30921C70E9D9B416EE43A06349, 398500C12E685BCF732C7F80A2C0E95181E5377A0E6C14CF9A3EE8580083A556 ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
19:52:24.0754 0x08f8  tdrpman - ok
19:52:24.0764 0x08f8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:52:24.0764 0x08f8  TDTCP - ok
19:52:24.0764 0x08f8  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:52:24.0774 0x08f8  tdx - ok
19:52:24.0774 0x08f8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:52:24.0784 0x08f8  TermDD - ok
19:52:24.0794 0x08f8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
19:52:24.0804 0x08f8  TermService - ok
19:52:24.0804 0x08f8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:52:24.0814 0x08f8  Themes - ok
19:52:24.0814 0x08f8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:52:24.0834 0x08f8  THREADORDER - ok
19:52:24.0844 0x08f8  [ DE604462206F7D8C203F767F425FCA8D, 149FBF6367C45415B939A9B1A7A10DA7A5E19F28CE533BCBE2B20DA4B78F8645 ] tib             C:\Windows\system32\DRIVERS\tib.sys
19:52:24.0864 0x08f8  tib - ok
19:52:24.0874 0x08f8  [ 3C29FB9FC9B4C511AD69DC50257FEC75, 4906DADE076FD363C53044C805602EEA4D0EF6E92041C693E1BED2286614B36E ] tib_mounter     C:\Windows\system32\DRIVERS\tib_mounter.sys
19:52:24.0874 0x08f8  tib_mounter - ok
19:52:24.0874 0x08f8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:52:24.0894 0x08f8  TrkWks - ok
19:52:24.0904 0x08f8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:52:24.0914 0x08f8  TrustedInstaller - ok
19:52:24.0914 0x08f8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:52:24.0924 0x08f8  tssecsrv - ok
19:52:24.0924 0x08f8  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:52:24.0934 0x08f8  TsUsbFlt - ok
19:52:24.0934 0x08f8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:52:24.0934 0x08f8  TsUsbGD - ok
19:52:24.0944 0x08f8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:52:24.0954 0x08f8  tunnel - ok
19:52:24.0954 0x08f8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:52:24.0964 0x08f8  uagp35 - ok
19:52:24.0964 0x08f8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:52:24.0984 0x08f8  udfs - ok
19:52:24.0994 0x08f8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:52:24.0994 0x08f8  UI0Detect - ok
19:52:24.0994 0x08f8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:52:25.0004 0x08f8  uliagpkx - ok
19:52:25.0004 0x08f8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:52:25.0014 0x08f8  umbus - ok
19:52:25.0014 0x08f8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:52:25.0014 0x08f8  UmPass - ok
19:52:25.0024 0x08f8  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:52:25.0024 0x08f8  UmRdpService - ok
19:52:25.0034 0x08f8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:52:25.0054 0x08f8  upnphost - ok
19:52:25.0054 0x08f8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:52:25.0064 0x08f8  usbaudio - ok
19:52:25.0064 0x08f8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:52:25.0074 0x08f8  usbccgp - ok
19:52:25.0074 0x08f8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:52:25.0084 0x08f8  usbcir - ok
19:52:25.0084 0x08f8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:52:25.0084 0x08f8  usbehci - ok
19:52:25.0094 0x08f8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:52:25.0104 0x08f8  usbhub - ok
19:52:25.0104 0x08f8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:52:25.0104 0x08f8  usbohci - ok
19:52:25.0114 0x08f8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:52:25.0114 0x08f8  usbprint - ok
19:52:25.0114 0x08f8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:52:25.0124 0x08f8  USBSTOR - ok
19:52:25.0124 0x08f8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:52:25.0134 0x08f8  usbuhci - ok
19:52:25.0134 0x08f8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:52:25.0144 0x08f8  UxSms - ok
19:52:25.0154 0x08f8  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe
19:52:25.0154 0x08f8  VaultSvc - ok
