Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.11.2014, 19:11   #1
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Wer kann helfen?
Seit gestern dem 13.11.14 (da wurde auch das Avast Virendatenbank Update veöffentlicht)
habe ich von Avast eine Meldung welche C:\Windows\SysWOW64\FirewallAPI.dll mit einem "Win32:Evo-gen[Susp]". Zuerst wurde der Prozess in Verbindung mit Steam gemeldet, nun kurz nach starten von Tuneup auch dieses, wobei ich bemerkt habe dass die Meldung von Avast immer bei starten von Steam und TuneUp erscheint.
Ort bleibt aber immer der selbe, nur der Prozess ändert sich. Wenn ich die gezielt die FirewallAPI Dateien (darunter auch .dll) überprüfen lasse, lässt sich nichts finden. Lasse gerade den Antivirus die Festplatte durchsuchen.
Wenn ich gezielt den Ordnen "SysWOW64" durchsuchen lasse wird kein Virus gefunden.

Ich hab auch die gemeldete "FirawallAPI.dll" mal mithilfe von virustotal überprüfen lassen. 13 rot / 43 grün
10 von den Programmen die es bösartig sehen sind:
Ad-Aware
BitDefender
Emsisoft
F-Secure
GData
McAfee
McAfee-GW-Edition
MicroWorld-eScan
Symantec
nProtect

Inzwischen habe ich auch schon Adwcleaner, CCleaner und RogueKiller zur säuberung verwendet, da ich mir gesagt wurde dass diese Programm sehr zu empfehlen sind.

Logs folgen separat

OTL.txt (mit 64bit Scan)

Code:
ATTFilter
OTL logfile created on: 14.11.2014 00:39:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RedMax\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
15,95 Gb Total Physical Memory | 11,50 Gb Available Physical Memory | 72,09% Memory free
31,89 Gb Paging File | 27,75 Gb Available in Paging File | 87,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 64,98 Gb Free Space | 33,28% Space Free | Partition Type: NTFS
Drive D: | 905,41 Gb Total Space | 396,29 Gb Free Space | 43,77% Space Free | Partition Type: NTFS
Drive E: | 736,20 Gb Total Space | 57,07 Gb Free Space | 7,75% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 442,05 Gb Free Space | 47,46% Space Free | Partition Type: NTFS
 
Computer Name: REDMAX | User Name: RedMax | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.11.14 00:26:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RedMax\Downloads\OTL.exe
PRC - [2014.11.12 18:42:06 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
PRC - [2014.11.12 02:04:36 | 001,519,808 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014.11.12 02:04:34 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014.11.12 02:04:32 | 001,940,160 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe
PRC - [2014.11.10 23:18:33 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.11.06 18:08:04 | 002,464,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.11.06 18:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.11.03 21:25:06 | 000,410,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014.09.16 13:07:00 | 000,525,448 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2014.09.16 13:06:56 | 003,696,248 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.07.31 22:43:08 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.07.22 22:43:03 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.07.02 22:58:08 | 000,664,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2014.05.18 22:00:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.03 14:49:32 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012.09.12 23:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012.03.26 18:14:26 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.02.01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.01.23 17:19:32 | 001,858,048 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.11.12 18:42:05 | 016,840,880 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
MOD - [2014.11.12 02:04:54 | 002,227,904 | ---- | M] () -- E:\Program Files (x86)\Steam\video.dll
MOD - [2014.11.12 02:04:34 | 000,690,880 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014.11.11 19:48:12 | 001,171,456 | ---- | M] () -- E:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014.11.11 19:48:12 | 000,485,888 | ---- | M] () -- E:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014.11.11 19:48:12 | 000,442,368 | ---- | M] () -- E:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014.11.11 19:48:12 | 000,403,968 | ---- | M] () -- E:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014.11.11 19:48:12 | 000,332,800 | ---- | M] () -- E:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014.11.11 19:48:04 | 034,589,888 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014.11.11 19:48:02 | 000,837,824 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
MOD - [2014.11.11 19:47:56 | 000,774,656 | ---- | M] () -- E:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014.11.10 23:18:32 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.07.22 22:43:03 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.07.22 22:43:03 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014.01.14 21:30:03 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cbbd3d2335c2d89b7ee5d035651bd80\IAStorUtil.ni.dll
MOD - [2014.01.14 21:30:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d68502fe60d7ada68627a895282ef58d\IAStorCommon.ni.dll
MOD - [2012.12.10 02:38:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012.12.10 02:37:48 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012.12.10 02:37:38 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012.12.10 02:37:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012.12.10 02:37:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012.12.10 02:37:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012.12.10 02:37:28 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012.12.10 02:37:22 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012.09.12 23:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2012.09.12 23:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2012.09.12 23:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2012.09.12 23:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2012.09.12 23:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009.06.10 13:41:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 13:41:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.11.06 18:07:54 | 001,148,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014.11.06 18:07:49 | 019,819,848 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014.07.22 22:43:03 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012.12.11 13:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2012.07.27 02:30:58 | 000,170,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2012.01.23 15:30:22 | 000,233,328 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.11.12 18:42:06 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.11.12 02:04:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.11.10 23:18:32 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.11.09 18:53:57 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- E:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014.11.06 18:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.11.03 21:25:06 | 000,410,952 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.08.27 10:25:42 | 000,441,176 | ---- | M] (Garmin Ltd or its subsidiaries) [On_Demand | Stopped] -- D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014.07.21 17:08:40 | 002,544,976 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014.05.18 22:00:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.12.18 10:01:06 | 002,103,096 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.12.17 11:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013.12.09 12:08:00 | 000,096,184 | ---- | M] (Overwolf) [Disabled | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2013.10.23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.08.13 08:44:22 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.12.03 14:49:32 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012.11.09 04:08:00 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.01.23 17:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.17 23:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 23:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.11.06 18:07:49 | 000,019,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014.10.03 20:23:02 | 000,038,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014.09.17 05:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014.07.22 22:43:10 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014.07.22 22:43:05 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014.07.22 22:43:05 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014.07.22 22:43:05 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014.07.22 22:43:05 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014.07.22 22:43:05 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014.07.22 22:43:05 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014.07.22 22:43:04 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014.06.16 07:01:38 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.06.16 07:01:38 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014.03.03 00:24:27 | 000,451,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2014.02.18 01:14:23 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2014.02.18 01:14:23 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013.08.27 16:25:57 | 000,031,136 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2013.05.30 17:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013.04.03 08:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013.04.03 08:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013.04.03 08:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.12.26 00:51:07 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2012.12.03 16:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.12.03 16:36:34 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.11.15 09:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.09.28 09:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.21 20:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012.09.21 20:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.09.21 20:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.08.11 06:44:16 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012.03.26 18:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.26 18:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.26 18:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.01.06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.07.01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.17 18:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2013.12.16 14:34:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.01.29 10:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- d:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 32 EC 28 7B 76 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: d:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RedMax\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.07.22 22:43:05 | 000,000,000 | ---D | M]
 
[2014.04.28 12:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedMax\AppData\Roaming\mozilla\Extensions
[2014.11.14 00:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedMax\AppData\Roaming\mozilla\Firefox\Profiles\mcwo6oe9.default\extensions
[2014.11.12 17:33:18 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\RedMax\AppData\Roaming\mozilla\firefox\profiles\mcwo6oe9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.06.25 20:52:16 | 000,002,823 | ---- | M] () -- C:\Users\RedMax\AppData\Roaming\mozilla\firefox\profiles\mcwo6oe9.default\searchplugins\Google.xml
[2014.11.10 23:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.11.10 23:18:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\REDMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MCWO6OE9.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
 
O1 HOSTS File: ([2014.09.08 20:14:59 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204681AE-AABB-4258-BADD-303F0EAF22C9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\consumer_cpl.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\express.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\hamachi-2-ui.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\overwolflauncher.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\owuninstaller.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\prefutil.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\consumer_cpl.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\express.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\hamachi-2-ui.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\overwolflauncher.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\owuninstaller.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\prefutil.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fc73d018-4263-11e2-b163-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fc73d018-4263-11e2-b163-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.11.14 00:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014.11.13 23:18:02 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.13 23:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.11.13 23:17:17 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.11.13 23:17:17 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.11.13 23:17:17 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.11.13 23:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.11.13 23:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.11.13 22:31:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.11.11 15:36:42 | 000,038,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014.11.11 15:36:42 | 000,032,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014.11.10 23:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.11.10 17:27:25 | 000,615,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014.11.10 17:25:49 | 031,891,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014.11.10 17:25:49 | 024,555,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014.11.10 17:25:49 | 020,923,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014.11.10 17:25:49 | 018,514,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014.11.10 17:25:49 | 017,259,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014.11.10 17:25:49 | 014,031,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014.11.10 17:25:49 | 013,943,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014.11.10 17:25:49 | 011,397,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014.11.10 17:25:49 | 011,335,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014.11.10 17:25:49 | 004,289,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014.11.10 17:25:49 | 004,009,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014.11.10 17:25:49 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434465.dll
[2014.11.10 17:25:49 | 001,539,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434465.dll
[2014.11.10 17:25:49 | 000,962,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014.11.10 17:25:49 | 000,934,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014.11.10 17:25:49 | 000,922,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014.11.10 17:25:49 | 000,898,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014.11.10 17:25:49 | 000,870,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014.11.10 17:25:49 | 000,501,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014.11.10 17:25:49 | 000,417,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014.11.10 17:25:49 | 000,391,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014.11.10 17:25:49 | 000,352,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014.11.10 17:25:49 | 000,349,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014.11.10 17:25:49 | 000,303,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014.11.10 17:25:49 | 000,174,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014.11.10 17:25:49 | 000,156,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014.11.05 14:22:59 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434460.dll
[2014.11.05 14:22:59 | 001,539,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434460.dll
[2014.11.03 00:39:37 | 000,000,000 | ---D | C] -- C:\Users\RedMax\AppData\Roaming\.technic
[2014.11.01 19:55:13 | 000,000,000 | ---D | C] -- C:\Users\RedMax\AppData\Roaming\Cubic
[2014.11.01 16:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2014.11.01 16:37:37 | 000,000,000 | ---D | C] -- C:\Users\RedMax\AppData\Local\CSO
[2014.10.30 19:52:59 | 000,000,000 | ---D | C] -- C:\Users\RedMax\Documents\GHOSTBUSTERS (tm)
[2014.10.30 19:52:59 | 000,000,000 | ---D | C] -- C:\Users\RedMax\AppData\Local\GHOSTBUSTERS (tm)
[2014.10.29 17:55:19 | 000,000,000 | ---D | C] -- C:\Users\RedMax\Documents\wmd_symbol_cache
[2014.10.29 17:55:19 | 000,000,000 | ---D | C] -- C:\Users\RedMax\Documents\CARS
[2014.10.29 11:04:33 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434448.dll
[2014.10.29 11:04:33 | 001,539,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434448.dll
[2014.10.21 14:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014.10.21 14:33:26 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014.10.21 14:33:23 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014.10.21 14:33:23 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014.10.21 14:33:23 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.10.21 14:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014.10.20 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\RedMax\Documents\Assetto Corsa
[2014.10.16 21:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.11.14 00:03:08 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014.11.13 23:53:44 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.11.13 23:53:44 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.11.13 23:50:06 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.13 23:48:37 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2014.11.13 23:48:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.11.13 23:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.11.13 23:17:20 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.11.13 18:07:54 | 000,170,262 | ---- | M] () -- C:\Users\RedMax\Documents\cc_20141113_180740.reg
[2014.11.13 18:05:11 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.11.12 18:42:06 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.11.12 18:42:06 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.11.11 00:45:49 | 000,001,714 | ---- | M] () -- C:\Users\RedMax\Desktop\eurotrucks2.xml
[2014.11.08 08:44:35 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.11.08 08:44:35 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.11.08 08:44:35 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.11.08 08:44:35 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.11.08 08:44:35 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.11.06 18:06:52 | 002,197,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014.11.06 18:06:52 | 001,291,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014.11.06 18:06:33 | 002,800,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014.11.06 18:06:33 | 001,715,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014.11.04 01:04:30 | 031,891,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014.11.04 01:04:30 | 024,555,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014.11.04 01:04:30 | 020,985,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014.11.04 01:04:30 | 020,923,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014.11.04 01:04:30 | 019,966,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014.11.04 01:04:30 | 018,514,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014.11.04 01:04:30 | 017,259,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014.11.04 01:04:30 | 016,884,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014.11.04 01:04:30 | 014,031,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014.11.04 01:04:30 | 013,943,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014.11.04 01:04:30 | 011,397,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014.11.04 01:04:30 | 011,335,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014.11.04 01:04:30 | 004,289,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014.11.04 01:04:30 | 004,009,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014.11.04 01:04:30 | 003,238,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014.11.04 01:04:30 | 002,849,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014.11.04 01:04:30 | 001,876,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434465.dll
[2014.11.04 01:04:30 | 001,539,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434465.dll
[2014.11.04 01:04:30 | 000,987,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2014.11.04 01:04:30 | 000,962,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014.11.04 01:04:30 | 000,934,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014.11.04 01:04:30 | 000,922,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014.11.04 01:04:30 | 000,898,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014.11.04 01:04:30 | 000,870,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014.11.04 01:04:30 | 000,501,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014.11.04 01:04:30 | 000,417,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014.11.04 01:04:30 | 000,391,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014.11.04 01:04:30 | 000,352,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014.11.04 01:04:30 | 000,349,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014.11.04 01:04:30 | 000,303,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014.11.04 01:04:30 | 000,174,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014.11.04 01:04:30 | 000,156,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014.11.04 01:04:30 | 000,073,872 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014.11.04 01:04:30 | 000,059,592 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014.11.04 01:04:30 | 000,027,094 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014.11.03 23:02:42 | 006,882,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014.11.03 23:02:41 | 003,531,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014.11.03 23:02:38 | 002,558,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2014.11.03 23:02:38 | 000,385,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014.11.03 23:02:38 | 000,061,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014.11.03 21:25:08 | 000,615,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014.11.03 12:58:36 | 004,099,264 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2014.10.30 05:53:26 | 001,876,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434460.dll
[2014.10.30 05:53:26 | 001,539,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434460.dll
[2014.10.29 11:08:30 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.10.21 14:33:21 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.10.21 14:33:20 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014.10.21 14:33:20 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014.10.21 14:33:20 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014.10.16 21:18:22 | 000,002,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
[2014.10.16 17:54:03 | 001,876,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434448.dll
[2014.10.16 17:54:03 | 001,539,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434448.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.11.14 00:03:08 | 000,037,624 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014.11.13 23:48:37 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2014.11.13 23:17:20 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.11.13 18:07:43 | 000,170,262 | ---- | C] () -- C:\Users\RedMax\Documents\cc_20141113_180740.reg
[2014.11.13 15:17:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2014.10.16 21:18:22 | 000,002,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
[2014.08.21 00:37:54 | 000,641,024 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll
[2014.08.18 01:37:22 | 000,000,132 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014.08.17 20:51:57 | 000,004,608 | ---- | C] () -- C:\Users\RedMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.06.14 23:21:20 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2014.06.13 16:18:08 | 000,012,005 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\alsoft.ini
[2014.06.04 19:21:13 | 000,000,098 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\LauncherSettings_live.cfg
[2014.06.04 19:09:22 | 000,000,041 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\TheHunterSettings_steam_live.cfg
[2014.05.18 22:00:13 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.05.18 22:00:13 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.04.17 07:15:39 | 000,000,051 | ---- | C] () -- C:\Windows\whoami.ini
[2014.02.20 17:14:02 | 000,179,377 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2014.01.08 13:39:44 | 000,010,302 | ---- | C] () -- C:\Users\RedMax\AppData\Local\recently-used.xbel
[2013.10.15 00:08:33 | 000,005,056 | ---- | C] () -- C:\ProgramData\lbzhlueq.mtr
[2013.09.08 02:44:59 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.09.08 02:44:41 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.09.08 02:44:41 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.06.24 18:49:41 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.06.24 18:49:40 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.06.03 11:26:18 | 001,065,984 | ---- | C] () -- C:\Users\RedMax\AppData\Local\file__0.localstorage
[2013.04.18 23:34:24 | 2075,344,036 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\.minecraft3.rar
[2013.04.18 23:34:24 | 1859,886,300 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\.minecraft2.rar
[2013.04.18 23:34:24 | 1409,226,674 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\.minecraft.rar
[2013.04.07 12:07:26 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013.02.06 16:48:56 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013.02.06 16:48:56 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013.02.06 16:48:56 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013.02.06 16:48:56 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013.02.06 16:48:56 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013.02.06 16:48:56 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013.02.06 16:48:56 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013.02.06 16:48:56 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013.02.06 16:48:56 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013.02.06 16:48:56 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013.02.06 16:48:56 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013.02.06 16:48:56 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013.02.06 16:48:56 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013.02.06 16:48:56 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013.02.06 16:48:56 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013.02.06 16:48:56 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013.02.06 16:48:56 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013.02.06 16:48:56 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013.02.06 16:48:56 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.12.23 23:55:08 | 000,000,017 | ---- | C] () -- C:\Users\RedMax\AppData\Local\resmon.resmoncfg
[2012.12.23 21:11:54 | 000,062,232 | R--- | C] () -- C:\Windows\SysWow64\GameuxInstallHelper.dll
[2012.12.11 09:14:50 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.12.10 18:44:27 | 000,065,089 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.12.10 18:43:24 | 000,050,910 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.12.10 02:09:10 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.10 01:59:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.20 05:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:842730FD3E4241FA

< End of report >
         
inzwischen kann ich die Datei "FirewallAPI.dll" nicht mehr bei VirusTotal hochladen da sich genau dann Avast meldet und es vom Browser heißt dass diese Datei einen Virus hat und somit nicht hochladen lässt.

