Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ordner Spacekace in Laufwerk C. Gefährlich? (https://www.trojaner-board.de/158361-ordner-spacekace-laufwerk-c-gefaehrlich.html)

Prejudice 06.09.2014 16:37

Ordner Spacekace in Laufwerk C. Gefährlich?
 
Hallo,

ich habe eben bemerkt, dass ich auf dem Laufwerk C einen Ordner mit der Bezeichnung Spacekace habe. Dieser ist mir neu. In dem Ordner befindet sich nur die Datei "deliverysystem-log.log". Eine Suche mit Google hat mir Angst vor einer Infektion mit einem Rootkit gemacht.

Hier die Malwarebyte (findet nichts) und FRST Logs...

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 06.09.2014
Suchlauf-Zeit: 15:14:09
Logdatei: das.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.06.02
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: xxx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 327828
Verstrichene Zeit: 9 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST.txt...
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by Nico (administrator) on NICO-PC on 06-09-2014 15:36:47
Running from C:\Users\Nico\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4944\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-07-26] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2048815063-3532768989-2356643285-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2048815063-3532768989-2356643285-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {74F9432C-AA05-4FB6-867D-BD2D30880251} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {74F9432C-AA05-4FB6-867D-BD2D30880251} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: Default -> 309322B7DACB4EEE2B3EF58AC6A1A5B8000C7767C0F3BDC348956BB7A8F1AF8B
CHR DefaultSearchKeyword: Default -> DDF7DD28148308F6FA6A9F16A9758D4081E7A354CD81BFA25229213B1BD82B56
CHR DefaultSearchProvider: Default -> B05EB190E7A662CFD2ECAECAC3862C75BA718B005A769F04C97091678E147B07
CHR DefaultSearchURL: Default -> 06AD2463E0DC38E71606B1210B4B3A51A9FD521ADE7DF14ECCA9C6312A612358
CHR Profile: C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11]
CHR Extension: (Google Drive) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (Adblock Plus) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-11]
CHR Extension: (Google-Suche) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR Extension: (Google Mail) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-09-05] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-07-26] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 15:37 - 2014-09-06 15:37 - 00380416 _____ () C:\Users\Nico\Downloads\j4f4yrz3.exe
2014-09-06 15:36 - 2014-09-06 15:37 - 00015374 _____ () C:\Users\Nico\Downloads\FRST.txt
2014-09-06 15:36 - 2014-09-06 15:36 - 02104832 _____ (Farbar) C:\Users\Nico\Downloads\FRST64.exe
2014-09-06 15:36 - 2014-09-06 15:36 - 00000000 ____D () C:\FRST
2014-09-06 15:34 - 2014-09-06 15:34 - 01096704 _____ (Farbar) C:\Users\Nico\Downloads\FRST.exe
2014-09-06 15:30 - 2014-09-06 15:30 - 00001154 _____ () C:\Users\Nico\Desktop\das.txt
2014-09-05 18:45 - 2014-09-05 18:45 - 00000934 _____ () C:\Users\Nico\Desktop\Sweet Home 3D.lnk
2014-09-05 18:45 - 2014-09-05 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2014-09-05 18:45 - 2014-09-05 18:45 - 00000000 ____D () C:\Program Files\Sweet Home 3D
2014-09-05 18:43 - 2014-09-05 18:43 - 41573088 _____ (eTeks ) C:\Users\Nico\Downloads\SweetHome3D-4.4-windows-oc.exe
2014-09-05 12:56 - 2014-09-05 12:56 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-09-05 12:56 - 2014-09-05 12:56 - 00000000 ____D () C:\ProgramData\BitRaider
2014-09-05 12:55 - 2014-09-05 12:55 - 00001439 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-05 12:54 - 2014-09-05 12:55 - 00014271 _____ () C:\Users\Nico\Documents\Install STAR WARS The Old Republic.log
2014-09-05 12:53 - 2014-09-05 12:54 - 29720272 _____ () C:\Users\Nico\Downloads\SWTOR_setup.exe
2014-09-03 23:49 - 2014-09-03 23:50 - 00001103 _____ () C:\Users\Public\Desktop\Diablo II.lnk
2014-09-03 23:49 - 2014-09-03 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-09-03 23:49 - 2014-09-03 23:50 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-09-03 23:15 - 2014-09-03 23:15 - 02679048 _____ (Blizzard Entertainment) C:\Users\Nico\Downloads\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
2014-09-03 23:14 - 2014-09-03 23:14 - 02766595 _____ (Blizzard Entertainment) C:\Users\Nico\Downloads\Downloader_Diablo2_deDE.exe
2014-09-03 14:02 - 2014-09-03 14:02 - 00004146 _____ () C:\Windows\System32\Tasks\Definitionsupdate Microsoft Security Essentials
2014-09-03 13:47 - 2014-09-03 13:47 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-03 13:47 - 2014-09-03 13:47 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-03 13:47 - 2014-09-03 13:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Guild Wars 2
2014-09-02 11:43 - 2014-09-02 11:43 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-09-02 11:43 - 2014-09-02 11:43 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-02 11:16 - 2014-09-02 11:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 11:15 - 2014-09-02 11:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 11:08 - 2014-09-02 11:08 - 00000000 ____D () C:\Users\Nico\Documents\Diablo III
2014-09-01 22:25 - 2014-09-01 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-01 22:23 - 2014-09-02 11:07 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-01 22:11 - 2014-09-01 22:11 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-01 21:21 - 2014-09-03 13:35 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Panda Security
2014-09-01 21:20 - 2014-09-03 13:40 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-09-01 21:19 - 2014-09-03 13:35 - 00000000 ____D () C:\ProgramData\Panda Security
2014-08-31 03:48 - 2014-08-31 03:48 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-31 02:43 - 2014-08-31 02:50 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Curse Client
2014-08-31 02:43 - 2014-08-31 02:43 - 00001028 _____ () C:\Users\Nico\Desktop\Curse.lnk
2014-08-31 02:43 - 2014-08-31 02:43 - 00001014 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-08-30 12:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-30 12:04 - 2014-09-02 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-30 12:04 - 2014-08-30 12:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-30 12:03 - 2014-08-30 12:03 - 00000000 ____D () C:\Program Files\Java
2014-08-30 11:57 - 2014-08-30 11:57 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-30 11:57 - 2014-08-30 11:57 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-30 11:46 - 2014-08-30 11:47 - 01364531 _____ () C:\Users\Nico\Desktop\adwcleaner_3.308.exe
2014-08-30 11:36 - 2014-08-30 11:36 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-30 10:37 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 10:37 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 10:37 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 14:39 - 2014-08-17 15:42 - 00000000 ____D () C:\Users\Nico\AppData\Local\Microsoft Game Studios
2014-08-17 14:38 - 2014-08-17 15:43 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-08-17 14:37 - 2014-08-17 15:43 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft Game Studios
2014-08-17 13:35 - 2014-08-17 13:44 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Apple Computer
2014-08-17 13:35 - 2014-08-17 13:35 - 00000000 ____D () C:\Users\Nico\AppData\Local\Apple Computer
2014-08-17 13:34 - 2014-08-30 11:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-17 13:34 - 2014-08-17 13:34 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-17 13:33 - 2014-08-17 13:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\Apple
2014-08-17 13:32 - 2014-08-30 11:30 - 00000000 ____D () C:\ProgramData\Apple
2014-08-14 20:19 - 2014-08-30 10:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\FreePDF_XP
2014-08-14 20:17 - 2014-08-18 12:09 - 00000000 ____D () C:\Users\Nico\Desktop\BA
2014-08-14 20:10 - 2014-08-14 20:10 - 00000000 ____D () C:\Users\Nico\AppData\Local\PDF24
2014-08-14 11:47 - 2014-08-14 11:47 - 00000000 ____D () C:\Users\Nico\AppData\Local\Secunia PSI
2014-08-14 11:42 - 2014-08-14 11:42 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-13 15:54 - 2014-08-13 15:54 - 00000000 ____D () C:\Users\Nico\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-13 15:07 - 2014-08-18 21:03 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico-PC-Nico Nico-PC
2014-08-13 15:01 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 15:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 15:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 15:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 15:01 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 15:01 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 15:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 15:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 13:16 - 2014-08-13 13:16 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-13 13:07 - 2014-08-30 11:37 - 00000000 ____D () C:\ProgramData\FreePDF
2014-08-13 13:07 - 2014-08-30 11:37 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2014-08-13 13:06 - 2014-08-13 13:06 - 00000000 ____D () C:\Program Files\gs
2014-08-13 13:00 - 2014-08-13 13:00 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-13 12:57 - 2014-08-13 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-13 12:55 - 2014-08-30 10:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-13 12:46 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 12:46 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 12:46 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 12:46 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 12:46 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 12:46 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 12:46 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 12:45 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 12:45 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 12:45 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 12:45 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 12:45 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 12:45 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 12:45 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 12:45 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 12:45 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 12:45 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 12:45 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 12:45 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 12:45 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 12:45 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 12:45 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 12:45 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 12:45 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 12:45 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 12:45 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 12:45 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 12:45 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 12:45 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 12:45 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 12:45 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 12:45 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 12:45 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 12:45 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 12:45 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 12:45 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 12:45 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 12:45 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 12:45 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 12:45 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 12:45 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 12:45 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 12:45 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 12:45 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 12:45 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 12:45 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 12:45 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 12:45 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 12:45 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 12:45 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 12:45 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 12:45 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 12:45 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 12:45 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 12:45 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 12:45 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 12:45 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 12:45 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 12:45 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 12:45 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 12:45 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 12:45 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 12:45 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 12:45 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 12:45 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 12:45 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 12:45 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 12:45 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 12:45 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 12:45 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 12:45 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 12:45 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 12:45 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 12:45 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 12:45 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 12:44 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 12:44 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 12:44 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 12:44 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 14:30 - 2014-08-12 14:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\The Lord of the Rings Online
2014-08-11 22:33 - 2014-08-12 13:28 - 00000000 ____D () C:\Users\Nico\AppData\Local\Turbine
2014-08-11 22:31 - 2014-08-11 22:31 - 00000000 ____D () C:\Program Files (x86)\Turbine
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 20:04 - 2014-09-06 15:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 20:04 - 2014-09-06 10:22 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 20:04 - 2014-08-30 11:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-11 20:04 - 2014-08-18 19:42 - 00000000 ____D () C:\Users\Nico\AppData\Local\Google
2014-08-11 20:04 - 2014-08-11 20:04 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-11 20:04 - 2014-08-11 20:04 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-10 22:48 - 2014-08-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Flixster
2014-08-10 22:39 - 2014-08-12 14:29 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\dvdcss
2014-08-10 18:06 - 2014-08-10 22:44 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-08-08 17:06 - 2014-08-09 18:06 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Origin
2014-08-08 17:04 - 2014-08-10 20:11 - 00000000 ____D () C:\ProgramData\Origin
2014-08-08 13:28 - 2014-08-08 13:28 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\NVIDIA