19:52:25.0154 0x08f8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:52:25.0164 0x08f8  vdrvroot - ok
19:52:25.0174 0x08f8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:52:25.0194 0x08f8  vds - ok
19:52:25.0194 0x08f8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:52:25.0204 0x08f8  vga - ok
19:52:25.0204 0x08f8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:52:25.0214 0x08f8  VgaSave - ok
19:52:25.0224 0x08f8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:52:25.0224 0x08f8  vhdmp - ok
19:52:25.0234 0x08f8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:52:25.0234 0x08f8  viaide - ok
19:52:25.0234 0x08f8  [ 35E8A18D1C558D5C2FF2FFED2FD396F6, 5516AC03964DD33CF239AB3FB1D41BAB7454DB35FB38C45907614C3DB8F23391 ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
19:52:25.0244 0x08f8  vididr - ok
19:52:25.0244 0x08f8  [ 0DCD5C8F2E0B3650C4A29F6569C074FD, 8FB24D79ADE1541C5DD6241A3395EF2E6575A8376111294CD5C87ECA798EDCFD ] vidsflt         C:\Windows\system32\DRIVERS\vidsflt.sys
19:52:25.0254 0x08f8  vidsflt - ok
19:52:25.0254 0x08f8  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:52:25.0264 0x08f8  vmbus - ok
19:52:25.0264 0x08f8  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:52:25.0264 0x08f8  VMBusHID - ok
19:52:25.0274 0x08f8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:52:25.0274 0x08f8  volmgr - ok
19:52:25.0284 0x08f8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:52:25.0294 0x08f8  volmgrx - ok
19:52:25.0294 0x08f8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:52:25.0304 0x08f8  volsnap - ok
19:52:25.0304 0x08f8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:52:25.0314 0x08f8  vsmraid - ok
19:52:25.0334 0x08f8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:52:25.0364 0x08f8  VSS - ok
19:52:25.0374 0x08f8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:52:25.0374 0x08f8  vwifibus - ok
19:52:25.0384 0x08f8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:52:25.0404 0x08f8  W32Time - ok
19:52:25.0404 0x08f8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:52:25.0414 0x08f8  WacomPen - ok
19:52:25.0414 0x08f8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:52:25.0424 0x08f8  WANARP - ok
19:52:25.0434 0x08f8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:52:25.0444 0x08f8  Wanarpv6 - ok
19:52:25.0464 0x08f8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:52:25.0484 0x08f8  wbengine - ok
19:52:25.0494 0x08f8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:52:25.0504 0x08f8  WbioSrvc - ok
19:52:25.0514 0x08f8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:52:25.0524 0x08f8  wcncsvc - ok
19:52:25.0524 0x08f8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:52:25.0524 0x08f8  WcsPlugInService - ok
19:52:25.0534 0x08f8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
19:52:25.0534 0x08f8  Wd - ok
19:52:25.0544 0x08f8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:52:25.0564 0x08f8  Wdf01000 - ok
19:52:25.0564 0x08f8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:52:25.0574 0x08f8  WdiServiceHost - ok
19:52:25.0574 0x08f8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:52:25.0574 0x08f8  WdiSystemHost - ok
19:52:25.0584 0x08f8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:52:25.0594 0x08f8  WebClient - ok
19:52:25.0594 0x08f8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:52:25.0614 0x08f8  Wecsvc - ok
19:52:25.0614 0x08f8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:52:25.0634 0x08f8  wercplsupport - ok
19:52:25.0634 0x08f8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:52:25.0654 0x08f8  WerSvc - ok
19:52:25.0654 0x08f8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:52:25.0674 0x08f8  WfpLwf - ok
19:52:25.0674 0x08f8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:52:25.0674 0x08f8  WIMMount - ok
19:52:25.0674 0x08f8  WinDefend - ok