Da ich Nachtdienst habe werd ich also eher zur Mittagszeit am PC Arbeiten können, aber ich werd jetzt mal hinlegen da ich dann heute dann meinen Sohn in den Kindergarten bringen und dann am PC arbeiten werde, Nachts fängt dann mein erster Dienst dieser Woche an.

Bin so Dankbar wenn man diese Fehlermeldung los werden könnte.

Um das ganze mal in Ruhe zu erklären:

Avast Meldet die C:\Windows\SysWOW64\FirewallAPI.dll mit einem "Win32:Evo-gen[Susp]".
Die Meldung kommt aber erst (wenn ich mich nicht irre) seit gestern nachmittag, also in etwas seit dem veröffentlichtem Virendatenbank-Update.

Die Meldungen kommen dann in Verbindung mit einem Prozess wenn:

Steam Service- Steam ein Update bezieht (darunter Spieleupdates)

Firefox.exe- Ich versuche bei VirusTotal.com eine Datei zum hochladen auswählen möchte

Integrator.exe- TuneUp starte und auch eines der Programme von TuneUp ausführe

wmplayer.exe- ist bis jetzt vielleicht 2 mal vorgekommen beim abspielen eines Clips mit Windows Media Player.

Desweiteren meldet TuneUp dass ich keine Firewall aktiviert habe obwohl ich schon in den Optionen der Windows Firewall nochmal nachgesehen habe ob diese das Aktiv ist (weiß jetzt nicht wem ich von beiden mehr trauen kann).

Grundsätzlich denke ich mal kommen die Meldungen in Verbindung mit der FirewallAPI.dll wenn ein Programm eine Internetverbindung aufbaut um Updates abzufragen.

Ich hatte auch schon gelesen dass es einige False-Positiv durch Avast gibt und "[susp]" als "vermutlich" bezeichnet wird da Avast nicht sicher sagen kann um was es sich handelt.

Ich möchte nur beruhigt sein können und wissen was da gerade auf meiner Kiste abgeht, wie man das beheben kann und/oder es siche um eine Fehlmeldung handelt.

Konnte hoffentlich mit den Infos vorerst ausreichend dienen.

Ich hab die nächsten Nächte Dienst (heute auch), kann also leider Abends nicht am PC arbeiten.

Danke im vorhinein für kommende Hilfe.

Alt 14.11.2014, 19:53   #2
M-K-D-B
/// TB-Ausbilder
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST ausführen:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 15.11.2014, 07:29   #3
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Also gerade hab ich den PC aufgedreht und da gestern wieder ein Virendatenbank Updated von Avast veröffentlich wurde, meldete er wie bisher die FirewallAPI.dll wobei aber diesmal gebeten wurde den PC neu zu starten um einen Scan (glaub nennt man Bootscan) durchzuführen. Wobei aber nicht wie bislang das gezielte untersuchen der FirewallAPI.dll negativ sonder diesmal positiv ausfiel und er versuchte die Datei zu korrigieren, was aber leider nicht funktionierte. So hab mal einen Scan mit FRST64 machen lassen.

FRST Logfile:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by RedMax (administrator) on REDMAX on 15-11-2014 08:22:58
Running from C:\Users\RedMax\Downloads
Loaded Profile: RedMax (Available profiles: RedMax)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Logitech, Inc.) C:\Users\RedMax\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LU_1\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LU_1\LogitechUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6470760 2012-05-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1175656 2012-05-11] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKU\S-1-5-21-3268893772-689285336-3042597260-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-12] (Valve Corporation)
HKU\S-1-5-21-3268893772-689285336-3042597260-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-3268893772-689285336-3042597260-1000\...\MountPoints2: {fc73d018-4263-11e2-b163-806e6f6e6963} - F:\.\Bin\ASSETUP.exe
IFEO\consumer_cpl.exe: [Debugger] "D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE"
IFEO\express.exe: [Debugger] "D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE"
IFEO\hamachi-2-ui.exe: [Debugger] "D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE"
IFEO\overwolflauncher.exe: [Debugger] "D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE"
IFEO\owuninstaller.exe: [Debugger] "D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE"
IFEO\prefutil.exe: [Debugger] "D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE"
IFEO\teamviewer.exe: [Debugger] "D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3132EC287B76CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\RedMax\AppData\Roaming\Mozilla\Firefox\Profiles\mcwo6oe9.default
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> d:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3268893772-689285336-3042597260-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\RedMax\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3268893772-689285336-3042597260-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3268893772-689285336-3042597260-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKU\S-1-5-21-3268893772-689285336-3042597260-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF user.js: detected! => C:\Users\RedMax\AppData\Roaming\Mozilla\Firefox\Profiles\mcwo6oe9.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\RedMax\AppData\Roaming\Mozilla\Firefox\Profiles\mcwo6oe9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-10]
FF Extension: No Name - C:\Users\RedMax\AppData\Roaming\Mozilla\Firefox\Profiles\mcwo6oe9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [Not Found]
FF Extension: No Name - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-22] (AVAST Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S3 Garmin Core Update Service; D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S4 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2544976 2014-07-21] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-18] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148664 2012-11-09] (Crawler.com)
R2 TuneUp.UtilitiesSvc; D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUNEUPUTILITIESSERVICE64.EXE [2103096 2013-12-18] (TuneUp Software)
S4 WTabletServiceCon; C:\PROGRAM FILES\TABLET\PEN\WTABLETSERVICECON.EXE [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-22] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-18] ()
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-08-27] (REALiX(tm))
R1 ISODrive; d:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-18] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2012-12-26] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 08:22 - 2014-11-15 08:23 - 00021588 _____ () C:\Users\RedMax\Downloads\FRST.txt
2014-11-15 08:22 - 2014-11-15 08:23 - 00000000 ____D () C:\FRST
2014-11-15 08:22 - 2014-11-15 08:22 - 02116608 _____ (Farbar) C:\Users\RedMax\Downloads\FRST64.exe
2014-11-15 08:20 - 2014-11-15 08:20 - 00000000 ____H () C:\ProgramData\cm-lock
2014-11-14 18:13 - 2014-11-14 18:13 - 00009438 _____ () C:\Users\RedMax\Downloads\hijackthis.log
2014-11-14 18:13 - 2014-11-14 18:13 - 00000037 _____ () C:\Users\RedMax\Desktop\Neues Textdokument (2).txt
2014-11-14 18:11 - 2014-11-14 18:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\RedMax\Downloads\HijackThis.exe
2014-11-14 02:51 - 2014-11-14 02:52 - 00301302 _____ () C:\Users\RedMax\Desktop\firewall.dll screen.bmp
2014-11-14 02:46 - 2014-11-14 02:46 - 00001228 _____ () C:\Users\RedMax\Documents\mbam 14.11.14 mit rootkit suche.txt
2014-11-14 02:35 - 2014-11-14 02:35 - 00001212 _____ () C:\Users\RedMax\Documents\mbam 14.11.14.txt
2014-11-14 02:15 - 2014-11-14 02:15 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-14 02:15 - 2014-11-14 02:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-14 02:15 - 2014-11-14 02:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-14 02:15 - 2014-11-14 02:15 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-14 01:07 - 2014-11-14 01:07 - 00201903 _____ () C:\Users\RedMax\Downloads\Neues Textdokument.txt
2014-11-14 00:46 - 2014-11-14 00:46 - 00128320 _____ () C:\Users\RedMax\Downloads\OTL1.Txt
2014-11-14 00:45 - 2014-11-14 00:45 - 00272118 _____ () C:\Users\RedMax\Downloads\Extras.Txt
2014-11-14 00:45 - 2014-11-14 00:45 - 00128320 _____ () C:\Users\RedMax\Downloads\OTL.Txt
2014-11-14 00:26 - 2014-11-14 00:26 - 00602112 _____ (OldTimer Tools) C:\Users\RedMax\Downloads\OTL.exe
2014-11-14 00:03 - 2014-11-14 00:03 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-14 00:02 - 2014-11-14 00:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-14 00:02 - 2014-11-14 00:02 - 17535064 _____ () C:\Users\RedMax\Downloads\RogueKillerX64.exe
2014-11-13 23:18 - 2014-11-14 16:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 23:17 - 2014-11-13 23:17 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-13 23:17 - 2014-11-13 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-13 23:17 - 2014-11-13 23:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-13 23:17 - 2014-11-13 23:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-13 23:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-13 23:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-13 23:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-13 23:15 - 2014-11-13 23:15 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\RedMax\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-13 22:43 - 2014-11-14 02:19 - 00002264 _____ () C:\Windows\PFRO.log
2014-11-13 22:34 - 2014-11-13 22:35 - 00002268 _____ () C:\Windows\logboot_13.11.2014.tureg.log
2014-11-13 22:31 - 2014-11-13 22:43 - 00000000 ____D () C:\AdwCleaner
2014-11-13 20:53 - 2014-11-13 20:53 - 02140160 _____ () C:\Users\RedMax\Downloads\adwcleaner_4.101.exe
2014-11-13 18:09 - 2014-11-15 08:20 - 00001680 _____ () C:\Windows\setupact.log
2014-11-13 18:09 - 2014-11-13 18:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-13 18:07 - 2014-11-13 18:07 - 00170262 _____ () C:\Users\RedMax\Documents\cc_20141113_180740.reg
2014-11-13 18:03 - 2014-11-13 18:04 - 04977216 _____ (Piriform Ltd) C:\Users\RedMax\Downloads\ccsetup419.exe
2014-11-13 15:17 - 2014-09-14 15:17 - 00000032 ____R () C:\ProgramData\hash.dat
2014-11-11 15:36 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-11 15:36 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-10 23:18 - 2014-11-10 23:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 17:27 - 2014-11-03 21:25 - 00615568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-10 17:25 - 2014-11-04 01:04 - 31891784 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 24555208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 20923712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 18514080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 17259848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 14031448 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 13943904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 13207184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-10 17:25 - 2014-11-04 01:04 - 11397208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 11335408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 04289168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00962704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00922256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00898192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00870624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-10 17:25 - 2014-11-04 01:04 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-05 18:55 - 2014-11-02 22:48 - 00002775 _____ () C:\Users\RedMax\Downloads\defaultVehicles.xml
2014-11-05 14:22 - 2014-10-30 05:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-05 14:22 - 2014-10-30 05:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-11-03 00:39 - 2014-11-03 00:43 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\.technic
2014-11-03 00:39 - 2014-11-03 00:39 - 02346942 _____ () C:\Users\RedMax\Downloads\TechnicLauncher.exe
2014-11-02 17:57 - 2014-10-04 00:20 - 03363848 _____ (ETS2MP Team ) C:\Users\RedMax\Downloads\Install ETS2MP.exe
2014-11-01 19:55 - 2014-11-01 19:56 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\Cubic
2014-11-01 16:37 - 2014-11-01 16:48 - 00000000 ____D () C:\Users\RedMax\AppData\Local\CSO
2014-11-01 16:37 - 2014-11-01 16:37 - 00000000 ____D () C:\ProgramData\Nexon
2014-10-30 19:52 - 2014-10-30 19:56 - 00000000 ____D () C:\Users\RedMax\Documents\GHOSTBUSTERS (tm)
2014-10-30 19:52 - 2014-10-30 19:52 - 00000000 ____D () C:\Users\RedMax\AppData\Local\GHOSTBUSTERS (tm)
2014-10-29 17:55 - 2014-10-30 22:16 - 00000000 ____D () C:\Users\RedMax\Documents\wmd_symbol_cache
2014-10-29 17:55 - 2014-10-29 18:29 - 00000000 ____D () C:\Users\RedMax\Documents\CARS
2014-10-29 11:07 - 2014-10-29 11:07 - 00244392 _____ () C:\Users\RedMax\Downloads\Firefox Setup Stub 33.0.2.exe
2014-10-29 11:04 - 2014-10-16 17:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-10-29 11:04 - 2014-10-16 17:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll
2014-10-21 14:33 - 2014-10-21 14:33 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-21 14:33 - 2014-10-21 14:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-21 14:33 - 2014-10-21 14:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-21 14:33 - 2014-10-21 14:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 14:33 - 2014-10-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 18:12 - 2014-10-22 10:47 - 00000000 ____D () C:\Users\RedMax\Documents\Assetto Corsa
2014-10-16 21:18 - 2014-10-16 21:18 - 00000000 ____D () C:\Program Files (x86)\Sony

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 08:20 - 2014-01-16 01:25 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-15 08:20 - 2014-01-15 23:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-15 08:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-15 07:46 - 2014-09-10 20:29 - 22833977 _____ () C:\Users\RedMax\Downloads\Mirillis.Action.1.17.4.rar
2014-11-15 07:04 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 07:04 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 20:40 - 2012-12-10 02:00 - 02023238 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 19:42 - 2012-12-10 02:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 13:30 - 2014-04-15 00:00 - 00000000 ___RD () C:\Users\RedMax\Documents\MAGIX
2014-11-14 13:28 - 2013-08-13 08:49 - 00000000 ____D () C:\ProgramData\MAGIX
2014-11-14 12:11 - 2013-01-08 12:24 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\vlc
2014-11-14 11:03 - 2014-09-02 00:37 - 00000000 ____D () C:\Users\RedMax\AppData\Local\CrashDumps
2014-11-14 02:49 - 2012-12-23 23:55 - 00007601 _____ () C:\Users\RedMax\AppData\Local\resmon.resmoncfg
2014-11-14 02:19 - 2012-12-11 18:51 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-14 02:17 - 2014-06-25 16:32 - 00000747 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-14 02:17 - 2012-12-11 18:51 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-14 02:17 - 2012-12-11 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-14 00:32 - 2014-08-21 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2014-11-14 00:11 - 2012-12-10 02:07 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\Adobe
2014-11-14 00:10 - 2014-08-29 07:52 - 00000000 ____D () C:\ProgramData\TechSmith
2014-11-14 00:10 - 2012-12-10 01:57 - 00000000 ____D () C:\Users\RedMax
2014-11-13 22:44 - 2012-12-10 19:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-13 22:35 - 2009-07-14 03:34 - 63438848 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-11-13 22:35 - 2009-07-14 03:34 - 25952256 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-11-13 22:35 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-11-13 22:33 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-11-13 22:33 - 2009-07-14 03:34 - 00065536 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-11-13 20:03 - 2013-11-05 01:42 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\TS3Client
2014-11-13 18:06 - 2013-02-11 22:40 - 00000000 ____D () C:\Users\RedMax\AppData\Local\LogMeIn Hamachi
2014-11-13 18:06 - 2013-01-16 21:17 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\TeamViewer
2014-11-13 18:06 - 2012-12-17 10:49 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\Azureus
2014-11-13 18:05 - 2014-07-10 11:02 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-13 18:05 - 2014-01-16 01:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-12 22:35 - 2014-08-16 17:04 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\milestone
2014-11-12 20:11 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-12 18:42 - 2012-12-10 02:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 18:42 - 2012-12-10 02:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 18:42 - 2012-12-10 02:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 14:34 - 2014-09-20 22:35 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\.minecraft
2014-11-11 17:18 - 2014-04-28 12:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 16:14 - 2013-01-17 23:45 - 00000000 ____D () C:\Users\RedMax\Documents\Euro Truck Simulator 2
2014-11-11 00:45 - 2014-07-17 22:35 - 00001714 _____ () C:\Users\RedMax\Desktop\eurotrucks2.xml
2014-11-10 17:27 - 2012-12-10 02:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-09 20:26 - 2013-01-07 09:34 - 00000000 ____D () C:\ProgramData\Origin
2014-11-09 18:54 - 2013-01-07 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-09 18:21 - 2012-12-10 02:10 - 00000000 ____D () C:\Users\RedMax\Documents\my games
2014-11-08 08:44 - 2012-12-10 02:03 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-11-08 08:44 - 2012-12-10 02:03 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-11-08 08:44 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 18:06 - 2014-06-28 20:30 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-06 18:06 - 2014-06-28 20:30 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-06 18:06 - 2014-01-15 23:55 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-06 18:06 - 2014-01-15 23:55 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-05 02:43 - 2012-12-10 20:09 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\Skype
2014-11-04 01:04 - 2014-01-15 23:54 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-04 01:04 - 2014-01-15 23:54 - 00059592 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-04 01:04 - 2014-01-15 23:53 - 20985544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-04 01:04 - 2014-01-15 23:53 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-04 01:04 - 2014-01-15 23:53 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-04 01:04 - 2014-01-15 23:53 - 03238040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-04 01:04 - 2014-01-15 23:53 - 02849736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-04 01:04 - 2014-01-15 23:53 - 00987520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-04 01:04 - 2014-01-15 23:53 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-03 23:02 - 2014-01-15 23:54 - 06882448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-03 23:02 - 2014-01-15 23:54 - 03531464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-03 23:02 - 2014-01-15 23:54 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-03 23:02 - 2014-01-15 23:54 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-03 23:02 - 2014-01-15 23:54 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-03 23:02 - 2014-01-15 23:54 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-03 12:58 - 2014-01-15 23:54 - 04099264 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-02 17:58 - 2014-05-04 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2014-10-29 20:07 - 2013-05-04 09:08 - 00000000 ____D () C:\Users\RedMax\AppData\Roaming\SpinTires
2014-10-29 16:49 - 2014-06-21 13:44 - 00000000 ____D () C:\Users\RedMax\AppData\Local\Adobe
2014-10-29 11:08 - 2014-04-28 12:21 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-29 11:08 - 2014-04-28 12:21 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-23 11:18 - 2014-06-17 21:34 - 00000000 ____D () C:\Users\RedMax\Documents\BEWERBUNGEN
2014-10-21 14:33 - 2013-09-22 21:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-16 21:18 - 2013-12-24 21:07 - 00001279 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inhaltsmanager-Assistent für PlayStation(R).lnk