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 15:37 - 2014-09-06 15:37 - 00380416 _____ () C:\Users\Nico\Downloads\j4f4yrz3.exe
2014-09-06 15:37 - 2014-09-06 15:36 - 00015374 _____ () C:\Users\Nico\Downloads\FRST.txt
2014-09-06 15:37 - 2014-04-10 21:00 - 00000000 ____D () C:\Users\Nico\AppData\Local\Battle.net
2014-09-06 15:36 - 2014-09-06 15:36 - 02104832 _____ (Farbar) C:\Users\Nico\Downloads\FRST64.exe
2014-09-06 15:36 - 2014-09-06 15:36 - 00000000 ____D () C:\FRST
2014-09-06 15:34 - 2014-09-06 15:34 - 01096704 _____ (Farbar) C:\Users\Nico\Downloads\FRST.exe
2014-09-06 15:30 - 2014-09-06 15:30 - 00001154 _____ () C:\Users\Nico\Desktop\das.txt
2014-09-06 15:14 - 2014-06-16 16:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 15:13 - 2014-04-10 20:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-06 15:09 - 2014-08-11 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 15:01 - 2014-04-09 03:05 - 01291747 ____N () C:\Windows\WindowsUpdate.log
2014-09-06 11:05 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 11:05 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 10:22 - 2014-08-11 20:04 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 10:22 - 2014-04-21 17:31 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-06 10:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 18:45 - 2014-09-05 18:45 - 00000934 _____ () C:\Users\Nico\Desktop\Sweet Home 3D.lnk
2014-09-05 18:45 - 2014-09-05 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2014-09-05 18:45 - 2014-09-05 18:45 - 00000000 ____D () C:\Program Files\Sweet Home 3D
2014-09-05 18:43 - 2014-09-05 18:43 - 41573088 _____ (eTeks ) C:\Users\Nico\Downloads\SweetHome3D-4.4-windows-oc.exe
2014-09-05 12:56 - 2014-09-05 12:56 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-09-05 12:56 - 2014-09-05 12:56 - 00000000 ____D () C:\ProgramData\BitRaider
2014-09-05 12:55 - 2014-09-05 12:55 - 00001439 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-05 12:55 - 2014-09-05 12:54 - 00014271 _____ () C:\Users\Nico\Documents\Install STAR WARS The Old Republic.log
2014-09-05 12:55 - 2014-07-13 15:38 - 00000000 _____ () C:\end
2014-09-05 12:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-05 12:54 - 2014-09-05 12:53 - 29720272 _____ () C:\Users\Nico\Downloads\SWTOR_setup.exe
2014-09-05 10:22 - 2014-07-22 18:27 - 00253440 ___SH () C:\Users\Nico\Desktop\Thumbs.db
2014-09-04 10:58 - 2009-07-14 06:45 - 05069424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-03 23:50 - 2014-09-03 23:49 - 00001103 _____ () C:\Users\Public\Desktop\Diablo II.lnk
2014-09-03 23:50 - 2014-09-03 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-09-03 23:50 - 2014-09-03 23:49 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-09-03 23:50 - 2014-06-24 22:11 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-03 23:15 - 2014-09-03 23:15 - 02679048 _____ (Blizzard Entertainment) C:\Users\Nico\Downloads\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
2014-09-03 23:14 - 2014-09-03 23:14 - 02766595 _____ (Blizzard Entertainment) C:\Users\Nico\Downloads\Downloader_Diablo2_deDE.exe
2014-09-03 23:14 - 2014-04-09 07:07 - 00000000 ____D () C:\Users\Nico
2014-09-03 15:14 - 2014-04-09 19:49 - 00000000 ____D () C:\Users\Nico\AppData\Local\PMB Files
2014-09-03 14:44 - 2014-04-09 19:49 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-03 14:02 - 2014-09-03 14:02 - 00004146 _____ () C:\Windows\System32\Tasks\Definitionsupdate Microsoft Security Essentials
2014-09-03 13:47 - 2014-09-03 13:47 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-03 13:47 - 2014-09-03 13:47 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-03 13:47 - 2014-09-03 13:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-03 13:47 - 2014-06-24 17:28 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-03 13:47 - 2014-04-09 14:40 - 00139816 _____ () C:\Users\Nico\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-03 13:46 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Nico\Documents\CCleaner
2014-09-03 13:45 - 2014-04-11 13:18 - 00000000 ____D () C:\Windows\Minidump
2014-09-03 13:40 - 2014-09-01 21:20 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-09-03 13:35 - 2014-09-01 21:21 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Panda Security
2014-09-03 13:35 - 2014-09-01 21:19 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Guild Wars 2
2014-09-02 11:43 - 2014-09-02 11:43 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-09-02 11:43 - 2014-09-02 11:43 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-02 11:16 - 2014-04-09 17:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-02 11:15 - 2014-09-02 11:16 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 11:15 - 2014-09-02 11:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 11:15 - 2014-08-30 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-02 11:08 - 2014-09-02 11:08 - 00000000 ____D () C:\Users\Nico\Documents\Diablo III
2014-09-02 11:07 - 2014-09-01 22:23 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-01 22:25 - 2014-09-01 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-01 22:11 - 2014-09-01 22:11 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-31 03:50 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\AVAST Software
2014-08-31 03:50 - 2014-07-12 19:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 03:50 - 2014-07-12 19:53 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 03:48 - 2014-08-31 03:48 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-31 02:50 - 2014-08-31 02:43 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Curse Client
2014-08-31 02:43 - 2014-08-31 02:43 - 00001028 _____ () C:\Users\Nico\Desktop\Curse.lnk
2014-08-31 02:43 - 2014-08-31 02:43 - 00001014 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-08-30 12:13 - 2014-06-26 17:18 - 00000000 ____D () C:\AdwCleaner
2014-08-30 12:04 - 2014-08-30 12:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-30 12:03 - 2014-08-30 12:03 - 00000000 ____D () C:\Program Files\Java
2014-08-30 11:57 - 2014-08-30 11:57 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-30 11:57 - 2014-08-30 11:57 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-30 11:47 - 2014-08-30 11:46 - 01364531 _____ () C:\Users\Nico\Desktop\adwcleaner_3.308.exe