19:52:25.0684 0x08f8  WinHttpAutoProxySvc - ok
19:52:25.0684 0x08f8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:52:25.0704 0x08f8  Winmgmt - ok
19:52:25.0734 0x08f8  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
19:52:25.0764 0x08f8  WinRM - ok
19:52:25.0764 0x08f8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:52:25.0774 0x08f8  WinUsb - ok
19:52:25.0784 0x08f8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:52:25.0804 0x08f8  Wlansvc - ok
19:52:25.0804 0x08f8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:52:25.0804 0x08f8  WmiAcpi - ok
19:52:25.0814 0x08f8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:52:25.0824 0x08f8  wmiApSrv - ok
19:52:25.0824 0x08f8  WMPNetworkSvc - ok
19:52:25.0824 0x08f8  [ 495284CF894336E9512ED7C9ACB3548E, 55D05E94B96F67C50662C4695267CB18994112D086CAED2E493469C7F133F2BE ] WOTUpdater      C:\Users\Agando\AppData\LocalLow\WOT\IE\WOTUpdater.exe
19:52:25.0824 0x08f8  WOTUpdater - detected UnsignedFile.Multi.Generic ( 1 )
19:52:28.0114 0x08f8  Detect skipped due to KSN trusted
19:52:28.0114 0x08f8  WOTUpdater - ok
19:52:28.0114 0x08f8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:52:28.0124 0x08f8  WPCSvc - ok
19:52:28.0124 0x08f8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:52:28.0134 0x08f8  WPDBusEnum - ok
19:52:28.0134 0x08f8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:52:28.0144 0x08f8  ws2ifsl - ok
19:52:28.0154 0x08f8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
19:52:28.0164 0x08f8  wscsvc - ok
19:52:28.0164 0x08f8  WSearch - ok
19:52:28.0194 0x08f8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:52:28.0224 0x08f8  wuauserv - ok
19:52:28.0234 0x08f8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:52:28.0234 0x08f8  WudfPf - ok
19:52:28.0244 0x08f8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:52:28.0244 0x08f8  WUDFRd - ok
19:52:28.0254 0x08f8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:52:28.0254 0x08f8  wudfsvc - ok
19:52:28.0264 0x08f8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:52:28.0264 0x08f8  WwanSvc - ok
19:52:28.0274 0x08f8  ================ Scan global ===============================
19:52:28.0274 0x08f8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:52:28.0274 0x08f8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:52:28.0284 0x08f8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:52:28.0284 0x08f8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:52:28.0294 0x08f8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:52:28.0294 0x08f8  [ Global ] - ok
19:52:28.0294 0x08f8  ================ Scan MBR ==================================
19:52:28.0294 0x08f8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:52:28.0314 0x08f8  \Device\Harddisk0\DR0 - ok
19:52:28.0314 0x08f8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:52:28.0414 0x08f8  \Device\Harddisk1\DR1 - ok
19:52:28.0904 0x08f8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
19:52:28.0974 0x08f8  \Device\Harddisk3\DR3 - ok
19:52:28.0974 0x08f8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk4\DR4
19:52:29.0024 0x08f8  \Device\Harddisk4\DR4 - ok
19:52:29.0024 0x08f8  ================ Scan VBR ==================================
19:52:29.0024 0x08f8  [ 7509BD5C665D7981167815A342391EDF ] \Device\Harddisk0\DR0\Partition1
19:52:29.0024 0x08f8  \Device\Harddisk0\DR0\Partition1 - ok
19:52:29.0034 0x08f8  [ 964019B7D3108E25BD902BE1B6BBD6D8 ] \Device\Harddisk0\DR0\Partition2
19:52:29.0034 0x08f8  \Device\Harddisk0\DR0\Partition2 - ok
19:52:29.0034 0x08f8  [ 81E5354F649DC70BE9DB35A9C5EC164C ] \Device\Harddisk0\DR0\Partition3
19:52:29.0034 0x08f8  \Device\Harddisk0\DR0\Partition3 - ok
19:52:29.0034 0x08f8  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
19:52:29.0034 0x08f8  \Device\Harddisk1\DR1\Partition1 - ok
19:52:29.0034 0x08f8  [ EBEB15DA00B7FD4E600AA844D4B7E2C4 ] \Device\Harddisk1\DR1\Partition2