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\RedMax\AppData\Local\Temp\dllnt_dump.dll
C:\Users\RedMax\AppData\Local\Temp\Quarantine.exe
C:\Users\RedMax\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:55

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by RedMax at 2014-11-15 08:23:32
Running from C:\Users\RedMax\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8BitBoy (HKLM-x32\...\Steam App 296910) (Version:  - AwesomeBlade)
8BitMMO (HKLM-x32\...\Steam App 250420) (Version:  - Archive Entertainment)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Among the Sleep (HKLM-x32\...\Steam App 250620) (Version:  - Krillbite Studio)
Anarchy Arcade (HKLM-x32\...\Steam App 266430) (Version:  - Elijah Newman-Gomez)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Audiosurf 2 (HKLM-x32\...\Steam App 235800) (Version:  - Dylan Fitterer)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bang Bang Racing (HKLM-x32\...\Steam App 207020) (Version:  - Digital Reality Software & Playbox)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Blockscape (HKLM-x32\...\Steam App 223490) (Version:  - ioneo)
Blood: One Unit Whole Blood (HKLM-x32\...\Steam App 299030) (Version:  - Monolith Productions)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.8.1.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Car Mechanic Simulator 2014 (HKLM-x32\...\Steam App 270850) (Version:  - PlayWay S.A.)
Carmageddon: Reincarnation (HKLM-x32\...\Steam App 249380) (Version:  - Stainless Games Ltd)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Circuits (HKLM-x32\...\Steam App 282760) (Version:  - Digital Tentacle)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version:  - Forward Development)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Cosmic DJ (HKLM-x32\...\Steam App 297110) (Version:  - Gl33k)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Cubic Castles (HKLM-x32\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Death Rally (HKLM-x32\...\Steam App 108700) (Version:  - )
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
DiRT 2 (HKLM-x32\...\Steam App 12840) (Version:  - Codemasters Racing Studio)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version:  - Codemasters)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version:  - Codemasters Racing Studio)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - )
Dropbox (HKU\S-1-5-21-3268893772-689285336-3042597260-1000\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Drunken Robot Pornography (HKLM-x32\...\Steam App 209060) (Version:  - Dejobaan Games, LLC)
DuckTales Remastered (HKLM-x32\...\Steam App 237630) (Version:  - Wayforward)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version:  - )
Eldritch (HKLM-x32\...\Steam App 252630) (Version:  - Minor Key Games)
Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus SX210_SX410_TX210_TX410 Handbuch (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch) (Version:  - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - )
Euro Truck Simulator 2 Multiplayer 0.1.0.9 Alpha R3 (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.0.9 Alpha R3 - ETS2MP Team)
Evoland (HKLM-x32\...\Steam App 233470) (Version:  - Shiro Games)
F.E.A.R. 3 (HKLM-x32\...\Steam App 21100) (Version:  - Day 1 Studios)
F1 Race Stars (HKLM-x32\...\Steam App 203680) (Version:  - Codemasters)
FaceRig (HKLM-x32\...\Steam App 274920) (Version:  - Holotech Studios)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - Ubisoft Montreal)
Farming Simulator 15 (HKLM-x32\...\Steam App 313160) (Version:  - Giants Software)
Final Exam (HKLM-x32\...\Steam App 233190) (Version:  - Mighty Rocket Studio)
Firefall (HKLM-x32\...\Steam App 227700) (Version:  - Red 5 Studios)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Gas Guzzlers Extreme (HKLM-x32\...\Steam App 243800) (Version:  - )
Ghostbusters: The Video Game (HKLM-x32\...\Steam App 9870) (Version:  - Terminal Reality)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Gnomoria (HKLM-x32\...\Steam App 224500) (Version:  - )
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version:  - Size Five Games)
Guncraft (HKLM-x32\...\Steam App 241720) (Version:  - Exato Games Studio)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - Crackshell)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
IDJ 3-Osc VA (HKLM-x32\...\{3509A66E-C73E-4737-A1AF-00D0B92DDCB5}) (Version: 1.2 - InternetDJ)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Inhaltsmanager-Assistent für PlayStation(R) (HKLM-x32\...\{E6EB4571-5ADB-4557-8F95-0E0EF5D0F833}) (Version: 3.30.7824.86 - Sony Computer Entertainment Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Ion Assault (HKLM-x32\...\Steam App 41730) (Version:  - Coreplay GmbH)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jet Car Stunts (HKLM-x32\...\Steam App 274880) (Version:  - GRIP Digital s.r.o.)
Joe Danger (HKLM-x32\...\Steam App 229890) (Version:  - Hello Games)
Joe Danger 2: The Movie (HKLM-x32\...\Steam App 242110) (Version:  - Hello Games)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - )
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Legend of Dungeon (HKLM-x32\...\Steam App 238280) (Version:  - )
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version:  - Traveller's Tales)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - Tomorrow Corporation)
Little Racers STREET (HKLM-x32\...\Steam App 262690) (Version:  - Milkstone Studios)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Lovely Planet (HKLM-x32\...\Steam App 298600) (Version:  - QUICKTEQUILA)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Magrunner: Dark Pulse (HKLM-x32\...\Steam App 209630) (Version:  - Frogwares)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Mashed (HKLM-x32\...\Steam App 281280) (Version:  - Supersonic Software)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mini Motor Racing EVO (HKLM-x32\...\Steam App 209520) (Version:  - The Binary Mill)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
MoodTuner (HKLM-x32\...\com.gugga.radiomini) (Version: 1.1 - GUGA EOOD)
MoodTuner (x32 Version: 1.1 - GUGA EOOD) Hidden
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version:  - NetherRealm Studios)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MUD - FIM Motocross World Championship™ (HKLM-x32\...\Steam App 226780) (Version:  - Milestone S.r.l.)
MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Double Helix Games)
My Game Long Name (HKLM\...\UDK-1ec563c2-6e39-423b-9d4b-ea659dd9c110) (Version:  - Epic Games, Inc.)
MyFreeCodec (HKU\S-1-5-21-3268893772-689285336-3042597260-1000\...\MyFreeCodec) (Version:  - )
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
Next Car Game (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3268893772-689285336-3042597260-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA 3D Vision Controller-Treiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.65 - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{D312F154-8455-45C1-A44E-1AED321E6E95}) (Version: 1.6.4 - NVIDIA Corporation)
NVIDIA Design Garage (HKLM-x32\...\{008F0183-9DD2-49E3-8F73-12752042355A}) (Version: 1.0.0.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Supersonic Sled demo (HKLM-x32\...\Supersonic Sled) (Version:  - )
Off-Road Drive (HKLM-x32\...\Steam App 200230) (Version:  - 1C-Avalon)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version:  - Mine Loader Software Co., Ltd.)
PAC-MAN MUSEUM (HKLM-x32\...\Steam App 236470) (Version:  - NAMCO BANDAI Studio Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Paranautical Activity (HKLM-x32\...\Steam App 250580) (Version:  - Code Avarice)
Paranormal (HKLM-x32\...\Steam App 246300) (Version:  - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pool Nation (HKLM-x32\...\Steam App 254440) (Version:  - Cherry Pop Games)
Proteus (HKLM-x32\...\Steam App 219680) (Version:  - Ed Key and David Kanaga)
Puddle (HKLM-x32\...\Steam App 222140) (Version:  - )
RaceRoom Racing Experience  (HKLM-x32\...\Steam App 211500) (Version:  - SimBin Studios AB)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Real World Racing (HKLM-x32\...\Steam App 253470) (Version:  - Playstos Entertainment)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6636 - Realtek Semiconductor Corp.)
Retro City Rampage™ (HKLM-x32\...\Steam App 204630) (Version:  - )
Retrovirus (HKLM-x32\...\Steam App 227800) (Version:  - )
Ridge Racer™ Unbounded (HKLM-x32\...\Steam App 202310) (Version:  - )
Riptide GP2 (HKLM-x32\...\Steam App 257790) (Version:  - Vector Unit)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Shadow Warrior Classic Redux (HKLM-x32\...\Steam App 225160) (Version:  - 3D Realms)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Sigils of Elohim (HKLM-x32\...\Steam App 321480) (Version:  - Croteam)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Soundodger+ (HKLM-x32\...\Steam App 247140) (Version:  - Studio Bean)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Sparkle 2 Evo (HKLM-x32\...\Steam App 253650) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Spintires (HKLM-x32\...\Steam App 263280) (Version:  - Oovee® Game Studios)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.80 - Crawler.com)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Crate Box (HKLM-x32\...\Steam App 212800) (Version:  - )
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super Splatters (HKLM-x32\...\Steam App 95000) (Version:  - SpikySnail)
Super Toy Cars (HKLM-x32\...\Steam App 116100) (Version:  - Eclipse Games)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version:  - Kerberos Productions)
Symphony (HKLM-x32\...\Steam App 207750) (Version:  - Empty Clip Studios)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Crew (Beta) (HKLM-x32\...\Uplay Install 750) (Version:  - Ubisoft)
The Polynomial (HKLM-x32\...\Steam App 67000) (Version:  - Dmytry Lavrov)
The Room (HKLM-x32\...\Steam App 288160) (Version:  - Fireproof Games)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Toribash (HKLM-x32\...\Steam App 248570) (Version:  - Nabi Studios)
TrackMania² Canyon (HKLM-x32\...\Steam App 228760) (Version:  - )
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
TrackMania² Valley (HKLM-x32\...\Steam App 243360) (Version:  - Nadeo)
Trials Fusion (HKLM-x32\...\Steam App 245490) (Version:  - RedLynx, in collaboration with  Ubisoft Shanghai, Ubisoft Kiev)
Trucks & Trailers (HKLM-x32\...\Steam App 302060) (Version:  - SCS Software)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132 - TuneUp Software) Hidden
Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version:  - Secret Exit Ltd.)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unepic (HKLM-x32\...\Steam App 233980) (Version:  - Francisco Téllez de Meneses)
Unity Web Player (HKU\S-1-5-21-3268893772-689285336-3042597260-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version:  - RuneStorm)
Vita Electric Piano Update (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Vintage Organ Update (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
Wakfu (HKLM-x32\...\Steam App 215080) (Version:  - Ankama)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WebM Project Directshow Filters (HKU\S-1-5-21-3268893772-689285336-3042597260-1000\...\webmdshow) (Version:  - )
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3268893772-689285336-3042597260-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version:  - Noble Empire Corp.)
WRC Powerslide (HKLM-x32\...\Steam App 256350) (Version:  - Milestone S.r.l.)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zombie Driver HD (HKLM-x32\...\Steam App 220820) (Version:  - Exor Studios)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3268893772-689285336-3042597260-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RedMax\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3268893772-689285336-3042597260-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-3268893772-689285336-3042597260-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3268893772-689285336-3042597260-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3268893772-689285336-3042597260-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3268893772-689285336-3042597260-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-11-2014 18:26:18 Geplanter Prüfpunkt
11-11-2014 14:37:00 DirectX wurde installiert
13-11-2014 23:08:36 Camtasia Studio 8 wird entfernt
14-11-2014 12:31:54 Removed MAGIX Burn routines
14-11-2014 13:04:33 Removed Overwolf

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-09-08 20:14 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {24CF4999-4E7C-489A-BA99-746256C9F8A1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\OneClick.exe [2013-12-18] (TuneUp Software)
Task: {2F447521-2832-49D0-9D8C-999638EA4FE1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {5B210DE9-314C-46EF-8491-D64B8421435B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {66903F70-C1C5-4BAB-B042-0876ED5A3E3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {AFE54FA3-2711-4AF7-9826-22856414BB7D} - System32\Tasks\GarminUpdaterTask => D:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {DA0E0CDE-3DF7-4C47-81CF-B65DAE17FA87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {F547E558-218A-430C-ABD8-B0C82AE81214} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-22] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-01-15 23:54 - 2014-11-03 23:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-18 22:00 - 2014-05-18 22:00 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-18 10:01 - 2013-12-18 10:01 - 00742200 _____ () D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\avgrepliba.dll
2014-07-02 22:54 - 2014-07-02 22:54 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-02 22:59 - 2014-07-02 22:59 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-02 22:54 - 2014-07-02 22:54 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-02 22:59 - 2014-07-02 22:59 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-07-22 22:43 - 2014-07-22 22:43 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-14 19:59 - 2014-11-14 19:59 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14111400\algo.dll
2014-11-10 23:18 - 2014-11-10 23:18 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-29 00:51 - 2014-11-11 19:48 - 01171456 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 00:51 - 2014-11-11 19:48 - 00442368 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 00:51 - 2014-11-11 19:48 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-11-11 19:47 - 00774656 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 21:36 - 2014-11-12 02:04 - 02227904 _____ () E:\Program Files (x86)\Steam\video.dll
2014-08-29 00:51 - 2014-11-11 19:48 - 00403968 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 00:51 - 2014-11-11 19:48 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll
2012-12-09 20:22 - 2014-11-12 02:04 - 00690880 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-07-22 22:43 - 2014-07-22 22:43 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-12-09 20:22 - 2014-11-11 19:48 - 34589888 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll
2014-01-14 21:30 - 2014-01-14 21:30 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b6584c7e1f3d6d28c1a2b189a5d8831f\IsdiInterop.ni.dll
2012-12-10 19:00 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:842730FD3E4241FA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Inhaltsmanager-Assistent für PlayStation(R).lnk => C:\Windows\pss\Inhaltsmanager-Assistent für PlayStation(R).lnk.CommonStartup
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe                                                                                                                                                                                                                        
MSCONFIG\startupreg: CloneCDTray => "d:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s                                                                                                                                                                                                              
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe                                                                                                                                                                                                              
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3268893772-689285336-3042597260-500 - Administrator - Disabled)
Guest (S-1-5-21-3268893772-689285336-3042597260-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3268893772-689285336-3042597260-1003 - Limited - Enabled)
RedMax (S-1-5-21-3268893772-689285336-3042597260-1000 - Administrator - Enabled) => C:\Users\RedMax

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2014 08:21:28 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/15/2014 07:04:21 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]

Error: (11/15/2014 07:03:37 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 05:45:12 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 11:13:24 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 11:03:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 2.48.83.56, Zeitstempel: 0x5462af57
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba58
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038da9
ID des fehlerhaften Prozesses: 0x1250
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3

Error: (11/14/2014 11:02:29 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 11:00:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 2.48.83.56, Zeitstempel: 0x5462af57
Name des fehlerhaften Moduls: tier0_s.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5462aee6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6479d8b0
ID des fehlerhaften Prozesses: 0xe70
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3

Error: (11/14/2014 11:00:19 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 02:20:12 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe


System errors:
=============
Error: (11/15/2014 08:20:19 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.

Error: (11/15/2014 07:03:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/15/2014 07:03:27 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/15/2014 07:02:45 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.

Error: (11/14/2014 05:44:15 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.

Error: (11/14/2014 10:58:20 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.

Error: (11/14/2014 02:19:17 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.

Error: (11/13/2014 11:48:32 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.

Error: (11/13/2014 10:44:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/13/2014 10:44:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (11/15/2014 08:21:28 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/15/2014 07:04:21 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [18]

Error: (11/15/2014 07:03:37 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 05:45:12 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 11:13:24 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 11:03:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Steam.exe2.48.83.565462af57ntdll.dll6.1.7601.175144ce7ba58c000000500038da9125001cffff21918142cE:\Program Files (x86)\Steam\Steam.exeC:\Windows\SysWOW64\ntdll.dll6e752386-6be5-11e4-8608-3085a98e35eb

Error: (11/14/2014 11:02:29 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 11:00:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Steam.exe2.48.83.565462af57tier0_s.dll_unloaded0.0.0.05462aee6c00000056479d8b0e7001cffff191065e88E:\Program Files (x86)\Steam\Steam.exetier0_s.dll1cc3d71f-6be5-11e4-8608-3085a98e35eb

Error: (11/14/2014 11:00:19 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe

Error: (11/14/2014 02:20:12 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for E:\Program Files (x86)\Steam\steam.exe


CodeIntegrity Errors:
===================================
  Date: 2014-11-15 08:20:26.256
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 07:02:47.534
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-14 20:33:42.599
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-14 19:56:16.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-14 17:44:40.235
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-14 17:05:59.666
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-14 16:18:16.277
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-14 10:58:42.793
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-14 03:02:19.515
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-14 02:40:07.605
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16328.31 MB
Available physical RAM: 13507.79 MB
Total Pagefile: 32654.82 MB
Available Pagefile: 29572.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:66.54 GB) NTFS
Drive d: (Boot) (Fixed) (Total:905.41 GB) (Free:410.38 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:736.2 GB) (Free:60.44 GB) NTFS
Drive k: (MEDIA ECT) (Fixed) (Total:931.51 GB) (Free:442.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7A83F1C6)
Partition 1: (Not Active) - (Size=905.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C0256926)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=736.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 48AF3B0C)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 15.11.2014, 12:25   #4
M-K-D-B
/// TB-Ausbilder
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Servus,




Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Alt 15.11.2014, 13:16   #5
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Ich habe jetzt den TDSSKiller Scan machen lassen.
Ich hab das 2 logs stehen.