2014-08-30 11:45 - 2014-04-10 21:03 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-30 11:44 - 2014-04-24 19:52 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-08-30 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-30 11:40 - 2014-08-17 13:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-30 11:38 - 2014-08-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-30 11:37 - 2014-08-13 13:07 - 00000000 ____D () C:\ProgramData\FreePDF
2014-08-30 11:37 - 2014-08-13 13:07 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2014-08-30 11:37 - 2014-04-25 17:57 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\DVDVideoSoft
2014-08-30 11:36 - 2014-08-30 11:36 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-30 11:35 - 2014-07-13 13:36 - 00000000 ____D () C:\Users\Nico\AppData\Local\Deployment
2014-08-30 11:30 - 2014-08-17 13:32 - 00000000 ____D () C:\ProgramData\Apple
2014-08-30 11:20 - 2011-03-20 11:08 - 00698980 _____ () C:\Windows\system32\perfh007.dat
2014-08-30 11:20 - 2011-03-20 11:08 - 00149088 _____ () C:\Windows\system32\perfc007.dat
2014-08-30 11:20 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 11:19 - 2014-04-10 18:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-30 11:19 - 2014-04-09 16:45 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Adobe
2014-08-30 11:18 - 2014-04-10 18:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-30 11:17 - 2014-06-24 16:56 - 00000000 ____D () C:\Users\Nico\AppData\Local\Adobe
2014-08-30 11:16 - 2014-04-09 17:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-30 10:40 - 2014-08-13 12:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-30 10:30 - 2014-08-14 20:19 - 00000000 ____D () C:\Users\Nico\AppData\Local\FreePDF_XP
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-30 10:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 10:37 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 10:37 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 21:03 - 2014-08-13 15:07 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico-PC-Nico Nico-PC
2014-08-18 20:51 - 2014-07-12 19:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-18 19:42 - 2014-08-11 20:04 - 00000000 ____D () C:\Users\Nico\AppData\Local\Google
2014-08-18 12:09 - 2014-08-14 20:17 - 00000000 ____D () C:\Users\Nico\Desktop\BA
2014-08-17 15:43 - 2014-08-17 14:38 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-08-17 15:43 - 2014-08-17 14:37 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft Game Studios
2014-08-17 15:42 - 2014-08-17 14:39 - 00000000 ____D () C:\Users\Nico\AppData\Local\Microsoft Game Studios
2014-08-17 13:44 - 2014-08-17 13:35 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Apple Computer
2014-08-17 13:35 - 2014-08-17 13:35 - 00000000 ____D () C:\Users\Nico\AppData\Local\Apple Computer
2014-08-17 13:34 - 2014-08-17 13:34 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-17 13:33 - 2014-08-17 13:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\Apple
2014-08-14 20:10 - 2014-08-14 20:10 - 00000000 ____D () C:\Users\Nico\AppData\Local\PDF24
2014-08-14 12:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 11:47 - 2014-08-14 11:47 - 00000000 ____D () C:\Users\Nico\AppData\Local\Secunia PSI
2014-08-14 11:42 - 2014-08-14 11:42 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-14 11:41 - 2014-07-26 15:29 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nico)
2014-08-13 19:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 17:43 - 2014-06-15 22:52 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\vlc
2014-08-13 15:54 - 2014-08-13 15:54 - 00000000 ____D () C:\Users\Nico\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-13 15:10 - 2014-04-09 12:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:06 - 2014-04-09 12:46 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 15:00 - 2014-04-30 09:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 13:16 - 2014-08-13 13:16 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-13 13:06 - 2014-08-13 13:06 - 00000000 ____D () C:\Program Files\gs
2014-08-13 13:01 - 2014-08-13 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-13 13:00 - 2014-08-13 13:00 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-13 13:00 - 2014-06-05 13:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-13 12:57 - 2014-04-09 07:07 - 00000000 ____D () C:\Users\Nico\AppData\Local\VirtualStore
2014-08-13 12:52 - 2014-06-05 13:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 12:51 - 2010-11-21 09:16 - 00000000 ____D () C:\Windows\ShellNew
2014-08-12 14:40 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-12 14:30 - 2014-08-12 14:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\The Lord of the Rings Online
2014-08-12 14:29 - 2014-08-10 22:39 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\dvdcss
2014-08-12 13:28 - 2014-08-11 22:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\Turbine
2014-08-11 22:31 - 2014-08-11 22:31 - 00000000 ____D () C:\Program Files (x86)\Turbine
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 20:04 - 2014-08-11 20:04 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-11 20:04 - 2014-08-11 20:04 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-10 22:48 - 2014-08-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Flixster
2014-08-10 22:48 - 2014-04-10 18:15 - 00000883 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flixster.lnk
2014-08-10 22:48 - 2014-04-10 18:15 - 00000871 _____ () C:\Users\Public\Desktop\Flixster.lnk
2014-08-10 22:44 - 2014-08-10 18:06 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-08-10 20:11 - 2014-08-08 17:04 - 00000000 ____D () C:\ProgramData\Origin
2014-08-10 20:00 - 2014-06-11 12:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\PunkBuster
2014-08-10 20:00 - 2014-06-10 18:52 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-10 18:06 - 2014-06-10 18:52 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-10 18:06 - 2014-06-10 18:52 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-09 18:06 - 2014-08-08 17:06 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Origin
2014-08-08 13:28 - 2014-08-08 13:28 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\NVIDIA
2014-08-07 04:06 - 2014-08-13 12:44 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 12:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 10:39