19:52:29.0084 0x08f8  \Device\Harddisk1\DR1\Partition2 - ok
19:52:29.0084 0x08f8  [ 289D7F698F56A83313166ECECDA68F4E ] \Device\Harddisk1\DR1\Partition3
19:52:29.0144 0x08f8  \Device\Harddisk1\DR1\Partition3 - ok
19:52:29.0144 0x08f8  [ 23A587C2FE43CCFB0DD168586402CD8D ] \Device\Harddisk1\DR1\Partition4
19:52:29.0214 0x08f8  \Device\Harddisk1\DR1\Partition4 - ok
19:52:29.0214 0x08f8  [ 5E37E7B23B37B8F3E93486ABCCAB13A2 ] \Device\Harddisk1\DR1\Partition5
19:52:29.0254 0x08f8  \Device\Harddisk1\DR1\Partition5 - ok
19:52:29.0254 0x08f8  [ DF17208EB86D24E1F9C7DE26D28A5992 ] \Device\Harddisk1\DR1\Partition6
19:52:29.0294 0x08f8  \Device\Harddisk1\DR1\Partition6 - ok
19:52:29.0294 0x08f8  [ 885ACCA4165577131975A3050F91B3F8 ] \Device\Harddisk3\DR3\Partition1
19:52:29.0364 0x08f8  \Device\Harddisk3\DR3\Partition1 - ok
19:52:29.0364 0x08f8  [ D2384F754EA6FC338EF9075C3BA23026 ] \Device\Harddisk4\DR4\Partition1
19:52:29.0384 0x08f8  \Device\Harddisk4\DR4\Partition1 - ok
19:52:29.0384 0x08f8  ================ Scan generic autorun ======================
19:52:29.0474 0x08f8  [ A433600D55D6C7E165954009FA0149E0, DCEE341BF3AC501E150D64C9BF7FA697939D03480DF7A14BA28ACCB17F638D1C ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
19:52:29.0564 0x08f8  RTHDVCPL - ok
19:52:29.0574 0x08f8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\RunDLL32.exe
19:52:29.0584 0x08f8  MBCfg64 - ok
19:52:29.0614 0x08f8  [ 05470C684B62C2F86325D8685E4513CB, EDE70A162AFA104D774AE1D8D3A077F2C12940851EC5BA785242F4032EEA902E ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
19:52:29.0644 0x08f8  NvBackend - ok
19:52:29.0644 0x08f8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
19:52:29.0654 0x08f8  ShadowPlay - ok
19:52:29.0724 0x08f8  [ 920D0E9C8DD3879B45A547C9081E425B, FD7C4443B8D085526221F93581F0CDFCB0A9D886EB7A0FF01054DD4EC9E4EEA5 ] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
19:52:29.0794 0x08f8  ISCT Tray - ok
19:52:29.0804 0x08f8  [ F9C48B76DA59CF5FF2ED937B62F5ED39, BABC2638F6C92947C79C918DFD3E605B196672B23745226DFA64F68867B7C257 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
19:52:29.0814 0x08f8  AdobeAAMUpdater-1.0 - ok
19:52:29.0824 0x08f8  [ A0B996A6D4F7502EC6A9AADFB87FDA25, 2A79F03DECCC5C11E5B14109F5FBD790A4E005A45C71766E3C85BF14699F034C ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
19:52:29.0834 0x08f8  Acronis Scheduler2 Service - ok
19:52:29.0834 0x08f8  [ 690EB331346D7ADFDA18E50042DEA4B4, 0C219D7A5FCD4E0252C815373E67F843DBD7356FAE7AB836C451068B51438FE7 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
19:52:29.0834 0x08f8  Classic Start Menu - detected UnsignedFile.Multi.Generic ( 1 )
19:52:32.0134 0x08f8  Detect skipped due to KSN trusted
19:52:32.0134 0x08f8  Classic Start Menu - ok
19:52:32.0154 0x08f8  [ CF7604160B828C019C287B61CA6FA4BB, 8BA5AF5D47567539A00CF1D38131D31DFD045EC2ACD50B771BFB82D09ACF2D8C ] C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
19:52:32.0174 0x08f8  Sound Blaster Cinema 2 - detected UnsignedFile.Multi.Generic ( 1 )
19:52:42.0174 0x08f8  Sound Blaster Cinema 2 ( UnsignedFile.Multi.Generic ) - warning
19:52:42.0174 0x08f8  Force sending object to P2P due to detect: C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
19:52:47.0234 0x08f8  Object send P2P result: true
19:52:49.0564 0x08f8  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
19:52:49.0564 0x08f8  UpdReg - detected UnsignedFile.Multi.Generic ( 1 )
19:52:51.0854 0x08f8  Detect skipped due to KSN trusted
19:52:51.0854 0x08f8  UpdReg - ok
19:52:51.0854 0x08f8  [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
19:52:51.0864 0x08f8  USB3MON - ok
19:52:51.0864 0x08f8  [ 5D666FC778E7754CC7103402D814809B, 7E9B205B74440D455155014EE8D6FD0D1C647B016D72A28F16709F50BC005D3F ] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
19:52:51.0874 0x08f8  ControlCenter4 - detected UnsignedFile.Multi.Generic ( 1 )
19:52:54.0174 0x08f8  Detect skipped due to KSN trusted