TDSSKiller.3.0.0.41_15.11.2014_14.10.30_log
Code:
ATTFilter
14:10:30.0389 0x1afc  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
14:10:46.0938 0x1afc  ============================================================
14:10:46.0938 0x1afc  Current date / time: 2014/11/15 14:10:46.0938
14:10:46.0938 0x1afc  SystemInfo:
14:10:46.0938 0x1afc  
14:10:46.0938 0x1afc  OS Version: 6.1.7601 ServicePack: 1.0
14:10:46.0938 0x1afc  Product type: Workstation
14:10:46.0938 0x1afc  ComputerName: REDMAX
14:10:46.0938 0x1afc  UserName: RedMax
14:10:46.0938 0x1afc  Windows directory: C:\Windows
14:10:46.0938 0x1afc  System windows directory: C:\Windows
14:10:46.0938 0x1afc  Running under WOW64
14:10:46.0938 0x1afc  Processor architecture: Intel x64
14:10:46.0938 0x1afc  Number of processors: 8
14:10:46.0938 0x1afc  Page size: 0x1000
14:10:46.0938 0x1afc  Boot type: Normal boot
14:10:46.0938 0x1afc  ============================================================
14:10:47.0548 0x1afc  KLMD registered as C:\Windows\system32\drivers\91458155.sys
14:10:47.0786 0x1afc  System UUID: {1E9C894B-DA18-E373-1C6F-B4F12BFC9B96}
14:10:48.0101 0x1afc  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:10:48.0110 0x1afc  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:10:48.0114 0x1afc  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:10:50.0480 0x1afc  ============================================================
14:10:50.0480 0x1afc  \Device\Harddisk0\DR0:
14:10:50.0480 0x1afc  MBR partitions:
14:10:50.0480 0x1afc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x712D2800
14:10:50.0481 0x1afc  \Device\Harddisk1\DR1:
14:10:50.0481 0x1afc  MBR partitions:
14:10:50.0481 0x1afc  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:10:50.0481 0x1afc  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800
14:10:50.0481 0x1afc  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0x5C066000
14:10:50.0481 0x1afc  \Device\Harddisk2\DR2:
14:10:50.0488 0x1afc  MBR partitions:
14:10:50.0488 0x1afc  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x74705980
14:10:50.0488 0x1afc  ============================================================
14:10:50.0507 0x1afc  C: <-> \Device\Harddisk1\DR1\Partition2
14:10:50.0544 0x1afc  D: <-> \Device\Harddisk0\DR0\Partition1
14:10:50.0562 0x1afc  E: <-> \Device\Harddisk1\DR1\Partition3
14:10:50.0634 0x1afc  K: <-> \Device\Harddisk2\DR2\Partition1
14:10:50.0634 0x1afc  ============================================================
14:10:50.0634 0x1afc  Initialize success
14:10:50.0634 0x1afc  ============================================================
14:11:07.0247 0x07dc  Deinitialize success
         


Alt 15.11.2014, 13:18   #6
M-K-D-B
/// TB-Ausbilder
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Servus,



das ist nicht die vollständige Logdatei...

Sicher, dass du einen Suchlauf gestartet hast?
Ich glaubs nämlich nicht...
__________________
--> Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich

Alt 15.11.2014, 13:20   #7
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



TDSSKiller.3.0.0.41_15.11.2014_14.11.09_log

Code:
ATTFilter
14:11:09.0891 0x041c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
14:11:24.0666 0x041c  ============================================================
14:11:24.0666 0x041c  Current date / time: 2014/11/15 14:11:24.0666
14:11:24.0666 0x041c  SystemInfo:
14:11:24.0667 0x041c  
14:11:24.0667 0x041c  OS Version: 6.1.7601 ServicePack: 1.0
14:11:24.0667 0x041c  Product type: Workstation
14:11:24.0667 0x041c  ComputerName: REDMAX
14:11:24.0667 0x041c  UserName: RedMax
14:11:24.0667 0x041c  Windows directory: C:\Windows
14:11:24.0667 0x041c  System windows directory: C:\Windows
14:11:24.0667 0x041c  Running under WOW64
14:11:24.0667 0x041c  Processor architecture: Intel x64
14:11:24.0667 0x041c  Number of processors: 8
14:11:24.0667 0x041c  Page size: 0x1000
14:11:24.0667 0x041c  Boot type: Normal boot
14:11:24.0667 0x041c  ============================================================
14:11:25.0193 0x041c  KLMD registered as C:\Windows\system32\drivers\73444732.sys
14:11:25.0404 0x041c  System UUID: {1E9C894B-DA18-E373-1C6F-B4F12BFC9B96}
14:11:25.0652 0x041c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:11:25.0661 0x041c  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:11:25.0664 0x041c  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:11:28.0065 0x041c  ============================================================
14:11:28.0065 0x041c  \Device\Harddisk0\DR0:
14:11:28.0066 0x041c  MBR partitions:
14:11:28.0066 0x041c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x712D2800
14:11:28.0066 0x041c  \Device\Harddisk1\DR1:
14:11:28.0066 0x041c  MBR partitions:
14:11:28.0066 0x041c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:11:28.0066 0x041c  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800
14:11:28.0066 0x041c  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0x5C066000
14:11:28.0066 0x041c  \Device\Harddisk2\DR2:
14:11:28.0067 0x041c  MBR partitions:
14:11:28.0067 0x041c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x74705980
14:11:28.0067 0x041c  ============================================================
14:11:28.0091 0x041c  C: <-> \Device\Harddisk1\DR1\Partition2
14:11:28.0095 0x041c  D: <-> \Device\Harddisk0\DR0\Partition1
14:11:28.0113 0x041c  E: <-> \Device\Harddisk1\DR1\Partition3
14:11:28.0114 0x041c  K: <-> \Device\Harddisk2\DR2\Partition1
14:11:28.0114 0x041c  ============================================================
14:11:28.0114 0x041c  Initialize success
14:11:28.0114 0x041c  ============================================================
14:13:23.0717 0x1584  ============================================================
14:13:23.0717 0x1584  Scan started
14:13:23.0717 0x1584  Mode: Manual; SigCheck; TDLFS; 
14:13:23.0717 0x1584  ============================================================
14:13:23.0717 0x1584  KSN ping started
14:13:40.0721 0x1584  KSN ping finished: true
14:13:43.0809 0x1584  ================ Scan system memory ========================
14:13:43.0809 0x1584  System memory - ok
14:13:43.0809 0x1584  ================ Scan services =============================
14:13:43.0887 0x1584  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:13:43.0919 0x1584  1394ohci - ok
14:13:43.0934 0x1584  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:13:43.0950 0x1584  ACPI - ok
14:13:43.0965 0x1584  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:13:43.0981 0x1584  AcpiPmi - ok
14:13:44.0059 0x1584  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:13:44.0059 0x1584  AdobeARMservice - ok
14:13:44.0106 0x1584  [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:13:44.0121 0x1584  AdobeFlashPlayerUpdateSvc - ok
14:13:44.0153 0x1584  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:13:44.0153 0x1584  adp94xx - ok
14:13:44.0168 0x1584  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:13:44.0184 0x1584  adpahci - ok
14:13:44.0199 0x1584  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:13:44.0199 0x1584  adpu320 - ok
14:13:44.0231 0x1584  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:13:44.0262 0x1584  AeLookupSvc - ok
14:13:44.0293 0x1584  [ D31DC7A16DEA4A9BAF179F3D6FBDB38C, 532678D86E3E667F2E789C4873565E0B92C549A93F10802BB6D5B505CA3238CE ] AFD             C:\Windows\system32\drivers\afd.sys
14:13:44.0340 0x1584  AFD - ok
14:13:44.0355 0x1584  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:13:44.0355 0x1584  agp440 - ok
14:13:44.0371 0x1584  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:13:44.0402 0x1584  ALG - ok
14:13:44.0402 0x1584  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:13:44.0402 0x1584  aliide - ok
14:13:44.0418 0x1584  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:13:44.0433 0x1584  amdide - ok
14:13:44.0433 0x1584  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:13:44.0449 0x1584  AmdK8 - ok
14:13:44.0480 0x1584  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:13:44.0496 0x1584  AmdPPM - ok
14:13:44.0511 0x1584  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:13:44.0527 0x1584  amdsata - ok
14:13:44.0527 0x1584  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:13:44.0543 0x1584  amdsbs - ok
14:13:44.0543 0x1584  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:13:44.0558 0x1584  amdxata - ok
14:13:44.0574 0x1584  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
14:13:44.0605 0x1584  AppID - ok
14:13:44.0605 0x1584  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:13:44.0636 0x1584  AppIDSvc - ok
14:13:44.0652 0x1584  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
14:13:44.0683 0x1584  Appinfo - ok
14:13:44.0699 0x1584  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:13:44.0714 0x1584  AppMgmt - ok
14:13:44.0714 0x1584  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:13:44.0730 0x1584  arc - ok
14:13:44.0730 0x1584  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:13:44.0745 0x1584  arcsas - ok
14:13:44.0761 0x1584  [ EB6DC008A1F36DFD7999EB57E97EAACE, 2652798D622A751AD84429E03266F32B4EE86DECC34CA8153790D04F43E03A66 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
14:13:44.0777 0x1584  asahci64 - ok
14:13:44.0792 0x1584  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
14:13:44.0808 0x1584  asmthub3 - ok
14:13:44.0823 0x1584  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
14:13:44.0839 0x1584  asmtxhci - ok
14:13:44.0917 0x1584  [ 041672BAC20B34EAEDEB033129655DD8, 14264732F0CACF5732C7652C411F0A1C3B4A4417C31DD289C8AFF170BE683E5A ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:13:44.0933 0x1584  aspnet_state - ok
14:13:44.0948 0x1584  [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
14:13:44.0948 0x1584  aswHwid - ok
14:13:44.0964 0x1584  [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:13:44.0964 0x1584  aswMonFlt - ok
14:13:44.0979 0x1584  [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
14:13:44.0979 0x1584  aswRdr - ok
14:13:44.0995 0x1584  [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:13:44.0995 0x1584  aswRvrt - ok
14:13:45.0026 0x1584  [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:13:45.0042 0x1584  aswSnx - ok
14:13:45.0073 0x1584  [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:13:45.0089 0x1584  aswSP - ok
14:13:45.0089 0x1584  [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm          C:\Windows\system32\drivers\aswStm.sys
14:13:45.0104 0x1584  aswStm - ok
14:13:45.0104 0x1584  [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:13:45.0120 0x1584  aswVmm - ok
14:13:45.0120 0x1584  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:13:45.0151 0x1584  AsyncMac - ok
14:13:45.0167 0x1584  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:13:45.0167 0x1584  atapi - ok
14:13:45.0182 0x1584  [ 64F07381335E37C142F6D176705FFCA6, 8F7F633B891FE653D3298578897711A04E7B2B08E51CEE131C50102EFD45AC0E ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
14:13:45.0198 0x1584  atksgt - ok
14:13:45.0229 0x1584  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:13:45.0276 0x1584  AudioEndpointBuilder - ok
14:13:45.0291 0x1584  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:13:45.0323 0x1584  AudioSrv - ok
14:13:45.0354 0x1584  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:13:45.0369 0x1584  avast! Antivirus - ok
14:13:45.0385 0x1584  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:13:45.0416 0x1584  AxInstSV - ok
14:13:45.0432 0x1584  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:13:45.0447 0x1584  b06bdrv - ok
14:13:45.0463 0x1584  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:13:45.0479 0x1584  b57nd60a - ok
14:13:45.0494 0x1584  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:13:45.0525 0x1584  BDESVC - ok
14:13:45.0525 0x1584  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:13:45.0557 0x1584  Beep - ok
14:13:45.0572 0x1584  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:13:45.0603 0x1584  BFE - ok
14:13:45.0650 0x1584  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:13:45.0697 0x1584  BITS - ok
14:13:45.0713 0x1584  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:13:45.0713 0x1584  blbdrive - ok
14:13:45.0728 0x1584  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:13:45.0759 0x1584  bowser - ok
14:13:45.0759 0x1584  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:13:45.0791 0x1584  BrFiltLo - ok
14:13:45.0791 0x1584  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:13:45.0806 0x1584  BrFiltUp - ok
14:13:45.0822 0x1584  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\Windows\System32\browser.dll
14:13:45.0853 0x1584  Browser - ok
14:13:45.0869 0x1584  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:13:45.0884 0x1584  Brserid - ok
14:13:45.0884 0x1584  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:13:45.0900 0x1584  BrSerWdm - ok
14:13:45.0915 0x1584  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:13:45.0931 0x1584  BrUsbMdm - ok
14:13:45.0947 0x1584  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:13:45.0962 0x1584  BrUsbSer - ok
14:13:45.0962 0x1584  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:13:45.0993 0x1584  BTHMODEM - ok
14:13:46.0009 0x1584  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:13:46.0040 0x1584  bthserv - ok
14:13:46.0056 0x1584  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:13:46.0071 0x1584  cdfs - ok
14:13:46.0087 0x1584  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:13:46.0103 0x1584  cdrom - ok
14:13:46.0134 0x1584  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:13:46.0165 0x1584  CertPropSvc - ok
14:13:46.0165 0x1584  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:13:46.0181 0x1584  circlass - ok
14:13:46.0196 0x1584  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:13:46.0212 0x1584  CLFS - ok
14:13:46.0274 0x1584  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:13:46.0290 0x1584  clr_optimization_v2.0.50727_32 - ok
14:13:46.0321 0x1584  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:13:46.0321 0x1584  clr_optimization_v2.0.50727_64 - ok
14:13:46.0368 0x1584  [ 397C2677C25CBE213F3270245A401624, 8121E37108DE7A0402DC5111EBF452F91893B63EECE3AAD9EACF61C40D3FC182 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:13:46.0368 0x1584  clr_optimization_v4.0.30319_32 - ok
14:13:46.0383 0x1584  [ 29139759FCC4E4E0531ABE2EA82CE646, CFF7B2F4A9B37D343BE18DC40161DC03FA9DB308CAE9E0B3DF1FCDC3EBAC0C08 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:13:46.0383 0x1584  clr_optimization_v4.0.30319_64 - ok
14:13:46.0399 0x1584  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:13:46.0415 0x1584  CmBatt - ok
14:13:46.0430 0x1584  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:13:46.0430 0x1584  cmdide - ok
14:13:46.0446 0x1584  [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG             C:\Windows\system32\Drivers\cng.sys
14:13:46.0461 0x1584  CNG - ok
14:13:46.0539 0x1584  [ 6FACA9C62024E14251C7ED33A8E8B660, F6E6810BBBF22600596D2F113009CF6246B0317159DA079DC491F51430F178E8 ] CodeMeter.exe   C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
14:13:46.0571 0x1584  CodeMeter.exe - ok
14:13:46.0571 0x1584  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:13:46.0586 0x1584  Compbatt - ok
14:13:46.0602 0x1584  [ 0C5B0DF7EF9F719EBAE9F8FE70E083A9, 3C21F5688D7EF748B7D48625E85FB9D5A6A4ABCE1939AF4D6993D3AD5CE71FD2 ] CompFilter64    C:\Windows\system32\DRIVERS\lvbflt64.sys
14:13:46.0602 0x1584  CompFilter64 - ok
14:13:46.0617 0x1584  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:13:46.0649 0x1584  CompositeBus - ok
14:13:46.0649 0x1584  COMSysApp - ok
14:13:46.0664 0x1584  cpuz135 - ok
14:13:46.0664 0x1584  cpuz136 - ok
14:13:46.0664 0x1584  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:13:46.0680 0x1584  crcdisk - ok
14:13:46.0695 0x1584  [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:13:46.0711 0x1584  CryptSvc - ok
14:13:46.0727 0x1584  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
14:13:46.0758 0x1584  CSC - ok
14:13:46.0789 0x1584  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
14:13:46.0820 0x1584  CscService - ok
14:13:46.0836 0x1584  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:13:46.0883 0x1584  DcomLaunch - ok
14:13:46.0898 0x1584  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:13:46.0929 0x1584  defragsvc - ok
14:13:46.0929 0x1584  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:13:46.0961 0x1584  DfsC - ok
14:13:46.0976 0x1584  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
14:13:46.0976 0x1584  dg_ssudbus - ok
14:13:46.0992 0x1584  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:13:47.0007 0x1584  Dhcp - ok
14:13:47.0023 0x1584  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:13:47.0039 0x1584  discache - ok
14:13:47.0054 0x1584  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:13:47.0054 0x1584  Disk - ok
14:13:47.0085 0x1584  [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:13:47.0101 0x1584  Dnscache - ok
14:13:47.0117 0x1584  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:13:47.0148 0x1584  dot3svc - ok
14:13:47.0163 0x1584  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:13:47.0195 0x1584  DPS - ok
14:13:47.0210 0x1584  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:13:47.0226 0x1584  drmkaud - ok
14:13:47.0257 0x1584  [ 426D951F2DE2D4DFCBE0D1A42BBBA72F, 0279BED05D51E85B2F94F5F244353E7CCA81B48230C06D5EBFFCE6689D8DCCD7 ] DTSAudioSvc     C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
14:13:47.0257 0x1584  DTSAudioSvc - ok
14:13:47.0288 0x1584  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:13:47.0304 0x1584  DXGKrnl - ok
14:13:47.0319 0x1584  [ 1BEF2C2E229452EC49FFE5A27283341D, 7010273570BD38E578FCF1DD2EB00C21E8FA3504CE2342AEE3755F6EFC4581E9 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
14:13:47.0335 0x1584  e1cexpress - ok
14:13:47.0335 0x1584  EagleX64 - ok
14:13:47.0351 0x1584  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:13:47.0366 0x1584  EapHost - ok
14:13:47.0444 0x1584  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:13:47.0522 0x1584  ebdrv - ok
14:13:47.0553 0x1584  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
14:13:47.0553 0x1584  EFS - ok
14:13:47.0585 0x1584  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:13:47.0616 0x1584  ehRecvr - ok
14:13:47.0631 0x1584  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:13:47.0647 0x1584  ehSched - ok
14:13:47.0647 0x1584  [ 9387A484D31209D7FC3F795A787294DB, 3CAFA3403B8A3547811B7233FB399FA8BB9FF54C82AC317955EDACE2E13519E5 ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
14:13:47.0663 0x1584  ElbyCDFL - ok
14:13:47.0663 0x1584  [ 702D5606CF2199E0EDEA6F0E0D27CD10, 238046CFE126A1F8AB96D8B62F6AA5EC97BAB830E2BAE5B1B6AB2D31894C79E4 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
14:13:47.0663 0x1584  ElbyCDIO - ok
14:13:47.0678 0x1584  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:13:47.0694 0x1584  elxstor - ok
14:13:47.0741 0x1584  [ B5581646636759D0DAFA8B008881C079, 0CADE029ABDCDE3A89C0786F1698C93D9A7CC981EFB3761CF243E19E178FF611 ] EPSON_EB_RPCV4_01 C:\PROGRAMDATA\EPSON\EPW!3 SSRP\E_S40STB.EXE
14:13:47.0756 0x1584  EPSON_EB_RPCV4_01 - ok
14:13:47.0772 0x1584  [ 1E345F2A2D95DA3190596E691CDE9342, 9D1D48F3B749ADA598D155E11E63CD52A4EEABF9BE92A1D997D25D07CF350084 ] EPSON_PM_RPCV4_01 C:\PROGRAMDATA\EPSON\EPW!3 SSRP\E_S40RPB.EXE
14:13:47.0787 0x1584  EPSON_PM_RPCV4_01 - ok
14:13:47.0803 0x1584  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:13:47.0819 0x1584  ErrDev - ok
14:13:47.0865 0x1584  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:13:47.0897 0x1584  EventSystem - ok
14:13:47.0897 0x1584  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:13:47.0928 0x1584  exfat - ok
14:13:47.0928 0x1584  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:13:47.0959 0x1584  fastfat - ok
14:13:47.0975 0x1584  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:13:48.0006 0x1584  Fax - ok
14:13:48.0021 0x1584  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:13:48.0037 0x1584  fdc - ok
14:13:48.0053 0x1584  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:13:48.0084 0x1584  fdPHost - ok
14:13:48.0084 0x1584  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:13:48.0099 0x1584  FDResPub - ok
14:13:48.0115 0x1584  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:13:48.0131 0x1584  FileInfo - ok
14:13:48.0131 0x1584  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:13:48.0162 0x1584  Filetrace - ok
14:13:48.0162 0x1584  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:13:48.0162 0x1584  flpydisk - ok
14:13:48.0193 0x1584  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:13:48.0193 0x1584  FltMgr - ok
14:13:48.0240 0x1584  [ B4447F606BB19FD8AD0BAFB59B90F5D9, 043E686029DE2710305852E3A416176E400F9FD5FB98E4F2A6F14C060FAABED5 ] FontCache       C:\Windows\system32\FntCache.dll
14:13:48.0287 0x1584  FontCache - ok
14:13:48.0318 0x1584  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:13:48.0318 0x1584  FontCache3.0.0.0 - ok
14:13:48.0333 0x1584  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:13:48.0349 0x1584  FsDepends - ok
14:13:48.0349 0x1584  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:13:48.0349 0x1584  Fs_Rec - ok
14:13:48.0365 0x1584  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:13:48.0380 0x1584  fvevol - ok
14:13:48.0380 0x1584  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:13:48.0396 0x1584  gagp30kx - ok
14:13:48.0489 0x1584  [ ED62B15B73209101759042A48C027F9E, 3D36E8B4550AE54CFF7FEC415BCC9B37FBA39F2B8FB79C1ECC0FF2BB410481DD ] Garmin Core Update Service D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
14:13:48.0505 0x1584  Garmin Core Update Service - ok
14:13:48.0552 0x1584  [ 34E75903D327D9D02AA5F92F87C808EF, D43C5085C1D265DA7516EFE893002CE02CAA515AA9B5C2A080F75C78048688C1 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
14:13:48.0583 0x1584  GfExperienceService - ok
14:13:48.0599 0x1584  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:13:48.0645 0x1584  gpsvc - ok
14:13:48.0661 0x1584  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
14:13:48.0661 0x1584  hamachi - ok
14:13:48.0755 0x1584  [ EE54F8C7DA3C4B2D2077EA811980F6FC, A2F2CF7EFA9058D73A1908616597B7E328724D8F7BE0A7628F0118072BFB8193 ] Hamachi2Svc     D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
14:13:48.0817 0x1584  Hamachi2Svc - ok
14:13:48.0817 0x1584  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:13:48.0833 0x1584  hcw85cir - ok
14:13:48.0864 0x1584  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:13:48.0879 0x1584  HdAudAddService - ok
14:13:48.0895 0x1584  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:13:48.0911 0x1584  HDAudBus - ok
14:13:48.0911 0x1584  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:13:48.0942 0x1584  HidBatt - ok
14:13:48.0942 0x1584  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:13:48.0973 0x1584  HidBth - ok
14:13:48.0973 0x1584  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:13:48.0989 0x1584  HidIr - ok
14:13:49.0004 0x1584  [ 46BBE8EA221461A65F18A078528F4B2C, C0B0D35E2A6C750E5505156694F41F987AB548449F6C9DB1EEEAF12E5F146AD7 ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
14:13:49.0004 0x1584  hidkmdf - ok
14:13:49.0020 0x1584  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
14:13:49.0051 0x1584  hidserv - ok
14:13:49.0067 0x1584  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:13:49.0082 0x1584  HidUsb - ok
14:13:49.0113 0x1584  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:13:49.0129 0x1584  hkmsvc - ok
14:13:49.0145 0x1584  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:13:49.0176 0x1584  HomeGroupListener - ok
14:13:49.0191 0x1584  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:13:49.0207 0x1584  HomeGroupProvider - ok
14:13:49.0223 0x1584  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:13:49.0238 0x1584  HpSAMD - ok
14:13:49.0269 0x1584  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:13:49.0301 0x1584  HTTP - ok
14:13:49.0316 0x1584  [ C4C1F6BF857854AE08A7B4373AFF36B6, 727959B60D73CE5BC0DCB75F18AF6A246AD9D7504095F4CDBC6A512662BE1843 ] HWiNFO32        C:\Windows\system32\drivers\HWiNFO64A.SYS
14:13:49.0316 0x1584  HWiNFO32 - ok
14:13:49.0332 0x1584  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:13:49.0332 0x1584  hwpolicy - ok
14:13:49.0347 0x1584  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:13:49.0347 0x1584  i8042prt - ok
14:13:49.0379 0x1584  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:13:49.0394 0x1584  iaStor - ok
14:13:49.0441 0x1584  [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:13:49.0441 0x1584  IAStorDataMgrSvc - ok
14:13:49.0457 0x1584  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:13:49.0472 0x1584  iaStorV - ok
14:13:49.0503 0x1584  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:13:49.0519 0x1584  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
14:13:50.0408 0x1270  Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
14:13:56.0071 0x1270  Object send P2P result: true
14:13:59.0565 0x1584  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:14:05.0129 0x1584  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:14:05.0146 0x1584  idsvc - ok
14:14:05.0163 0x1584  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:14:05.0168 0x1584  iirsp - ok
14:14:05.0191 0x1584  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:14:05.0233 0x1584  IKEEXT - ok
14:14:05.0324 0x1584  [ AA04E3B7A75B0C75F0108F49E298F042, 1E9EAB6A437DE97C7F7A45C4CD850FD2727858BFEFDCC2C5C403D44DFED83051 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:14:05.0379 0x1584  IntcAzAudAddService - ok
14:14:05.0401 0x1584  [ 42CEE1BA152FA267AE8587B4DE3B7B28, A16989C875F1794E2AB82B24AF63F7E0BFA0CBDDCBB527C73A6B4F6CA574E014 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
14:14:05.0407 0x1584  Intel(R) PROSet Monitoring Service - ok