==================== End Of Log ============================

Additions.txt...

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014
Ran by Nico at 2014-09-06 15:37:30
Running from C:\Users\Nico\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 10.7.14.12_WHQL (HKLM\...\Elantech) (Version: 10.7.14.12 - ELAN Microelectronic Corp.)
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.3 - Warner Bros. Entertainment, Inc.)
Flixster (x32 Version: 2.2.3 - Warner Bros. Entertainment, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.50 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sweet Home 3D version 4.4 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-09-2014 08:32:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-06-16 21:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11B6C961-646C-4299-A8E8-4D74A09F81CE} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {15FEFD6F-F3C6-4321-AC6C-3C5F0B4ECB40} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {19AA24C7-EC7F-48DC-A4D3-A6DF22B2EBB3} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {1CC4B017-9C5D-4093-A7F4-AC9BB2F06D01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {4D8C196A-841F-440D-9F8D-C90BA6D1E4B9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {5BDF5EE3-83B0-4DF2-88BC-8016796DA31B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11] (Google Inc.)
Task: {6D558D4F-D6C4-41AE-8DC6-29C8182D38E8} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-12] (Samsung Electronics)
Task: {8B616943-0705-4797-8069-F060BAE38A6C} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {8D0ED9DD-EE46-4530-B95B-639666D07700} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {95981088-BD5D-4688-80C8-27EF913898F0} - System32\Tasks\Definitionsupdate Microsoft Security Essentials => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2014-03-11] (Microsoft Corporation)
Task: {A5BCB12D-903D-4DAB-A912-3F196B2BE7E6} - System32\Tasks\Driver Booster SkipUAC (Nico) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {A9987F19-648B-49BD-801B-C784996E8D2F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico-PC-Nico Nico-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-13] (Microsoft Corporation)
Task: {AC0FA78E-5944-4B90-BAA8-7D9A7BA07548} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {DAA03928-2A88-4516-97C5-37C178E4F1D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11] (Google Inc.)
Task: {F32A8609-7E6D-46FA-AA59-35AB909920A5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-04 17:08 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-13 12:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-10 18:52 - 2014-08-10 18:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-09 11:36 - 2014-04-09 11:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-04 16:59 - 2014-07-02 22:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-09 11:47 - 2010-07-05 19:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2014-09-01 22:11 - 2014-09-01 22:11 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4944\libcef.dll
2014-09-01 22:11 - 2014-09-01 22:11 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4944\libglesv2.dll
2014-09-01 22:11 - 2014-09-01 22:11 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4944\libegl.dll
2014-09-03 16:15 - 2014-08-30 04:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-03 16:15 - 2014-08-30 04:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-03 16:15 - 2014-08-30 04:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-03 16:15 - 2014-08-30 04:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-03 16:15 - 2014-08-30 04:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2014 10:41:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/06/2014 10:22:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2014 10:42:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/05/2014 10:19:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 10:55:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 00:39:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/03/2014 01:42:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 10:17:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 01:46:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2014 11:37:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/05/2014 05:18:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/05/2014 01:12:20 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CHRISTINE-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{3CB4B361-5AA5-40C3-8E41-B785CF389BDC}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/05/2014 00:56:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "BitRaider Mini-Support Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/05/2014 10:29:02 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.183.1615.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (09/05/2014 10:19:05 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.183.1615.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (09/04/2014 01:45:56 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/04/2014 11:48:59 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/04/2014 11:00:14 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.183.1505.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (09/04/2014 10:58:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.183.1505.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (09/03/2014 06:57:12 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office Sessions:
=========================
Error: (09/06/2014 10:41:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/06/2014 10:22:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2014 10:42:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/05/2014 10:19:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 10:55:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 00:39:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/03/2014 01:42:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 10:17:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 01:46:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/02/2014 11:37:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 17:39:58.290
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.286
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.276
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.274
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.272
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-18 13:51:12.143
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-18 13:51:12.143
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-18 13:51:12.127
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-18 13:51:12.096
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 56%
Total physical RAM: 4008.19 MB
Available physical RAM: 1755.25 MB
Total Pagefile: 8014.56 MB
Available Pagefile: 5573.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:573.24 GB) (Free:468.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1F8D46A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=573.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.8 GB) - (Type=12)

==================== End Of Log ============================

Danke für Eure Antworten ;)

cosinus 06.09.2014 17:40

Hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Prejudice 06.09.2014 19:17

Anbei übersende ich das Logfile von Kaspersky.