19:52:54.0174 0x08f8  ControlCenter4 - ok
19:52:54.0214 0x08f8  [ 63E9C23A386FFFA84B5E03BFF9B628F0, A370962791EFC4B10548AAD31F89A2B288FBD5BDBF5749323C2D98C14DFB8B49 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
19:52:54.0254 0x08f8  BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
19:52:56.0544 0x08f8  Detect skipped due to KSN trusted
19:52:56.0544 0x08f8  BrStsMon00 - ok
19:52:56.0554 0x08f8  [ 15D2DB9BFA8E833ED31FAB2BB088FDDA, 6198C0A5DA01DA146A9A054C3C882A1DBF9BA84466EBFDDA1C1062EF36F9B34B ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
19:52:56.0564 0x08f8  AVP - ok
19:52:56.0654 0x08f8  [ B8434467D90B65E5A2D697C7FF511802, A0F5D234A1CA1384160FB63AF40B169B4649DF7D77534DE1B16E1063EC922A87 ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
19:52:56.0754 0x08f8  TrueImageMonitor.exe - ok
19:52:56.0764 0x08f8  [ 5FF9A79628D4A0BA3DCD6CF5EC8FD3BF, 9818AAF8F1F1C0CBD8B89352DBAF1ADBEA1F19928543517EB6473C112E95A38D ] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
19:52:56.0784 0x08f8  AcronisTibMounterMonitor - ok
19:52:56.0794 0x08f8  [ B77081F8221968C7DAB794B0BA55C43E, 75C2B7FB65958BC1A02F959ED91AC0A7168DAC4FDC365293BA98C55FC2572735 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:52:56.0794 0x08f8  SunJavaUpdateSched - ok
19:52:56.0814 0x08f8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:52:56.0834 0x08f8  Sidebar - ok
19:52:56.0834 0x08f8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:52:56.0844 0x08f8  mctadmin - ok
19:52:56.0854 0x08f8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:52:56.0874 0x08f8  Sidebar - ok
19:52:56.0874 0x08f8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:52:56.0884 0x08f8  mctadmin - ok
19:52:56.0884 0x08f8  [ FDB4F88B9B1CD409E1DC06AD68BEA2B8, B031473D2B11C00FB9464D0A518DF30BB01EF7A157AE7994C2FDEF1DF6F0C097 ] C:\Users\Agando\AppData\Roaming\SSync\SSync.exe
19:52:56.0884 0x08f8  SSync - detected UnsignedFile.Multi.Generic ( 1 )
19:52:59.0174 0x08f8  Detect skipped due to KSN trusted
19:52:59.0174 0x08f8  SSync - ok
19:52:59.0254 0x08f8  [ 2E8EAB89DB3F6C0A15C07627B6ED9BCC, D146DC20A37AC34A957B000B106164278C67BCCA2B717A5E317670556FCCE9C0 ] C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe
19:52:59.0324 0x08f8  Amazon Music - ok
19:52:59.0334 0x08f8  Skype - ok
19:52:59.0424 0x08f8  [ 882ED2B0D5E9587A3752DA68BEB86FB9, 79AAA39FBD944BCA9439A6FDC157561194C21DA85DBEF55268D0516BDA066BB3 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
19:52:59.0514 0x08f8  SUPERAntiSpyware - ok
19:52:59.0554 0x08f8  [ 7E6B4AD487ED241D8224108E8E86A351, 8246F75DF64BBCC35CDC8DFF2F5157AD9523179344AC0517D42BAC99F2E87E8D ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe
19:52:59.0564 0x08f8  FlashPlayerUpdate - ok
19:52:59.0564 0x08f8  Waiting for KSN requests completion. In queue: 10
19:53:00.0564 0x08f8  Waiting for KSN requests completion. In queue: 10
19:53:01.0564 0x08f8  Waiting for KSN requests completion. In queue: 10
19:53:02.0564 0x08f8  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmiav.exe ( 13.0.1.4190 ), 0x41000 ( enabled : updated )
19:53:02.0564 0x08f8  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmifw.exe ( 13.0.1.4190 ), 0x41010 ( enabled )
19:53:04.0884 0x08f8  ============================================================
19:53:04.0884 0x08f8  Scan finished
19:53:04.0884 0x08f8  ============================================================
19:53:04.0884 0x04dc  Detected object count: 2
19:53:04.0884 0x04dc  Actual detected object count: 2
19:53:15.0654 0x04dc  Qualcomm Atheros Killer Service V2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:15.0654 0x04dc  Qualcomm Atheros Killer Service V2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:53:15.0654 0x04dc  Sound Blaster Cinema 2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:15.0654 0x04dc  Sound Blaster Cinema 2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