14:14:05.0427 0x1584  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:14:05.0432 0x1584  intelide - ok
14:14:05.0445 0x1584  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:14:05.0459 0x1584  intelppm - ok
14:14:05.0478 0x1584  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:14:05.0508 0x1584  IPBusEnum - ok
14:14:05.0520 0x1584  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:14:05.0538 0x1584  IpFilterDriver - ok
14:14:05.0564 0x1584  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:14:05.0597 0x1584  iphlpsvc - ok
14:14:05.0617 0x1584  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:14:05.0625 0x1584  IPMIDRV - ok
14:14:05.0635 0x1584  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:14:05.0663 0x1584  IPNAT - ok
14:14:05.0670 0x1584  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:14:05.0691 0x1584  IRENUM - ok
14:14:05.0701 0x1584  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:14:05.0706 0x1584  isapnp - ok
14:14:05.0720 0x1584  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:14:05.0729 0x1584  iScsiPrt - ok
14:14:05.0750 0x1584  [ 9C6F3F69163133FB8E56AC4A6E163452, BD6CAB093B5451B4CC85B4528DC0251C97A3D11CB3C1493D25F37B06F8CD2238 ] ISODrive        d:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
14:14:05.0755 0x1584  ISODrive - ok
14:14:05.0770 0x1584  [ B2381712638B0B714D0EEAB9A1F7C640, 113BCA8868057156EFDC7C079171308C1EBA4F979C85EB1265F42F95A499B086 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
14:14:05.0774 0x1584  iusb3hcs - ok
14:14:05.0786 0x1584  [ FD2C6457232E95C014DAD21DEBC64867, 4CC4F488A2555761208D8401265788281B6EC76A8F16C8E115778E571450B90B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
14:14:05.0794 0x1584  iusb3hub - ok
14:14:05.0823 0x1584  [ F6A2B5D030BE7EDF8ADC12C9A40825A8, 03EFAFD6B7801D83D7689435DED8DC321D153AAC4FD69D46ED8C9D7E7F56B44A ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
14:14:05.0836 0x1584  iusb3xhc - ok
14:14:05.0850 0x1584  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:14:05.0854 0x1584  kbdclass - ok
14:14:05.0870 0x1584  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:14:05.0878 0x1584  kbdhid - ok
14:14:05.0888 0x1584  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
14:14:05.0896 0x1584  KeyIso - ok
14:14:05.0902 0x1584  [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:14:05.0908 0x1584  KSecDD - ok
14:14:05.0914 0x1584  [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:14:05.0920 0x1584  KSecPkg - ok
14:14:05.0928 0x1584  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:14:05.0952 0x1584  ksthunk - ok
14:14:05.0975 0x1584  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:14:05.0999 0x1584  KtmRm - ok
14:14:06.0015 0x1584  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:14:06.0048 0x1584  LanmanServer - ok
14:14:06.0066 0x1584  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:14:06.0087 0x1584  LanmanWorkstation - ok
14:14:06.0102 0x1584  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
14:14:06.0106 0x1584  LGBusEnum - ok
14:14:06.0121 0x1584  [ F705A641C18DF31B48B5DBDA94B425E4, 1F47EE43CAFE5458E56467E127EE99B5FDBFF8B810CF92B232094B475DD42B21 ] LGPBTDD         C:\Windows\system32\Drivers\LGPBTDD.sys
14:14:06.0125 0x1584  LGPBTDD - ok
14:14:06.0140 0x1584  [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
14:14:06.0144 0x1584  LGSHidFilt - ok
14:14:06.0150 0x1584  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
14:14:06.0154 0x1584  LGVirHid - ok
14:14:06.0175 0x1584  [ 83BA097ACAAD0B00505634A62D90F93A, 6F1FE2F413A4A939D2D921F537EBB9330E2A65A7C38BD380CF9405792FD03052 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
14:14:06.0180 0x1584  lirsgt - ok
14:14:06.0191 0x1584  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:14:06.0221 0x1584  lltdio - ok
14:14:06.0242 0x1584  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:14:06.0266 0x1584  lltdsvc - ok
14:14:06.0273 0x1584  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:14:06.0292 0x1584  lmhosts - ok
14:14:06.0316 0x1584  [ 75F29D77B0540FCF47EE3BE000BBABDA, 3FFDDC42D51FABAA7F3BFD088F008DE39F3479B25214260D98336F00B6336BFA ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:14:06.0323 0x1584  LMS - ok
14:14:06.0337 0x1584  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:14:06.0344 0x1584  LSI_FC - ok
14:14:06.0356 0x1584  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:14:06.0362 0x1584  LSI_SAS - ok
14:14:06.0370 0x1584  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:14:06.0376 0x1584  LSI_SAS2 - ok
14:14:06.0382 0x1584  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:14:06.0388 0x1584  LSI_SCSI - ok
14:14:06.0393 0x1584  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:14:06.0423 0x1584  luafv - ok
14:14:06.0446 0x1584  [ A401CFF74982D8DF851F20307C806073, 1D7BA90C9E77FAAE59F60AB5310EC41D9C5B98F1F9A89A3CDB9169E6DEF565DA ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
14:14:06.0454 0x1584  LVRS64 - ok
14:14:06.0541 0x1584  [ 13384CB5F5813E65F31078D6ABFAAF38, A6E7374C15CAECC273197BF62F8F926BA30E9509270A8470756F4710E1DEA126 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
14:14:06.0604 0x1584  LVUVC64 - ok
14:14:06.0625 0x1584  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:14:06.0638 0x1584  Mcx2Svc - ok
14:14:06.0650 0x1584  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:14:06.0655 0x1584  megasas - ok
14:14:06.0664 0x1584  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:14:06.0673 0x1584  MegaSR - ok
14:14:06.0684 0x1584  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:14:06.0688 0x1584  MEIx64 - ok
14:14:06.0695 0x1584  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:14:06.0715 0x1584  MMCSS - ok
14:14:06.0726 0x1584  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:14:06.0756 0x1584  Modem - ok
14:14:06.0764 0x1584  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:14:06.0777 0x1584  monitor - ok
14:14:06.0790 0x1584  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:14:06.0795 0x1584  mouclass - ok
14:14:06.0804 0x1584  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:14:06.0820 0x1584  mouhid - ok
14:14:06.0833 0x1584  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:14:06.0839 0x1584  mountmgr - ok
14:14:06.0866 0x1584  [ DEA022193DF8C88F6E2B3E33D148A5DB, 97DFC47DB83E04A975A1969AA120385463FCAF4E1A9984FD3220442D7026B45A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:14:06.0873 0x1584  MozillaMaintenance - ok
14:14:06.0885 0x1584  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:14:06.0891 0x1584  mpio - ok
14:14:06.0902 0x1584  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:14:06.0921 0x1584  mpsdrv - ok
14:14:06.0947 0x1584  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:14:06.0979 0x1584  MpsSvc - ok
14:14:06.0991 0x1584  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:14:07.0012 0x1584  MRxDAV - ok
14:14:07.0017 0x1584  [ FAF015B07E3A2874A790A39B7D2C579F, C614B0E80B38EBF7C670EEB833F5E476B33042097DA07206D6C5EE3E52B9A427 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:14:07.0036 0x1584  mrxsmb - ok
14:14:07.0062 0x1584  [ 08E2345DF129082BCDFFDC1440F9C00D, 2ADF69F49DF8C43D4440B6C8A62085C51518CA895A88D37264C60A0B4B1EC55F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:14:07.0094 0x1584  mrxsmb10 - ok
14:14:07.0107 0x1584  [ 108D87409C5812EF47D81E22843E8C9D, CAE9B91B6BD1DF1552463BD63A06288F5D3E0B81B040BC1C7EC0C2A0119CCECA ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:14:07.0132 0x1584  mrxsmb20 - ok
14:14:07.0153 0x1584  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:14:07.0157 0x1584  msahci - ok
14:14:07.0176 0x1584  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:14:07.0183 0x1584  msdsm - ok
14:14:07.0200 0x1584  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:14:07.0211 0x1584  MSDTC - ok
14:14:07.0220 0x1584  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:14:07.0238 0x1584  Msfs - ok
14:14:07.0243 0x1584  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:14:07.0269 0x1584  mshidkmdf - ok
14:14:07.0280 0x1584  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:14:07.0284 0x1584  msisadrv - ok
14:14:07.0303 0x1584  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:14:07.0330 0x1584  MSiSCSI - ok
14:14:07.0332 0x1584  msiserver - ok
14:14:07.0347 0x1584  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:14:07.0373 0x1584  MSKSSRV - ok
14:14:07.0385 0x1584  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:14:07.0410 0x1584  MSPCLOCK - ok
14:14:07.0412 0x1584  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:14:07.0438 0x1584  MSPQM - ok
14:14:07.0456 0x1584  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:14:07.0466 0x1584  MsRPC - ok
14:14:07.0476 0x1584  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:14:07.0480 0x1584  mssmbios - ok
14:14:07.0483 0x1584  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:14:07.0510 0x1584  MSTEE - ok
14:14:07.0517 0x1584  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:14:07.0525 0x1584  MTConfig - ok
14:14:07.0530 0x1584  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:14:07.0535 0x1584  Mup - ok
14:14:07.0565 0x1584  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:14:07.0599 0x1584  napagent - ok
14:14:07.0612 0x1584  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:14:07.0637 0x1584  NativeWifiP - ok
14:14:07.0666 0x1584  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:14:07.0684 0x1584  NDIS - ok
14:14:07.0693 0x1584  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:14:07.0712 0x1584  NdisCap - ok
14:14:07.0717 0x1584  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:14:07.0746 0x1584  NdisTapi - ok
14:14:07.0758 0x1584  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:14:07.0777 0x1584  Ndisuio - ok
14:14:07.0786 0x1584  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:14:07.0816 0x1584  NdisWan - ok
14:14:07.0835 0x1584  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:14:07.0861 0x1584  NDProxy - ok
14:14:07.0873 0x1584  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:14:07.0892 0x1584  NetBIOS - ok
14:14:07.0913 0x1584  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:14:07.0934 0x1584  NetBT - ok
14:14:07.0945 0x1584  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
14:14:07.0948 0x1584  Netlogon - ok
14:14:07.0980 0x1584  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:14:08.0011 0x1584  Netman - ok
14:14:08.0026 0x1584  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:14:08.0026 0x1584  NetMsmqActivator - ok
14:14:08.0042 0x1584  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:14:08.0042 0x1584  NetPipeActivator - ok
14:14:08.0058 0x1584  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:14:08.0089 0x1584  netprofm - ok
14:14:08.0104 0x1584  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:14:08.0104 0x1584  NetTcpActivator - ok
14:14:08.0104 0x1584  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:14:08.0120 0x1584  NetTcpPortSharing - ok
14:14:08.0136 0x1584  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:14:08.0136 0x1584  nfrd960 - ok
14:14:08.0151 0x1584  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:14:08.0182 0x1584  NlaSvc - ok
14:14:08.0198 0x1584  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:14:08.0229 0x1584  Npfs - ok
14:14:08.0229 0x1584  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:14:08.0276 0x1584  nsi - ok
14:14:08.0307 0x1584  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:14:08.0338 0x1584  nsiproxy - ok
14:14:08.0385 0x1584  [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:14:08.0416 0x1584  Ntfs - ok
14:14:08.0448 0x1584  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:14:08.0479 0x1584  Null - ok
14:14:08.0494 0x1584  [ C87B11EB78428853F9E8495C47E53C10, FAE479DB0812967B3FF968773BA998591B4F50BE4329B8349BCA7E6EAB1B0474 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
14:14:08.0510 0x1584  NVHDA - ok
14:14:08.0744 0x1584  [ FDB03499693DEFD0B6754264C187F967, 7A011832868A685E37DFA7815AABABD7BE14D7E4F05FE1F5349E5BC96AA1DE82 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:14:08.0916 0x1584  nvlddmkm - ok
14:14:08.0994 0x1584  [ 9EA1D43D68AAAE216CDA9C89CEF24D9E, 6554DD56EA804BC69EA5B50FA5F7CCCE790B5CC650F17DF5C474BEF7E5C99990 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
14:14:09.0040 0x1584  NvNetworkService - ok
14:14:09.0056 0x1584  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:14:09.0056 0x1584  nvraid - ok
14:14:09.0072 0x1584  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:14:09.0087 0x1584  nvstor - ok
14:14:09.0118 0x1584  [ 63734B0FBD8E6DAF841AD3DD47DEFFFB, 8D458301C8349591C5649E53D7DA6C67D71FF3C82B2ADF426231DE208ECF85ED ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
14:14:09.0118 0x1584  NvStreamKms - ok
14:14:09.0462 0x1584  [ 8EB877DD871935DF1074BFF18CB301AB, 44B94840E24BF83D445C516756F78DAF4CF9C665B74A318AF3A6C5648DF8C45D ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
14:14:09.0774 0x1584  NvStreamSvc - ok
14:14:09.0820 0x1584  [ 2E6A24E49988ED7CF57454EB873117DD, 1C5ADAE9D361BA4368D5517392ABB33FEC332A5847AE2498F456129A5C5884A8 ] NvStUSB         C:\Windows\system32\DRIVERS\nvstusb.sys
14:14:09.0836 0x1584  NvStUSB - ok
14:14:09.0883 0x1584  [ 103C5A4A296D7958B2E150A15884B240, D57DCDD668CAE26AC4EDD30BF415421B8F63071245538FC8D940CD430A169445 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:14:09.0898 0x1584  nvsvc - ok
14:14:09.0898 0x1584  [ 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3, 4C3C36ADC9EC0FDED3E3FFC7918680B643652AD39458FAA8525392DAD0ABD845 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
14:14:09.0914 0x1584  nvvad_WaveExtensible - ok
14:14:09.0914 0x1584  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:14:09.0930 0x1584  nv_agp - ok
14:14:09.0930 0x1584  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:14:09.0961 0x1584  ohci1394 - ok
14:14:10.0039 0x1584  [ DE63B75C2B820B425E09C59344051FC2, 09FA23A09166132DA4F24DD6BF7BB6D36DA010251C9C532DC32DD45D67E5DAE6 ] Origin Client Service E:\Program Files (x86)\Origin\OriginClientService.exe
14:14:10.0101 0x1584  Origin Client Service - ok
14:14:10.0117 0x1584  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:14:10.0148 0x1584  p2pimsvc - ok
14:14:10.0164 0x1584  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:14:10.0179 0x1584  p2psvc - ok
14:14:10.0242 0x1584  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:14:10.0257 0x1584  Parport - ok
14:14:10.0320 0x1584  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:14:10.0335 0x1584  partmgr - ok
14:14:10.0366 0x1584  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:14:10.0382 0x1584  PcaSvc - ok
14:14:10.0398 0x1584  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:14:10.0398 0x1584  pci - ok
14:14:10.0413 0x1584  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:14:10.0429 0x1584  pciide - ok
14:14:10.0429 0x1584  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:14:10.0444 0x1584  pcmcia - ok
14:14:10.0460 0x1584  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:14:10.0460 0x1584  pcw - ok
14:14:10.0554 0x1584  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:14:10.0601 0x1584  PEAUTH - ok
14:14:10.0632 0x1584  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:14:10.0679 0x1584  PeerDistSvc - ok
14:14:10.0757 0x1584  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:14:10.0772 0x1584  PerfHost - ok
14:14:10.0835 0x1584  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:14:10.0881 0x1584  pla - ok
14:14:10.0928 0x1584  [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:14:10.0959 0x1584  PlugPlay - ok
14:14:10.0959 0x1584  PnkBstrA - ok
14:14:10.0959 0x1584  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:14:10.0991 0x1584  PNRPAutoReg - ok
14:14:11.0006 0x1584  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:14:11.0022 0x1584  PNRPsvc - ok
14:14:11.0053 0x1584  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:14:11.0084 0x1584  PolicyAgent - ok
14:14:11.0131 0x1584  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:14:11.0147 0x1584  Power - ok
14:14:11.0178 0x1584  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:14:11.0225 0x1584  PptpMiniport - ok
14:14:11.0240 0x1584  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:14:11.0256 0x1584  Processor - ok
14:14:11.0318 0x1584  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
14:14:11.0349 0x1584  ProfSvc - ok
14:14:11.0349 0x1584  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:14:11.0365 0x1584  ProtectedStorage - ok
14:14:11.0412 0x1584  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:14:11.0427 0x1584  Psched - ok
14:14:11.0474 0x1584  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:14:11.0505 0x1584  ql2300 - ok
14:14:11.0521 0x1584  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:14:11.0521 0x1584  ql40xx - ok
14:14:11.0537 0x1584  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:14:11.0552 0x1584  QWAVE - ok
14:14:11.0568 0x1584  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:14:11.0583 0x1584  QWAVEdrv - ok
14:14:11.0599 0x1584  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:14:11.0630 0x1584  RasAcd - ok
14:14:11.0661 0x1584  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:14:11.0677 0x1584  RasAgileVpn - ok
14:14:11.0708 0x1584  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:14:11.0724 0x1584  RasAuto - ok
14:14:11.0755 0x1584  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:14:11.0802 0x1584  Rasl2tp - ok
14:14:11.0817 0x1584  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:14:11.0833 0x1584  RasMan - ok
14:14:11.0849 0x1584  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:14:11.0864 0x1584  RasPppoe - ok
14:14:11.0864 0x1584  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:14:11.0895 0x1584  RasSstp - ok
14:14:11.0911 0x1584  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:14:11.0942 0x1584  rdbss - ok
14:14:11.0942 0x1584  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:14:11.0958 0x1584  rdpbus - ok
14:14:11.0973 0x1584  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:14:11.0989 0x1584  RDPCDD - ok
14:14:12.0005 0x1584  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:14:12.0005 0x1584  RDPDR - ok
14:14:12.0020 0x1584  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:14:12.0051 0x1584  RDPENCDD - ok
14:14:12.0067 0x1584  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:14:12.0083 0x1584  RDPREFMP - ok
14:14:12.0098 0x1584  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:14:12.0114 0x1584  RdpVideoMiniport - ok
14:14:12.0145 0x1584  [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:14:12.0161 0x1584  RDPWD - ok
14:14:12.0192 0x1584  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:14:12.0192 0x1584  rdyboost - ok
14:14:12.0223 0x1584  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:14:12.0270 0x1584  RemoteAccess - ok
14:14:12.0270 0x1584  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:14:12.0301 0x1584  RemoteRegistry - ok
14:14:12.0317 0x1584  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:14:12.0348 0x1584  RpcEptMapper - ok
14:14:12.0363 0x1584  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:14:12.0395 0x1584  RpcLocator - ok
14:14:12.0410 0x1584  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:14:12.0441 0x1584  RpcSs - ok
14:14:12.0441 0x1584  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:14:12.0473 0x1584  rspndr - ok
14:14:12.0488 0x1584  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:14:12.0504 0x1584  s3cap - ok
14:14:12.0504 0x1584  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
14:14:12.0504 0x1584  SamSs - ok
14:14:12.0519 0x1584  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:14:12.0535 0x1584  sbp2port - ok
14:14:12.0535 0x1584  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:14:12.0566 0x1584  SCardSvr - ok
14:14:12.0566 0x1584  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:14:12.0582 0x1584  scfilter - ok
14:14:12.0613 0x1584  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:14:12.0675 0x1584  Schedule - ok
14:14:12.0675 0x1584  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:14:12.0707 0x1584  SCPolicySvc - ok
14:14:12.0707 0x1584  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:14:12.0722 0x1584  SDRSVC - ok
14:14:12.0738 0x1584  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:14:12.0769 0x1584  secdrv - ok
14:14:12.0769 0x1584  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:14:12.0800 0x1584  seclogon - ok
14:14:12.0816 0x1584  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:14:12.0831 0x1584  SENS - ok
14:14:12.0847 0x1584  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:14:12.0847 0x1584  SensrSvc - ok
14:14:12.0863 0x1584  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:14:12.0909 0x1584  Serenum - ok
14:14:12.0925 0x1584  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:14:12.0925 0x1584  Serial - ok
14:14:12.0941 0x1584  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:14:12.0956 0x1584  sermouse - ok
14:14:12.0987 0x1584  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:14:13.0019 0x1584  SessionEnv - ok
14:14:13.0019 0x1584  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:14:13.0034 0x1584  sffdisk - ok
14:14:13.0050 0x1584  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:14:13.0065 0x1584  sffp_mmc - ok
14:14:13.0065 0x1584  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:14:13.0097 0x1584  sffp_sd - ok
14:14:13.0112 0x1584  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:14:13.0112 0x1584  sfloppy - ok
14:14:13.0159 0x1584  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:14:13.0190 0x1584  SharedAccess - ok
14:14:13.0221 0x1584  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:14:13.0253 0x1584  ShellHWDetection - ok
14:14:13.0268 0x1584  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:14:13.0268 0x1584  SiSRaid2 - ok
14:14:13.0284 0x1584  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:14:13.0284 0x1584  SiSRaid4 - ok
14:14:13.0299 0x1584  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:14:13.0315 0x1584  SkypeUpdate - ok
14:14:13.0315 0x1584  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:14:13.0346 0x1584  Smb - ok
14:14:13.0377 0x1584  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:14:13.0393 0x1584  SNMPTRAP - ok
14:14:13.0424 0x1584  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\syswow64\speedfan.sys
14:14:13.0424 0x1584  speedfan - ok
14:14:13.0440 0x1584  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:14:13.0440 0x1584  spldr - ok
14:14:13.0471 0x1584  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
14:14:13.0487 0x1584  Spooler - ok
14:14:13.0580 0x1584  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:14:13.0674 0x1584  sppsvc - ok
14:14:13.0689 0x1584  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:14:13.0721 0x1584  sppuinotify - ok