Code:

20:14:20.0782 0x149c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:14:27.0302 0x149c  ============================================================
20:14:27.0302 0x149c  Current date / time: 2014/09/06 20:14:27.0302
20:14:27.0302 0x149c  SystemInfo:
20:14:27.0302 0x149c 
20:14:27.0302 0x149c  OS Version: 6.1.7601 ServicePack: 1.0
20:14:27.0302 0x149c  Product type: Workstation
20:14:27.0302 0x149c  ComputerName: NICO-PC
20:14:27.0302 0x149c  UserName: Nico
20:14:27.0302 0x149c  Windows directory: C:\Windows
20:14:27.0302 0x149c  System windows directory: C:\Windows
20:14:27.0302 0x149c  Running under WOW64
20:14:27.0302 0x149c  Processor architecture: Intel x64
20:14:27.0302 0x149c  Number of processors: 8
20:14:27.0302 0x149c  Page size: 0x1000
20:14:27.0302 0x149c  Boot type: Normal boot
20:14:27.0302 0x149c  ============================================================
20:14:27.0855 0x149c  KLMD registered as C:\Windows\system32\drivers\77471903.sys
20:14:28.0239 0x149c  System UUID: {4A7CF7BD-E5A8-4884-E67F-087AB77BBF1F}
20:14:29.0674 0x149c  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:14:29.0753 0x149c  ============================================================
20:14:29.0753 0x149c  \Device\Harddisk0\DR0:
20:14:29.0762 0x149c  MBR partitions:
20:14:29.0762 0x149c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:14:29.0762 0x149c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x47A7B000
20:14:29.0762 0x149c  ============================================================
20:14:29.0786 0x149c  C: <-> \Device\Harddisk0\DR0\Partition2
20:14:29.0786 0x149c  ============================================================
20:14:29.0786 0x149c  Initialize success
20:14:29.0786 0x149c  ============================================================
20:14:57.0428 0x11f4  ============================================================
20:14:57.0428 0x11f4  Scan started
20:14:57.0428 0x11f4  Mode: Manual; SigCheck; TDLFS;
20:14:57.0428 0x11f4  ============================================================
20:14:57.0428 0x11f4  KSN ping started
20:15:11.0133 0x11f4  KSN ping finished: true
20:15:11.0485 0x11f4  ================ Scan system memory ========================
20:15:11.0485 0x11f4  System memory - ok
20:15:11.0486 0x11f4  ================ Scan services =============================
20:15:11.0622 0x11f4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:15:11.0741 0x11f4  1394ohci - ok
20:15:11.0781 0x11f4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:15:11.0799 0x11f4  ACPI - ok
20:15:11.0824 0x11f4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
20:15:11.0885 0x11f4  AcpiPmi - ok
20:15:11.0988 0x11f4  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:15:11.0998 0x11f4  AdobeARMservice - ok
20:15:12.0045 0x11f4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
20:15:12.0066 0x11f4  adp94xx - ok
20:15:12.0117 0x11f4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\drivers\adpahci.sys
20:15:12.0134 0x11f4  adpahci - ok
20:15:12.0159 0x11f4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
20:15:12.0173 0x11f4  adpu320 - ok
20:15:12.0201 0x11f4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
20:15:12.0318 0x11f4  AeLookupSvc - ok
20:15:12.0361 0x11f4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD            C:\Windows\system32\drivers\afd.sys
20:15:12.0407 0x11f4  AFD - ok
20:15:12.0452 0x11f4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:15:12.0462 0x11f4  agp440 - ok
20:15:12.0491 0x11f4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
20:15:12.0529 0x11f4  ALG - ok
20:15:12.0571 0x11f4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:15:12.0579 0x11f4  aliide - ok
20:15:12.0597 0x11f4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:15:12.0606 0x11f4  amdide - ok
20:15:12.0616 0x11f4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
20:15:12.0643 0x11f4  AmdK8 - ok
20:15:12.0660 0x11f4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:15:12.0673 0x11f4  AmdPPM - ok
20:15:12.0716 0x11f4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
20:15:12.0728 0x11f4  amdsata - ok
20:15:12.0748 0x11f4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:15:12.0761 0x11f4  amdsbs - ok
20:15:12.0774 0x11f4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\Windows\system32\drivers\amdxata.sys
20:15:12.0783 0x11f4  amdxata - ok
20:15:12.0804 0x11f4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID          C:\Windows\system32\drivers\appid.sys
20:15:12.0920 0x11f4  AppID - ok
20:15:12.0957 0x11f4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:15:13.0000 0x11f4  AppIDSvc - ok
20:15:13.0038 0x11f4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\Windows\System32\appinfo.dll
20:15:13.0082 0x11f4  Appinfo - ok
20:15:13.0136 0x11f4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\drivers\arc.sys
20:15:13.0147 0x11f4  arc - ok
20:15:13.0177 0x11f4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:15:13.0188 0x11f4  arcsas - ok
20:15:13.0291 0x11f4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:15:13.0303 0x11f4  aspnet_state - ok
20:15:13.0375 0x11f4  [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid        C:\Windows\system32\drivers\aswHwid.sys
20:15:13.0388 0x11f4  aswHwid - ok
20:15:13.0410 0x11f4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:15:13.0452 0x11f4  AsyncMac - ok
20:15:13.0484 0x11f4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\Windows\system32\drivers\atapi.sys
20:15:13.0493 0x11f4  atapi - ok
20:15:13.0545 0x11f4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:15:13.0597 0x11f4  AudioEndpointBuilder - ok
20:15:13.0616 0x11f4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:15:13.0659 0x11f4  AudioSrv - ok
20:15:13.0665 0x11f4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:15:13.0725 0x11f4  AxInstSV - ok
20:15:13.0781 0x11f4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
20:15:13.0835 0x11f4  b06bdrv - ok
20:15:13.0869 0x11f4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:15:13.0904 0x11f4  b57nd60a - ok
20:15:13.0950 0x11f4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:15:14.0009 0x11f4  BDESVC - ok
20:15:14.0056 0x11f4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:15:14.0099 0x11f4  Beep - ok
20:15:14.0155 0x11f4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\Windows\System32\bfe.dll
20:15:14.0210 0x11f4  BFE - ok
20:15:14.0255 0x11f4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:15:14.0307 0x11f4  BITS - ok
20:15:14.0350 0x11f4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:15:14.0369 0x11f4  blbdrive - ok
20:15:14.0408 0x11f4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:15:14.0445 0x11f4  bowser - ok
20:15:14.0534 0x11f4  BRDriver64 - ok
20:15:14.0573 0x11f4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:15:14.0593 0x11f4  BrFiltLo - ok
20:15:14.0605 0x11f4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:15:14.0632 0x11f4  BrFiltUp - ok
20:15:14.0701 0x11f4  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:15:14.0744 0x11f4  BridgeMP - ok
20:15:14.0783 0x11f4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\Windows\System32\browser.dll