schrauber · 16.05.2015, 13:24

sieht doch alles gut aus

torstendlp · 16.05.2015, 13:33

Zitat:

Zitat von schrauber

sieht doch alles gut aus

Freut mich! Zumindest weiß ich jetzt, dass mein Rechner wirklich sauber ist! Ist auch schon mal sehr erfreulich!
Vielen Dank!

Aber hat dann noch irgendwer eine Idee, woran es liegen könnte, dass ich seit ca. 4 Wochen keinerlei Windows Updates mehr machen kann?

Alle Schritte, die ich irgendwo außerhalb von Rootkit-Scans gefunden habe, waren erfolglos

schrauber · 17.05.2015, 07:35

Was kommt denn genau an Fehlercode?

torstendlp · 17.05.2015, 13:25

Hi!

Der Fehler-Code ist 80070308.
Alle Schritte, die ich im Web zur Behebung dazu gefunden habe, wie z.B. auch

Zitat:

1. Geh auf Start und gib im unteren Textfeld Regedit ein und klick dann auf das Suchergebnis (regedit) mit rechter Maustaste und wähle Als Administrator ausführen
2. Öffne dann den Registryschlüssel HKEY_LOCAL_MACHINE\Components
3. Lösch dann im rechten Fenster den Schlüssel REG_DWORD "pendingrequired"

habe ich schon versucht und auch so ziemlich alles, was ich generell dazu gefunden habe, dass Updates (mit beliebigen Fehlercodes nicht mehr gehen).

Nur ein Inplace Upgrade steht noch aus, weil ich nur eine Recovery-DVD habe und die dazu wohl nicht geeignet ist, wenn ich es richtig verstanden habe.

schrauber · 18.05.2015, 08:27

Mit der Recovery geht das nicht, korrekt. Aber ein Windows ISO könntest Du laden, Key hast Du ja von deinem Windows.

Hast Du auch schon den Lösungsvorschlag mit dem Löschen des Distribution Ordners gemacht??

torstendlp · 18.05.2015, 12:32

Hi Schrauber,

ja, C:\Windows\SoftwareDistribution habe ich schon gelöscht und auch einen, dessen Name mir gerade nicht mehr einfällt (Txa oder Txr oder so?), leider auch ohne Erfolg - wie so viele andere Versuche.

Aber auf die Idee, mir ein Image zu ziehen und damit ein InPlace Upgrade zu machen, bin ich noch nicht gekommen - vohrer muß ich, glaube ich, SP1 deinstallieren, aber das sollte ja kein Problem sein. Danke für den Tipp!

Ich denke, wohl oder übel werde ich es damit mal machen müssen - denn ich will hier ja auch nicht zu viel Eurer bzw. vor allem Deiner Zeit und Nerven beanspruchen um einen "leichteren" Lösungsweg zu finden.

Herzlichen Dank nochmals und viele Grüße,

Torsten

schrauber · 19.05.2015, 07:10

Brauchste nit, Image enthält SP1

16.05.2015, 13:24	#6
schrauber /// the machine /// TB-Ausbilder	GMER Logfile - bitte um Analyse sieht doch alles gut aus __________________ --> GMER Logfile - bitte um Analyse

17.05.2015, 07:35	#8
schrauber /// the machine /// TB-Ausbilder	GMER Logfile - bitte um Analyse Was kommt denn genau an Fehlercode? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

19.05.2015, 07:10	#12
schrauber /// the machine /// TB-Ausbilder	GMER Logfile - bitte um Analyse Brauchste nit, Image enthält SP1 __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

GMER Logfile - bitte um Analyse

Log-Analyse und Auswertung: GMER Logfile - bitte um Analyse