14:14:13.0736 0x1584  [ B9657A0AFF28C1CB114ACC0CB93EE4BB, 619DE6438827A648566CB6F6407DF30E3BBCE345775B0154D883A48E244A62EE ] sp_rsdrv2       C:\Windows\system32\DRIVERS\stflt.sys
14:14:13.0736 0x1584  sp_rsdrv2 - ok
14:14:13.0767 0x1584  [ 2098B8556D1CEC2ACA9A29CD479E3692, D5826407C64F18C16EB36E6F00787CFAFCD9B24B5BD8AD126AD01E6E4134966F ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:14:13.0814 0x1584  srv - ok
14:14:13.0830 0x1584  [ D0F73A42040F21F92FD314B42AC5C9E7, A021C4318C9CFA594305458B2643BB0C22DDE1F3D51C93C9F3E7F7AB75B31278 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:14:13.0845 0x1584  srv2 - ok
14:14:13.0861 0x1584  [ 2BA8F3250828CCDB4204ECF2C6F40B6A, 22C4FBF9A87C46E69C48B681FF733D68D9CB7B7D73FB14C8C2A06E9009F9860E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:14:13.0892 0x1584  srvnet - ok
14:14:13.0908 0x1584  [ 52D6F40B50ECFC051979FEC68E74F0F8, 9C8C65AC69BA5C9885CF2A4BD72B869754948377AA3FED2680E7BF8C5639F2A2 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
14:14:13.0908 0x1584  ssadbus - ok
14:14:13.0923 0x1584  [ D6CFD3B2EABCF9327DE39C62BABFA1E3, C748AF55B07FCB9C5A3E3E0CB783CE6387A2C5D646BCA6B5F5FFF37ACCE82AD3 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:14:13.0923 0x1584  ssadmdfl - ok
14:14:13.0939 0x1584  [ 5EB01E6148742C3EC2185AC92F6D16FD, 5BD22C745D9BD47C60929F9C556E4B262F9415866EFE9F9263EAD916D74ECAE0 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
14:14:13.0955 0x1584  ssadmdm - ok
14:14:13.0970 0x1584  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:14:14.0001 0x1584  SSDPSRV - ok
14:14:14.0001 0x1584  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:14:14.0033 0x1584  SstpSvc - ok
14:14:14.0048 0x1584  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
14:14:14.0048 0x1584  ssudmdm - ok
14:14:14.0095 0x1584  [ 45EABBB754F5D015D1D6990887D37A43, FCD7DD6F1741EE9814C73ED08A7D15C4B7DA42E530AED874EC9A68F26FDB0113 ] ST2012_Svc      C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
14:14:14.0111 0x1584  ST2012_Svc - ok
14:14:14.0173 0x1584  [ 7A04FB623BE442450E716AA2A5476BE1, A24AD210F545460E0E0EE8F09991E665B34DCE2EF5EC6D495E314ADBB88B18D5 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:14:14.0189 0x1584  Steam Client Service - ok
14:14:14.0204 0x1584  [ 9ADA53D2178EFA0C21FDD1F6002145C5, BC363BFF88DA893C7E72B2085D9784A89950A4C07352F8F20EB0840D67D4F6B6 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:14:14.0220 0x1584  Stereo Service - ok
14:14:14.0235 0x1584  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:14:14.0235 0x1584  stexstor - ok
14:14:14.0267 0x1584  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:14:14.0298 0x1584  stisvc - ok
14:14:14.0313 0x1584  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:14:14.0329 0x1584  storflt - ok
14:14:14.0329 0x1584  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:14:14.0345 0x1584  storvsc - ok
14:14:14.0345 0x1584  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:14:14.0360 0x1584  swenum - ok
14:14:14.0376 0x1584  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:14:14.0407 0x1584  swprv - ok
14:14:14.0407 0x1584  Synth3dVsc - ok
14:14:14.0454 0x1584  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:14:14.0516 0x1584  SysMain - ok
14:14:14.0532 0x1584  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:14:14.0547 0x1584  TabletInputService - ok
14:14:14.0579 0x1584  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:14:14.0610 0x1584  TapiSrv - ok
14:14:14.0625 0x1584  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:14:14.0657 0x1584  TBS - ok
14:14:14.0688 0x1584  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:14:14.0735 0x1584  Tcpip - ok
14:14:14.0766 0x1584  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:14:14.0797 0x1584  TCPIP6 - ok
14:14:14.0813 0x1584  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:14:14.0828 0x1584  tcpipreg - ok
14:14:14.0844 0x1584  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:14:14.0875 0x1584  TDPIPE - ok
14:14:14.0891 0x1584  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:14:14.0906 0x1584  TDTCP - ok
14:14:14.0922 0x1584  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:14:14.0937 0x1584  tdx - ok
14:14:15.0062 0x1584  [ DF4A7E1E2BA788E28747F1EF49692ED6, 3417C0C713AB086E31CA20D6DCE923FF224093CFF2BAA6F29DCCBD2BEE5EEED6 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
14:14:15.0171 0x1584  TeamViewer9 - ok
14:14:15.0203 0x1584  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:14:15.0203 0x1584  TermDD - ok
14:14:15.0249 0x1584  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
14:14:15.0281 0x1584  TermService - ok
14:14:15.0296 0x1584  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:14:15.0327 0x1584  Themes - ok
14:14:15.0343 0x1584  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:14:15.0359 0x1584  THREADORDER - ok
14:14:15.0374 0x1584  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:14:15.0405 0x1584  TrkWks - ok
14:14:15.0452 0x1584  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:14:15.0468 0x1584  TrustedInstaller - ok
14:14:15.0483 0x1584  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:14:15.0515 0x1584  tssecsrv - ok
14:14:15.0515 0x1584  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:14:15.0546 0x1584  TsUsbFlt - ok
14:14:15.0546 0x1584  tsusbhub - ok
14:14:15.0624 0x1584  [ CDAD7034AF9562835F29FB50A5F54832, CEBEAAF387A6B6A7CE20839E29988F47A7CD381BEDD8B127ECD5E0548BCC68FA ] TuneUp.UtilitiesSvc D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUNEUPUTILITIESSERVICE64.EXE
14:14:15.0671 0x1584  TuneUp.UtilitiesSvc - ok
14:14:15.0702 0x1584  [ 45427C4B8CAC6B241478F149B935CD80, 7F772D6D00D1ADD394F5907804661C75780EE9F8DF21EF0719D3E4ABA00092B7 ] TuneUpUtilitiesDrv D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TuneUpUtilitiesDriver64.sys
14:14:15.0702 0x1584  TuneUpUtilitiesDrv - ok
14:14:15.0717 0x1584  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:14:15.0733 0x1584  tunnel - ok
14:14:15.0749 0x1584  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:14:15.0749 0x1584  uagp35 - ok
14:14:15.0780 0x1584  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:14:15.0795 0x1584  udfs - ok
14:14:15.0811 0x1584  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:14:15.0827 0x1584  UI0Detect - ok
14:14:15.0842 0x1584  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:14:15.0842 0x1584  uliagpkx - ok
14:14:15.0858 0x1584  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
14:14:15.0873 0x1584  umbus - ok
14:14:15.0889 0x1584  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:14:15.0905 0x1584  UmPass - ok
14:14:15.0920 0x1584  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:14:15.0951 0x1584  UmRdpService - ok
14:14:15.0967 0x1584  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:14:15.0983 0x1584  upnphost - ok
14:14:15.0998 0x1584  [ 43228F8EDD1B0BCDD3145AD246E63D39, 108D8793E9F94C0A0E895398599B359121751F2E7BAA8B7BD24838AEF646726D ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:14:16.0014 0x1584  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
14:14:21.0583 0x1584  Detect skipped due to KSN trusted
14:14:21.0583 0x1584  USBAAPL64 - ok
14:14:21.0599 0x1584  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:14:21.0614 0x1584  usbaudio - ok
14:14:21.0630 0x1584  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:14:21.0630 0x1584  usbccgp - ok
14:14:21.0645 0x1584  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:14:21.0661 0x1584  usbcir - ok
14:14:21.0677 0x1584  [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:14:21.0692 0x1584  usbehci - ok
14:14:21.0708 0x1584  [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:14:21.0723 0x1584  usbhub - ok
14:14:21.0723 0x1584  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:14:21.0739 0x1584  usbohci - ok
14:14:21.0739 0x1584  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:14:21.0755 0x1584  usbprint - ok
14:14:21.0770 0x1584  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:14:21.0801 0x1584  usbscan - ok
14:14:21.0801 0x1584  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:14:21.0817 0x1584  USBSTOR - ok
14:14:21.0833 0x1584  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:14:21.0848 0x1584  usbuhci - ok
14:14:21.0864 0x1584  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:14:21.0864 0x1584  usbvideo - ok
14:14:21.0895 0x1584  [ 70D05EE263568A742D14E1876DF80532, D49D7B60EE30F2398B8B532F4A4C3F17535485F2BDB9B14AB600E2A4E3F12A6B ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
14:14:21.0895 0x1584  usb_rndisx - ok
14:14:21.0911 0x1584  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:14:21.0926 0x1584  UxSms - ok
14:14:21.0942 0x1584  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
14:14:21.0942 0x1584  VaultSvc - ok
14:14:21.0957 0x1584  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:14:21.0957 0x1584  vdrvroot - ok
14:14:21.0989 0x1584  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:14:22.0020 0x1584  vds - ok
14:14:22.0035 0x1584  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:14:22.0035 0x1584  vga - ok
14:14:22.0051 0x1584  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:14:22.0067 0x1584  VgaSave - ok
14:14:22.0067 0x1584  VGPU - ok
14:14:22.0082 0x1584  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:14:22.0098 0x1584  vhdmp - ok
14:14:22.0098 0x1584  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:14:22.0113 0x188c  Object required for P2P: [ 7A04FB623BE442450E716AA2A5476BE1 ] Steam Client Service
14:14:22.0113 0x1584  viaide - ok
14:14:22.0129 0x1584  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:14:22.0129 0x1584  vmbus - ok
14:14:22.0145 0x1584  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:14:22.0160 0x1584  VMBusHID - ok
14:14:22.0176 0x1584  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:14:22.0176 0x1584  volmgr - ok
14:14:22.0191 0x1584  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:14:22.0207 0x1584  volmgrx - ok
14:14:22.0207 0x1584  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:14:22.0223 0x1584  volsnap - ok
14:14:22.0238 0x1584  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:14:22.0238 0x1584  vsmraid - ok
14:14:22.0285 0x1584  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:14:22.0363 0x1584  VSS - ok
14:14:22.0363 0x1584  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:14:22.0379 0x1584  vwifibus - ok
14:14:22.0394 0x1584  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:14:22.0425 0x1584  W32Time - ok
14:14:22.0441 0x1584  [ FDA15A0510F84FA46452B74529147A15, DAF92C2B733311B767895175E27B671C80DC028EEB477C28E0209C6467E072D1 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
14:14:22.0441 0x1584  WacHidRouter - ok
14:14:22.0457 0x1584  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:14:22.0472 0x1584  WacomPen - ok
14:14:22.0472 0x1584  [ EABFDBDC9BEDD325F260A3A9FEE5B3F9, 496AD989DA6F500140FCDB88C65CECD4F306D3FBDAACE1D42C5312C1E321B9D1 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
14:14:22.0472 0x1584  wacomrouterfilter - ok
14:14:22.0488 0x1584  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:14:22.0519 0x1584  WANARP - ok
14:14:22.0519 0x1584  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:14:22.0550 0x1584  Wanarpv6 - ok
14:14:22.0597 0x1584  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:14:22.0644 0x1584  wbengine - ok
14:14:22.0659 0x1584  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:14:22.0675 0x1584  WbioSrvc - ok
14:14:22.0706 0x1584  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:14:22.0737 0x1584  wcncsvc - ok
14:14:22.0737 0x1584  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:14:22.0753 0x1584  WcsPlugInService - ok
14:14:22.0769 0x1584  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:14:22.0769 0x1584  Wd - ok
14:14:22.0800 0x1584  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:14:22.0815 0x1584  Wdf01000 - ok
14:14:22.0815 0x1584  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:14:22.0831 0x1584  WdiServiceHost - ok
14:14:22.0831 0x1584  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:14:22.0847 0x1584  WdiSystemHost - ok
14:14:22.0862 0x1584  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
14:14:22.0893 0x1584  WebClient - ok
14:14:22.0909 0x1584  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:14:22.0940 0x1584  Wecsvc - ok
14:14:22.0940 0x1584  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:14:22.0971 0x1584  wercplsupport - ok
14:14:22.0971 0x1584  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:14:23.0003 0x1584  WerSvc - ok
14:14:23.0003 0x1584  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:14:23.0034 0x1584  WfpLwf - ok
14:14:23.0034 0x1584  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:14:23.0049 0x1584  WIMMount - ok
14:14:23.0065 0x1584  WinDefend - ok
14:14:23.0065 0x1584  WinHttpAutoProxySvc - ok
14:14:23.0096 0x1584  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:14:23.0127 0x1584  Winmgmt - ok
14:14:23.0174 0x1584  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:14:23.0237 0x1584  WinRM - ok
14:14:23.0268 0x1584  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:14:23.0283 0x1584  WinUsb - ok
14:14:23.0315 0x1584  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:14:23.0330 0x1584  Wlansvc - ok
14:14:23.0424 0x1584  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:14:23.0471 0x1584  wlidsvc - ok
14:14:23.0502 0x1584  [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
14:14:23.0502 0x1584  WmBEnum - ok
14:14:23.0517 0x1584  [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
14:14:23.0517 0x1584  WmFilter - ok
14:14:23.0533 0x1584  [ AC4331AF118A720F13C9C5CABBFE27BD, 2C5F453996B00078F3E8E731F6B3DD4529831BDA2146EAFC66727C9460E85112 ] WmHidLo         C:\Windows\system32\drivers\WmHidLo.sys
14:14:23.0533 0x1584  WmHidLo - ok
14:14:23.0549 0x1584  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:14:23.0564 0x1584  WmiAcpi - ok
14:14:23.0580 0x1584  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:14:23.0595 0x1584  wmiApSrv - ok
14:14:23.0611 0x1584  WMPNetworkSvc - ok
14:14:23.0627 0x1584  [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
14:14:23.0627 0x1584  WmVirHid - ok
14:14:23.0642 0x1584  [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
14:14:23.0642 0x1584  WmXlCore - ok
14:14:23.0658 0x1584  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:14:23.0658 0x1584  WPCSvc - ok
14:14:23.0673 0x1584  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:14:23.0689 0x1584  WPDBusEnum - ok
14:14:23.0705 0x1584  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:14:23.0720 0x1584  ws2ifsl - ok
14:14:23.0736 0x1584  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:14:23.0767 0x1584  wscsvc - ok
14:14:23.0767 0x1584  WSearch - ok
14:14:23.0798 0x1584  [ FF3F745A22B0C9C2EF1600762E8858A1, A63A66537A5316963825A963F2A9EC2BEB68027EB3A2EF28DC2C936FF194915A ] WTabletServiceCon C:\PROGRAM FILES\TABLET\PEN\WTABLETSERVICECON.EXE
14:14:23.0814 0x1584  WTabletServiceCon - ok
14:14:23.0876 0x1584  [ 9DF12EDBC698B0BC353B3EF84861E430, 5777972DC6242096EE2D4DAEEFC822DE9077560322DED7B9696BB23B7C240403 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:14:23.0954 0x1584  wuauserv - ok
14:14:23.0970 0x1584  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:14:24.0001 0x1584  WudfPf - ok
14:14:24.0001 0x1584  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:14:24.0032 0x1584  WUDFRd - ok
14:14:24.0048 0x1584  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:14:24.0063 0x1584  wudfsvc - ok
14:14:24.0095 0x1584  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:14:24.0110 0x1584  WwanSvc - ok
14:14:24.0141 0x1584  X6va011 - ok
14:14:24.0173 0x1584  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
14:14:24.0204 0x1584  xnacc - ok
14:14:24.0235 0x1584  [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
14:14:24.0235 0x1584  xusb21 - ok
14:14:24.0251 0x1584  ================ Scan global ===============================
14:14:24.0344 0x1584  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:14:24.0391 0x1584  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
14:14:24.0407 0x1584  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
14:14:24.0438 0x1584  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:14:24.0453 0x1584  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:14:24.0469 0x1584  [ Global ] - ok
14:14:24.0469 0x1584  ================ Scan MBR ==================================
14:14:24.0485 0x1584  [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
14:14:25.0764 0x1584  \Device\Harddisk0\DR0 - ok
14:14:25.0764 0x1584  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:14:25.0935 0x1584  \Device\Harddisk1\DR1 - ok
14:14:27.0745 0x188c  Object send P2P result: true
14:14:27.0745 0x188c  Object required for P2P: [ 9ADA53D2178EFA0C21FDD1F6002145C5 ] Stereo Service
14:14:28.0338 0x1584  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
14:14:29.0601 0x1584  \Device\Harddisk2\DR2 - ok
14:14:29.0601 0x1584  ================ Scan VBR ==================================
14:14:29.0601 0x1584  [ E4C921038BD393443DD7B601CBFD35F2 ] \Device\Harddisk0\DR0\Partition1
14:14:29.0648 0x1584  \Device\Harddisk0\DR0\Partition1 - ok
14:14:29.0648 0x1584  [ CE57F32E2EF07FF5284F691B9D319E07 ] \Device\Harddisk1\DR1\Partition1
14:14:29.0695 0x1584  \Device\Harddisk1\DR1\Partition1 - ok
14:14:29.0711 0x1584  [ 5AEABEB53C0CE39CE2EBDDEC71490F74 ] \Device\Harddisk1\DR1\Partition2
14:14:29.0742 0x1584  \Device\Harddisk1\DR1\Partition2 - ok
14:14:29.0742 0x1584  [ 5070916E2DAF3B5F9EBEE24EB219A312 ] \Device\Harddisk1\DR1\Partition3
14:14:29.0757 0x1584  \Device\Harddisk1\DR1\Partition3 - ok
14:14:29.0757 0x1584  [ ED2422A4F2B7D4B4B93EAF5592A65D1C ] \Device\Harddisk2\DR2\Partition1
14:14:29.0820 0x1584  \Device\Harddisk2\DR2\Partition1 - ok
14:14:29.0820 0x1584  ================ Scan generic autorun ======================
14:14:29.0976 0x1584  [ F46CCD97F316503A73FCED4686F222BB, 141840DAD9D75644FCCECB2B1B6338AFCFA3634442B5B9B8B7991048D38131DC ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
14:14:30.0054 0x1584  RTHDVCPL - ok
14:14:30.0101 0x1584  [ 3FA1825AE6888619DCEC0859F0F6A664, 643A08264DF0F351E952781D4D84724A6231316A40C066C5E49DC0E6CC28A475 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
14:14:30.0116 0x1584  RtHDVBg_DTS - ok
14:14:30.0319 0x1584  [ 568AF5AB79BC0CA3FDDD49C03363F605, A9D74EB4B4B063B509CCDECA4E9E988A969E635A608CBFA51B9147719CBF3DE1 ] C:\Program Files\Logitech Gaming Software\LCore.exe
14:14:30.0444 0x1584  Launch LCore - ok
14:14:30.0522 0x1584  [ 90AC42BBCDF908DD576853CB5CACA761, DACDE2E100970229CA219D2640B483E955A22C45F34BC494BDF92F974C6DB611 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
14:14:30.0553 0x1584  NvBackend - ok
14:14:30.0569 0x1584  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
14:14:30.0584 0x1584  ShadowPlay - ok
14:14:30.0631 0x1584  [ ED43758BF94B8A5221D69F1B7F63F13D, F6E7418823E45085F4D4F50DD25A55ED517C0A335C6C2F69A1139B30677D3DA9 ] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
14:14:30.0647 0x1584  XboxStat - ok
14:14:30.0678 0x1584  [ 6BA8D86746935498D64CB5CF6286F2EB, E47D1DEE39451428344233DB15412BCB486C4F6FE1D0426F20AA4C6245387926 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
14:14:30.0693 0x1584  USB3MON - ok
14:14:30.0709 0x1584  [ 5514B64F7F2D25E09E2FDAF5D62B688C, 43263715ADC49250762A01E41DB2832C6A8B63CE4F66CDD8FC0B51DCA031DF27 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
14:14:30.0725 0x1584  IAStorIcon - ok
14:14:30.0818 0x1584  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
14:14:30.0896 0x1584  AvastUI.exe - ok
14:14:30.0959 0x1584  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:14:30.0990 0x1584  Adobe ARM - ok
14:14:31.0005 0x1584  [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
14:14:31.0021 0x1584  LWS - ok
14:14:31.0052 0x1584  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:14:31.0083 0x1584  Sidebar - ok
14:14:31.0099 0x1584  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:14:31.0130 0x1584  mctadmin - ok
14:14:31.0146 0x1584  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:14:31.0161 0x1584  Sidebar - ok
14:14:31.0161 0x1584  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:14:31.0177 0x1584  mctadmin - ok
14:14:31.0255 0x1584  [ 7F60FAE3DF4832DFA65A029011A7959F, 7CBA677157F797136811BBB45C471026453838BE3D7BDBF8B839DF3A54F936F8 ] E:\Program Files (x86)\Steam\steam.exe
14:14:31.0286 0x1584  Steam - ok
14:14:31.0629 0x1584  [ D2DB27182DABB702260922BB42FA3326, 3F2F446582DF841BB656F346C9491BED7AF9D555538A80E80F0DA979A07EE071 ] C:\Program Files\CCleaner\CCleaner64.exe
14:14:31.0707 0x1584  CCleaner Monitoring - ok
14:14:31.0723 0x1584  Waiting for KSN requests completion. In queue: 124
14:14:32.0737 0x1584  Waiting for KSN requests completion. In queue: 124
14:14:33.0345 0x188c  Object send P2P result: true
14:14:33.0751 0x1584  Waiting for KSN requests completion. In queue: 89
14:14:34.0765 0x1584  Waiting for KSN requests completion. In queue: 18
14:14:35.0779 0x1584  Waiting for KSN requests completion. In queue: 18
14:14:36.0793 0x1584  Waiting for KSN requests completion. In queue: 18
14:14:37.0277 0x03f8  Object required for P2P: [ 7F60FAE3DF4832DFA65A029011A7959F ] E:\Program Files (x86)\Steam\steam.exe
14:14:37.0807 0x1584  Waiting for KSN requests completion. In queue: 3
14:14:38.0821 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:39.0835 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:40.0849 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:41.0863 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:42.0877 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:43.0891 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:44.0905 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:45.0919 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:46.0933 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:47.0947 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:48.0961 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:49.0975 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:50.0989 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:52.0003 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:53.0017 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:54.0031 0x1584  Waiting for KSN requests completion. In queue: 2
14:14:54.0312 0x03f8  Object send P2P result: true
14:14:55.0061 0x1584  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
14:14:55.0061 0x1584  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x40010 ( disabled )
14:15:00.0566 0x1584  ============================================================
14:15:00.0566 0x1584  Scan finished
14:15:00.0566 0x1584  ============================================================
14:15:00.0566 0x1084  Detected object count: 1
14:15:00.0566 0x1084  Actual detected object count: 1
         