20:15:14.0823 0x11f4  Browser - ok
20:15:14.0848 0x11f4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
20:15:14.0894 0x11f4  Brserid - ok
20:15:14.0906 0x11f4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:15:14.0925 0x11f4  BrSerWdm - ok
20:15:14.0997 0x11f4  [ 78561B78811A147B99CB47EBBD2D2847, 4EF1ED64CAF0549B43A660FF70D5035DFD59CCD22E7353150E8A13944C936520 ] BRSptSvc        C:\ProgramData\BitRaider\BRSptSvc.exe
20:15:15.0350 0x11f4  BRSptSvc - ok
20:15:15.0392 0x11f4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:15:15.0415 0x11f4  BrUsbMdm - ok
20:15:15.0449 0x11f4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:15:15.0460 0x11f4  BrUsbSer - ok
20:15:15.0479 0x11f4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:15:15.0499 0x11f4  BTHMODEM - ok
20:15:15.0532 0x11f4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
20:15:15.0563 0x11f4  bthserv - ok
20:15:15.0590 0x11f4  catchme - ok
20:15:15.0612 0x11f4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:15:15.0669 0x11f4  cdfs - ok
20:15:15.0715 0x11f4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
20:15:15.0730 0x11f4  cdrom - ok
20:15:15.0757 0x11f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\Windows\System32\certprop.dll
20:15:15.0795 0x11f4  CertPropSvc - ok
20:15:15.0823 0x11f4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:15:15.0845 0x11f4  circlass - ok
20:15:15.0914 0x11f4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:15:15.0932 0x11f4  CLFS - ok
20:15:16.0119 0x11f4  [ FE0CFEDA0CFC71F1FF0F77E85CA1FE1F, D067024F9110CEEF573152275DAB100943B59A36E58B342B5CC764FC3C917834 ] ClickToRunSvc  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
20:15:16.0195 0x11f4  ClickToRunSvc - ok
20:15:16.0249 0x11f4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:15:16.0261 0x11f4  clr_optimization_v2.0.50727_32 - ok
20:15:16.0304 0x11f4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:15:16.0317 0x11f4  clr_optimization_v2.0.50727_64 - ok
20:15:16.0388 0x11f4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:15:16.0401 0x11f4  clr_optimization_v4.0.30319_32 - ok
20:15:16.0434 0x11f4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:15:16.0448 0x11f4  clr_optimization_v4.0.30319_64 - ok
20:15:16.0479 0x11f4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:15:16.0496 0x11f4  CmBatt - ok
20:15:16.0512 0x11f4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:15:16.0521 0x11f4  cmdide - ok
20:15:16.0568 0x11f4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG            C:\Windows\system32\Drivers\cng.sys
20:15:16.0593 0x11f4  CNG - ok
20:15:16.0635 0x11f4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:15:16.0644 0x11f4  Compbatt - ok
20:15:16.0685 0x11f4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:15:16.0713 0x11f4  CompositeBus - ok
20:15:16.0721 0x11f4  COMSysApp - ok
20:15:16.0738 0x11f4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
20:15:16.0747 0x11f4  crcdisk - ok
20:15:16.0788 0x11f4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:15:16.0834 0x11f4  CryptSvc - ok
20:15:16.0874 0x11f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:15:16.0929 0x11f4  DcomLaunch - ok
20:15:16.0966 0x11f4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\Windows\System32\defragsvc.dll
20:15:17.0009 0x11f4  defragsvc - ok
20:15:17.0036 0x11f4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:15:17.0080 0x11f4  DfsC - ok
20:15:17.0105 0x11f4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:15:17.0175 0x11f4  Dhcp - ok
20:15:17.0204 0x11f4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:15:17.0287 0x11f4  discache - ok
20:15:17.0322 0x11f4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:15:17.0333 0x11f4  Disk - ok
20:15:17.0382 0x11f4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:15:17.0462 0x11f4  Dnscache - ok
20:15:17.0483 0x11f4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\Windows\System32\dot3svc.dll
20:15:17.0527 0x11f4  dot3svc - ok
20:15:17.0549 0x11f4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\Windows\system32\dps.dll
20:15:17.0593 0x11f4  DPS - ok
20:15:17.0635 0x11f4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
20:15:17.0661 0x11f4  drmkaud - ok
20:15:17.0707 0x11f4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
20:15:17.0740 0x11f4  DXGKrnl - ok
20:15:17.0770 0x11f4  EagleX64 - ok
20:15:17.0813 0x11f4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\Windows\System32\eapsvc.dll
20:15:17.0852 0x11f4  EapHost - ok
20:15:17.0971 0x11f4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
20:15:18.0093 0x11f4  ebdrv - ok
20:15:18.0125 0x11f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS            C:\Windows\System32\lsass.exe
20:15:18.0174 0x11f4  EFS - ok
20:15:18.0244 0x11f4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
20:15:18.0291 0x11f4  ehRecvr - ok
20:15:18.0302 0x11f4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\Windows\ehome\ehsched.exe
20:15:18.0357 0x11f4  ehSched - ok
20:15:18.0458 0x11f4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
20:15:18.0480 0x11f4  elxstor - ok
20:15:18.0497 0x11f4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:15:18.0527 0x11f4  ErrDev - ok
20:15:18.0587 0x11f4  [ 0C8324462B9791A1ECE2A329A7378A55, 715A81FE6DEC6D2DBE132DD5098808B931DF2480BD1F14275924D01BAE337307 ] ETD            C:\Windows\system32\DRIVERS\ETD.sys
20:15:18.0611 0x11f4  ETD - ok
20:15:18.0655 0x11f4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\Windows\system32\es.dll
20:15:18.0704 0x11f4  EventSystem - ok
20:15:18.0735 0x11f4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\Windows\system32\drivers\exfat.sys
20:15:18.0780 0x11f4  exfat - ok
20:15:18.0814 0x11f4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
20:15:18.0853 0x11f4  fastfat - ok
20:15:18.0904 0x11f4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\Windows\system32\fxssvc.exe
20:15:18.0976 0x11f4  Fax - ok
20:15:19.0011 0x11f4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\Windows\system32\drivers\fdc.sys
20:15:19.0047 0x11f4  fdc - ok
20:15:19.0093 0x11f4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\Windows\system32\fdPHost.dll
20:15:19.0142 0x11f4  fdPHost - ok
20:15:19.0161 0x11f4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:15:19.0191 0x11f4  FDResPub - ok
20:15:19.0230 0x11f4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:15:19.0240 0x11f4  FileInfo - ok
20:15:19.0251 0x11f4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
20:15:19.0287 0x11f4  Filetrace - ok
20:15:19.0386 0x11f4  [ 00EDB531DFB127197D625204B138269B, 0CE6536344CE30F06C6CD04BEB202C935B10439200B9CE792B4440D2EE3CB9D9 ] FlexNet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
20:15:19.0664 0x11f4  FlexNet Licensing Service - ok
20:15:19.0712 0x11f4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:15:19.0724 0x11f4  flpydisk - ok
20:15:19.0744 0x11f4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:15:19.0759 0x11f4  FltMgr - ok
20:15:19.0820 0x11f4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache      C:\Windows\system32\FntCache.dll
20:15:19.0877 0x11f4  FontCache - ok
20:15:19.0921 0x11f4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:15:19.0931 0x11f4  FontCache3.0.0.0 - ok
20:15:19.0951 0x11f4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
20:15:19.0961 0x11f4  FsDepends - ok
20:15:20.0007 0x11f4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:15:20.0017 0x11f4  Fs_Rec - ok
20:15:20.0073 0x11f4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:15:20.0089 0x11f4  fvevol - ok
20:15:20.0110 0x11f4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:15:20.0120 0x11f4  gagp30kx - ok
20:15:20.0172 0x11f4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\Windows\System32\gpsvc.dll
20:15:20.0243 0x11f4  gpsvc - ok
20:15:20.0327 0x11f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:15:20.0336 0x11f4  gupdate - ok
20:15:20.0351 0x11f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:15:20.0359 0x11f4  gupdatem - ok
20:15:20.0393 0x11f4  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi        C:\Windows\system32\DRIVERS\hamachi.sys
20:15:20.0402 0x11f4  hamachi - ok
20:15:20.0436 0x11f4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:15:20.0475 0x11f4  hcw85cir - ok
20:15:20.0500 0x11f4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:15:20.0537 0x11f4  HdAudAddService - ok
20:15:20.0568 0x11f4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:15:20.0597 0x11f4  HDAudBus - ok
20:15:20.0611 0x11f4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
20:15:20.0662 0x11f4  HidBatt - ok
20:15:20.0688 0x11f4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:15:20.0717 0x11f4  HidBth - ok
20:15:20.0743 0x11f4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\Windows\system32\drivers\hidir.sys
20:15:20.0757 0x11f4  HidIr - ok
20:15:20.0776 0x11f4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\Windows\System32\hidserv.dll
20:15:20.0815 0x11f4  hidserv - ok
20:15:20.0851 0x11f4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:15:20.0868 0x11f4  HidUsb - ok
20:15:20.0900 0x11f4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:15:20.0937 0x11f4  hkmsvc - ok
20:15:20.0961 0x11f4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:15:21.0002 0x11f4  HomeGroupListener - ok
20:15:21.0029 0x11f4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:15:21.0059 0x11f4  HomeGroupProvider - ok
20:15:21.0100 0x11f4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:15:21.0111 0x11f4  HpSAMD - ok
20:15:21.0158 0x11f4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:15:21.0216 0x11f4  HTTP - ok
20:15:21.0247 0x11f4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:15:21.0257 0x11f4  hwpolicy - ok
20:15:21.0283 0x11f4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:15:21.0296 0x11f4  i8042prt - ok
20:15:21.0335 0x11f4  [ F7CE9BE72EDAC499B713ECA6DAE5D26F, AF158C8ADF0815C406435AB051C8D8DD0ECBDBA8644CB75D7611980D70662193 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:15:21.0352 0x11f4  iaStor - ok
20:15:21.0403 0x11f4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
20:15:21.0421 0x11f4  iaStorV - ok
20:15:21.0473 0x11f4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:15:21.0503 0x11f4  idsvc - ok
20:15:21.0533 0x11f4  IEEtwCollectorService - ok
20:15:21.0909 0x11f4  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:15:22.0396 0x11f4  igfx - ok
20:15:22.0432 0x11f4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
20:15:22.0442 0x11f4  iirsp - ok
20:15:22.0496 0x11f4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:15:22.0530 0x11f4  IKEEXT - ok
20:15:22.0685 0x11f4  [ 39246F2CFBF1D32C3A12E242661EC039, EADF06D9B142844C16C2B0E412D708DB02BA07E2CD96BBFB2F0984DD6BB63E28 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:15:22.0863 0x11f4  IntcAzAudAddService - ok
20:15:22.0919 0x11f4  [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:15:22.0944 0x11f4  IntcDAud - ok
20:15:22.0977 0x11f4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:15:22.0986 0x11f4  intelide - ok
20:15:23.0019 0x11f4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:15:23.0044 0x11f4  intelppm - ok
20:15:23.0076 0x11f4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
20:15:23.0122 0x11f4  IPBusEnum - ok
20:15:23.0140 0x11f4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:15:23.0176 0x11f4  IpFilterDriver - ok
20:15:23.0224 0x11f4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:15:23.0273 0x11f4  iphlpsvc - ok
20:15:23.0316 0x11f4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
20:15:23.0342 0x11f4  IPMIDRV - ok
20:15:23.0362 0x11f4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
20:15:23.0402 0x11f4  IPNAT - ok
20:15:23.0421 0x11f4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:15:23.0446 0x11f4  IRENUM - ok
20:15:23.0477 0x11f4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:15:23.0486 0x11f4  isapnp - ok
20:15:23.0520 0x11f4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:15:23.0535 0x11f4  iScsiPrt - ok
20:15:23.0562 0x11f4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:15:23.0572 0x11f4  kbdclass - ok
20:15:23.0596 0x11f4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:15:23.0623 0x11f4  kbdhid - ok
20:15:23.0648 0x11f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:15:23.0659 0x11f4  KeyIso - ok
20:15:23.0676 0x11f4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:15:23.0687 0x11f4  KSecDD - ok
20:15:23.0733 0x11f4  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
20:15:23.0746 0x11f4  KSecPkg - ok
20:15:23.0767 0x11f4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
20:15:23.0803 0x11f4  ksthunk - ok
20:15:23.0836 0x11f4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\Windows\system32\msdtckrm.dll
20:15:23.0888 0x11f4  KtmRm - ok
20:15:23.0968 0x11f4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:15:24.0020 0x11f4  LanmanServer - ok
20:15:24.0067 0x11f4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:15:24.0134 0x11f4  LanmanWorkstation - ok
20:15:24.0167 0x11f4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:15:24.0215 0x11f4  lltdio - ok
20:15:24.0248 0x11f4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
20:15:24.0292 0x11f4  lltdsvc - ok
20:15:24.0326 0x11f4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\Windows\System32\lmhsvc.dll
20:15:24.0370 0x11f4  lmhosts - ok
20:15:24.0449 0x11f4  [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:15:24.0466 0x11f4  LMS - ok
20:15:24.0505 0x11f4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:15:24.0517 0x11f4  LSI_FC - ok
20:15:24.0526 0x11f4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
20:15:24.0537 0x11f4  LSI_SAS - ok
20:15:24.0550 0x11f4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:15:24.0560 0x11f4  LSI_SAS2 - ok
20:15:24.0575 0x11f4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:15:24.0587 0x11f4  LSI_SCSI - ok
20:15:24.0614 0x11f4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv          C:\Windows\system32\drivers\luafv.sys
20:15:24.0662 0x11f4  luafv - ok
20:15:24.0689 0x11f4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
20:15:24.0707 0x11f4  Mcx2Svc - ok
20:15:24.0801 0x11f4  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM            C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:15:24.0824 0x11f4  MDM - detected UnsignedFile.Multi.Generic ( 1 )