Es gibt auch einen Fund:
Service: IDriverT
Soll ich ihn überspringen, in Quarantäne setzen oder löschen??
Oder soll ich "Restore default actions" klicken?

Und gerade wurde die FirewallAPI.dll mit Prozess TDSSKiller gemeldet.

Ich wollte mal fragen ob es eigentlich möglich wäre (ich möchte nicht den einfachsten Weg wählen sondern auch wissen mit was wir es hier zu tun haben), aber wäre es möglich beim im schlimmsten Fall nicht möglichem reparieren der infizierten FirewallAPI.dll, diese zu ersetzen??

Alt 15.11.2014, 13:23   #8
M-K-D-B
/// TB-Ausbilder
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Zitat:
Zitat von RedMax88 Beitrag anzeigen
Ich wollte mal fragen ob es eigentlich möglich wäre (ich möchte nicht den einfachsten Weg wählen sondern auch wissen mit was wir es hier zu tun haben), aber wäre es möglich beim im schlimmsten Fall nicht möglichem reparieren der infizierten FirewallAPI.dll, diese zu ersetzen??
Theoretisch ja, sofern es "Ersatz" gibt.

Gut möglich, dass das Ganze auch nur eine Falschmeldung von Avast ist.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alt 15.11.2014, 13:38   #9
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Ich würde nut gerne wissen ob was ich da machen soll.
Hab noch die meldung vom TDSSKiller offen.
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich-tdssk.jpg (EDIT: Bin ich übersprungen um mit dem Combofix anzufangen)

inzwischen will Avast auch immer nach der FirewallAPI.dll Meldung den PC neustarten um den Virus beim Bootscan zu beseitigen, was aber nicht geht da er die FirewallAPI.dll nicht löschen kann.
Bin auch gerade beim neugierigem nachsehen wegen meiner Firefox Plugins draufgekommen dass das Avast! irgendwie deaktiviert wurde.
Hab es gleich wieder aktiviert wobei es jetzt fraglich ist ob es deaktiviert wurde weil der Prozess Firefox mit FirewallAPI.dll gemeldet wurde genauso wie die Windowsfirewall aktiv ist und nach der FirewallAPI.dll in Verbindung mit Tuneup laut Tuneup ausgeschalten ist.

Geändert von RedMax88 (15.11.2014 um 14:16 Uhr)

Alt 15.11.2014, 14:13   #10
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Firewall aus?? Wem soll ich glauben
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich-firewall-.jpg

ich will nicht spamen aber ich versuche die vorhandenen Infos weiter zu geben, vielleicht hilft es.

Alt 15.11.2014, 14:37   #11
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Frage am Rande:Um ComboFix downloaden zu können, musste ich Avast auschalten da er einen Virus diagnotiziert hat. Kommt die Falschmeldung vor da ComboFix eine Reihe von Arbeitsvorgängen eigenständigt abarbeitet oder hat es einen anderen Grund? (Programme verstehen lernen )

Combofix ausgeführt:

Code:
ATTFilter
ComboFix 14-11-15.01 - RedMax 15.11.2014  15:22:25.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.43.1033.18.16328.13089 [GMT 1:00]
ausgeführt von:: c:\users\RedMax\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 24 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\logboot_13.11.2014.tureg.log
c:\windows\wininit.ini
c:\windows\XSxS
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-15 bis 2014-11-15  ))))))))))))))))))))))))))))))
.
.
2014-11-15 14:29 . 2014-11-15 14:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-15 07:22 . 2014-11-15 07:23	--------	d-----w-	C:\FRST
2014-11-14 01:15 . 2014-11-14 01:15	319912	----a-w-	c:\windows\system32\javaws.exe
2014-11-14 01:15 . 2014-11-14 01:15	189352	----a-w-	c:\windows\system32\javaw.exe
2014-11-14 01:15 . 2014-11-14 01:15	189352	----a-w-	c:\windows\system32\java.exe
2014-11-14 01:15 . 2014-11-14 01:15	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-11-13 23:03 . 2014-11-13 23:03	37624	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2014-11-13 23:02 . 2014-11-13 23:03	--------	d-----w-	c:\programdata\RogueKiller
2014-11-13 22:18 . 2014-11-14 15:18	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-13 22:17 . 2014-11-13 22:17	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-11-13 22:17 . 2014-11-13 22:17	--------	d-----w-	c:\programdata\Malwarebytes
2014-11-13 22:17 . 2014-10-01 10:11	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-13 22:17 . 2014-10-01 10:11	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-13 22:17 . 2014-10-01 10:11	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-13 21:31 . 2014-11-13 21:43	--------	d-----w-	C:\AdwCleaner
2014-11-11 14:36 . 2014-10-03 19:23	38216	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-11-11 14:36 . 2014-10-03 19:23	32584	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-11-10 16:27 . 2014-11-03 20:25	615568	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-11-05 13:22 . 2014-10-30 04:53	1876296	----a-w-	c:\windows\system32\nvdispco6434460.dll
2014-11-05 13:22 . 2014-10-30 04:53	1539272	----a-w-	c:\windows\system32\nvdispgenco6434460.dll
2014-11-02 23:39 . 2014-11-02 23:43	--------	d-----w-	c:\users\RedMax\AppData\Roaming\.technic
2014-11-01 18:55 . 2014-11-01 18:56	--------	d-----w-	c:\users\RedMax\AppData\Roaming\Cubic
2014-11-01 15:37 . 2014-11-01 15:48	--------	d-----w-	c:\users\RedMax\AppData\Local\CSO
2014-11-01 15:37 . 2014-11-01 15:37	--------	d-----w-	c:\programdata\Nexon
2014-10-30 18:52 . 2014-10-30 18:52	--------	d-----w-	c:\users\RedMax\AppData\Local\GHOSTBUSTERS (tm)
2014-10-29 10:04 . 2014-10-16 16:54	1876296	----a-w-	c:\windows\system32\nvdispco6434448.dll
2014-10-29 10:04 . 2014-10-16 16:54	1539272	----a-w-	c:\windows\system32\nvdispgenco6434448.dll
2014-10-21 13:33 . 2014-10-21 13:33	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-10-21 13:33 . 2014-10-21 13:33	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-21 13:33 . 2014-10-21 13:33	--------	d-----w-	c:\program files (x86)\Java
2014-10-16 20:18 . 2014-10-16 20:18	--------	d-----w-	c:\program files (x86)\Sony
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 17:42 . 2012-12-10 01:07	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 17:42 . 2012-12-10 01:07	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-06 17:06 . 2014-06-28 19:30	1291280	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-11-06 17:06 . 2014-01-15 22:55	2197680	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-11-06 17:06 . 2014-06-28 19:30	1715224	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-11-06 17:06 . 2014-01-15 22:55	2800296	----a-w-	c:\windows\system32\nvspcap64.dll
2014-11-04 00:04 . 2014-01-15 22:54	73872	----a-w-	c:\windows\system32\OpenCL.dll
2014-11-04 00:04 . 2014-01-15 22:54	59592	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-11-04 00:04 . 2014-01-15 22:53	987520	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-11-04 00:04 . 2014-01-15 22:53	3238040	----a-w-	c:\windows\system32\nvapi64.dll
2014-11-04 00:04 . 2014-01-15 22:53	2849736	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-11-04 00:04 . 2014-01-15 22:53	20985544	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-11-04 00:04 . 2014-01-15 22:53	19966344	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-11-04 00:04 . 2014-01-15 22:53	16884632	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-11-03 22:02 . 2014-01-15 22:54	6882448	----a-w-	c:\windows\system32\nvcpl.dll
2014-11-03 22:02 . 2014-01-15 22:54	3531464	----a-w-	c:\windows\system32\nvsvc64.dll
2014-11-03 22:02 . 2014-01-15 22:54	935232	----a-w-	c:\windows\system32\nvvsvc.exe
2014-11-03 22:02 . 2014-01-15 22:54	61640	----a-w-	c:\windows\system32\nvshext.dll
2014-11-03 22:02 . 2014-01-15 22:54	385352	----a-w-	c:\windows\system32\nvmctray.dll
2014-11-03 22:02 . 2014-01-15 22:54	2558792	----a-w-	c:\windows\system32\nvsvcr.dll
2014-11-03 11:58 . 2014-01-15 22:54	4099264	----a-w-	c:\windows\system32\nvcoproc.bin
2014-10-03 19:23 . 2014-01-15 22:53	35144	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-09-24 10:33 . 2009-08-18 11:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-09-24 10:33 . 2009-08-18 10:24	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-17 04:51 . 2014-09-19 08:37	31520	----a-w-	c:\windows\system32\nvhdap64.dll
2014-09-17 04:51 . 2014-09-19 08:37	197408	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2014-09-17 04:51 . 2014-01-15 22:53	1538880	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2014-09-13 23:48 . 2014-09-19 08:37	1876296	----a-w-	c:\windows\system32\nvdispco6434411.dll
2014-09-13 23:48 . 2014-09-19 08:37	1539272	----a-w-	c:\windows\system32\nvdispgenco6434411.dll
2014-09-03 14:54 . 2014-09-03 14:54	53248	----a-r-	c:\users\RedMax\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-08-31 14:02 . 2014-05-18 21:00	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-08-31 14:02 . 2012-12-10 16:43	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program files (x86)\Steam\steam.exe" [2014-11-12 1940160]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-29 6501656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Inhaltsmanager-Assistent für PlayStation(R).lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2014-9-16 3696248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BambooCore"=c:\program files (x86)\Bamboo Dock\BambooCore.exe
"LogMeIn Hamachi Ui"="d:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"KiesTrayAgent"=d:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Garmin Core Update Service;Garmin Core Update Service;d:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;d:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
R3 Origin Client Service;Origin Client Service;e:\program files (x86)\Origin\OriginClientService.exe;e:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R4 WTabletServiceCon;Wacom Consumer Service;c:\program files\TABLET\PEN\WTABLETSERVICECON.EXE;c:\program files\TABLET\PEN\WTABLETSERVICECON.EXE [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TUNEUP UTILITIES 2014\TUNEUPUTILITIESSERVICE64.EXE;d:\program files (x86)\TUNEUP UTILITIES 2014\TUNEUPUTILITIESSERVICE64.EXE [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TUNEUP UTILITIES 2014\TuneUpUtilitiesDriver64.sys;d:\program files (x86)\TUNEUP UTILITIES 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 52167724
*NewlyCreated* - 76910060
*Deregistered* - 52167724
*Deregistered* - 76910060
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-10 17:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-22 21:43	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\RedMax\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-05-15 6470760]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-05-11 1175656]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-02 10464536]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\RedMax\AppData\Roaming\Mozilla\Firefox\Profiles\mcwo6oe9.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-CopyTrans Suite - c:\users\RedMax\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3268893772-689285336-3042597260-1000\Software\SecuROM\License information*]
"datasecu"=hex:5f,0f,4c,c3,dc,b9,1b,69,4f,11,55,b0,ba,68,37,6c,aa,d1,41,4f,71,
   aa,6b,08,ca,23,7e,f4,79,21,fb,a3,cd,d6,9d,24,6a,2f,a1,17,22,2c,8c,aa,b8,fb,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-15  15:36:32
ComboFix-quarantined-files.txt  2014-11-15 14:36
.
Vor Suchlauf: 11 Verzeichnis(se), 71.031.934.976 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 71.064.326.144 Bytes frei
.
- - End Of File - - 1DBBB0B8F9BE86C15AE45AD771FBCB30
         

Geändert von RedMax88 (15.11.2014 um 14:43 Uhr)

Alt 15.11.2014, 15:18   #12
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Ich weiß jetzt nicht ob das hilfreich war, aber nach dem ComboFix wurde von Tuneup gemeldet das die Administrative Freigabe auf alle Laufwerke im Netzwerk (1zu1 weiß ich leider nicht den Wortlaut) aktive ist und empfohlen wird diese zu deaktivieren, was ich auch getan hab.
Hoffe jetzt nicht wo reingepfuscht zu haben.

Des weiteren meldet Tuneup dass die Firewall deaktiviert ist, welche in den Windows Einstellungen aber aktiv ist.

WEITERE NEUE INFO: Habe gerade durch die Avast Meldung (vermutlich duch dein weiteres Virendatenbank Update) erfahren dass es sich bei der FirewallAPI.dll nun um einen Win32:Malware-gen handelt. Also nicht mehr wie zuvor ein Win32:Evo-gen[susp].
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich-firewallapi.jpg

Hoffe diese Neuigkeit hilft weiter.

Alt 15.11.2014, 15:45   #13
M-K-D-B
/// TB-Ausbilder
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Servus,


Avast deaktiveren!



Dann folgendes tun:



Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\Windows\SysWOW64\FirewallAPI.dll
             
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.



Avast wieder aktivieren!

Alt 15.11.2014, 15:52   #14
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



erledigt

https://www.virustotal.com/de/file/6a20b9a886eb106fd1126d29743dcc68b480957f038bc59082973703adbde332/analysis/1416066689/

Alt 15.11.2014, 15:59   #15
M-K-D-B
/// TB-Ausbilder
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich



Servus,


ich glaube ja immer noch, dass das ein Fehlalarm ist, da bei den meisten "Trojan.Generic.11908578" steht... was bedeutet, dass alle diese Hersteller die gleiche Datenbank haben... Zudem bedeutet "generic" , dass es eine generische Erkennung ist, also keine bestimmte Signatur, sondern nur aufgrund ähnlicher Muster wie andere schädliche Dateien... hier gibt es oft Falschmeldungen...

mal schauen, was SystemLook sagt:


Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :file
    C:\Windows\SysWOW64\FirewallAPI.dll
    
    :filefind
    *FirewallAPI.dll*
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.


Antwort

Themen zu Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich
antivirus, c:\windows, ccleaner, empfehlen, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 22, fehlercode windows, festplatte, folgen, licht, meldung, nichts, programme, prozess, steam, tablet, this device is disabled. (code 22), update, verbindung, virendatenbank, virustotal, win32, win32/toolbar.babylon.e, win32/toolbar.conduit, windows



Ähnliche Themen: Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich


  1. Avast meldet Problem "Android:Evo-gen [Susp]"
    Smartphone, Tablet & Handy Security - 20.09.2015 (3)
  2. Nach USB-Stick: Avast meldet blockieren der Websites disorderstatus.ru und diferentia.ru; Prozess windows\SysWOW64\msiexec
    Log-Analyse und Auswertung - 14.09.2015 (13)
  3. Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"
    Log-Analyse und Auswertung - 13.07.2015 (17)
  4. Avast blockiert wiederholt "Infektion" Win32:Evo-gen [Susp]
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (5)
  5. Avast Meldung Win32:Evo-gen [susp]
    Log-Analyse und Auswertung - 30.01.2015 (15)
  6. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.01.2015 (11)
  7. Avast meldet bei Visual Studio einen Virus namens Win32.EvoGen [susp]
    Log-Analyse und Auswertung - 13.10.2014 (4)
  8. Avast findet ständig Win32:Evo-gen [Susp]
    Log-Analyse und Auswertung - 11.09.2014 (7)
  9. Windows XP Avast: Win32:Evo-gen [Susp]
    Log-Analyse und Auswertung - 27.08.2014 (24)
  10. Win32:Evo-gen (Susp) wenn ich ein bestimmtes Programm öffne meldet sich Avast
    Log-Analyse und Auswertung - 24.07.2014 (7)
  11. Avast Free Antivirus 2014 meldet Win32:Evo-gen [Susp] Programm GeForce Experience
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (14)
  12. Win 8 (64bit): Avast meldet "FileRepMalware" & "Win32:evo-gen [Susp]"
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (20)
  13. Zuerst avast Warnung wegen win32:evo-gen susp, dann hat Malwarebytes 2 infizierte Dateien gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (9)
  14. avast! Mail-Schutz meldet Win32:Evo-gen [Susp]
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (3)
  15. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Log-Analyse und Auswertung - 14.11.2012 (5)
  16. Avast findet Win32:BogEnt [Susp]
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (11)

Zum Thema Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Wer kann helfen? Seit gestern dem 13.11.14 (da wurde auch das Avast Virendatenbank Update veöffentlicht) habe ich von Avast eine Meldung welche C:\Windows\SysWOW64\FirewallAPI.dll mit einem "Win32:Evo-gen[Susp]". Zuerst wurde der Prozess - Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich...
Archiv
Du betrachtest: Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.