20:15:27.0167 0x11f4  Detect skipped due to KSN trusted
20:15:27.0167 0x11f4  MDM - ok
20:15:27.0205 0x11f4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\Windows\system32\drivers\megasas.sys
20:15:27.0215 0x11f4  megasas - ok
20:15:27.0248 0x11f4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:15:27.0264 0x11f4  MegaSR - ok
20:15:27.0310 0x11f4  [ EB1D78140D6634C32A46AB1006105EDC, 586F988A7272A7E3F6AA2CC9A001A08A3D178A011AE8C095BB7EAD9FFB45AAB1 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
20:15:27.0373 0x11f4  MEIx64 - ok
20:15:27.0392 0x11f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\Windows\system32\mmcss.dll
20:15:27.0431 0x11f4  MMCSS - ok
20:15:27.0442 0x11f4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem          C:\Windows\system32\drivers\modem.sys
20:15:27.0482 0x11f4  Modem - ok
20:15:27.0504 0x11f4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
20:15:27.0535 0x11f4  monitor - ok
20:15:27.0567 0x11f4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:15:27.0578 0x11f4  mouclass - ok
20:15:27.0608 0x11f4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:15:27.0620 0x11f4  mouhid - ok
20:15:27.0669 0x11f4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:15:27.0680 0x11f4  mountmgr - ok
20:15:27.0746 0x11f4  [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:15:27.0763 0x11f4  MpFilter - ok
20:15:27.0780 0x11f4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:15:27.0793 0x11f4  mpio - ok
20:15:27.0827 0x11f4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:15:27.0856 0x11f4  mpsdrv - ok
20:15:27.0909 0x11f4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:15:27.0963 0x11f4  MpsSvc - ok
20:15:27.0996 0x11f4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:15:28.0029 0x11f4  MRxDAV - ok
20:15:28.0060 0x11f4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:15:28.0094 0x11f4  mrxsmb - ok
20:15:28.0122 0x11f4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:15:28.0140 0x11f4  mrxsmb10 - ok
20:15:28.0150 0x11f4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:15:28.0183 0x11f4  mrxsmb20 - ok
20:15:28.0201 0x11f4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:15:28.0210 0x11f4  msahci - ok
20:15:28.0248 0x11f4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
20:15:28.0260 0x11f4  msdsm - ok
20:15:28.0278 0x11f4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\Windows\System32\msdtc.exe
20:15:28.0306 0x11f4  MSDTC - ok
20:15:28.0336 0x11f4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:15:28.0383 0x11f4  Msfs - ok
20:15:28.0401 0x11f4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
20:15:28.0442 0x11f4  mshidkmdf - ok
20:15:28.0465 0x11f4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:15:28.0474 0x11f4  msisadrv - ok
20:15:28.0515 0x11f4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
20:15:28.0565 0x11f4  MSiSCSI - ok
20:15:28.0568 0x11f4  msiserver - ok
20:15:28.0598 0x11f4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
20:15:28.0634 0x11f4  MSKSSRV - ok
20:15:28.0711 0x11f4  [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:15:28.0722 0x11f4  MsMpSvc - ok
20:15:28.0737 0x11f4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:15:28.0778 0x11f4  MSPCLOCK - ok
20:15:28.0790 0x11f4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
20:15:28.0834 0x11f4  MSPQM - ok
20:15:28.0864 0x11f4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
20:15:28.0883 0x11f4  MsRPC - ok
20:15:28.0897 0x11f4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:15:28.0906 0x11f4  mssmbios - ok
20:15:28.0922 0x11f4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
20:15:28.0957 0x11f4  MSTEE - ok
20:15:28.0974 0x11f4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:15:29.0003 0x11f4  MTConfig - ok
20:15:29.0019 0x11f4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup            C:\Windows\system32\Drivers\mup.sys
20:15:29.0029 0x11f4  Mup - ok
20:15:29.0070 0x11f4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:15:29.0125 0x11f4  napagent - ok
20:15:29.0178 0x11f4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
20:15:29.0210 0x11f4  NativeWifiP - ok
20:15:29.0269 0x11f4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:15:29.0302 0x11f4  NDIS - ok
20:15:29.0338 0x11f4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
20:15:29.0380 0x11f4  NdisCap - ok
20:15:29.0405 0x11f4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:15:29.0434 0x11f4  NdisTapi - ok
20:15:29.0442 0x11f4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
20:15:29.0483 0x11f4  Ndisuio - ok
20:15:29.0504 0x11f4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
20:15:29.0545 0x11f4  NdisWan - ok
20:15:29.0564 0x11f4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
20:15:29.0604 0x11f4  NDProxy - ok
20:15:29.0627 0x11f4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
20:15:29.0668 0x11f4  NetBIOS - ok
20:15:29.0688 0x11f4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
20:15:29.0723 0x11f4  NetBT - ok
20:15:29.0738 0x11f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:15:29.0748 0x11f4  Netlogon - ok
20:15:29.0790 0x11f4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:15:29.0844 0x11f4  Netman - ok
20:15:29.0883 0x11f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:29.0897 0x11f4  NetMsmqActivator - ok
20:15:29.0902 0x11f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:29.0915 0x11f4  NetPipeActivator - ok
20:15:29.0982 0x11f4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:15:30.0035 0x11f4  netprofm - ok
20:15:30.0041 0x11f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:30.0053 0x11f4  NetTcpActivator - ok
20:15:30.0058 0x11f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:30.0070 0x11f4  NetTcpPortSharing - ok
20:15:30.0437 0x11f4  [ 127AB99C5901DE162AFB55290FE82C04, B711E48FD3903F8210B444A131F10820C4F27A25B81E8219A555404416183960 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwsw00.sys
20:15:30.0894 0x11f4  NETwNs64 - ok
20:15:30.0942 0x11f4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
20:15:30.0952 0x11f4  nfrd960 - ok
20:15:31.0006 0x11f4  [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:15:31.0019 0x11f4  NisDrv - ok
20:15:31.0097 0x11f4  [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:15:31.0116 0x11f4  NisSrv - ok
20:15:31.0141 0x11f4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:15:31.0176 0x11f4  NlaSvc - ok
20:15:31.0205 0x11f4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:15:31.0236 0x11f4  Npfs - ok
20:15:31.0258 0x11f4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi            C:\Windows\system32\nsisvc.dll
20:15:31.0300 0x11f4  nsi - ok
20:15:31.0320 0x11f4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:15:31.0357 0x11f4  nsiproxy - ok
20:15:31.0420 0x11f4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:15:31.0471 0x11f4  Ntfs - ok
20:15:31.0494 0x11f4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:15:31.0523 0x11f4  Null - ok
20:15:31.0938 0x11f4  [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:15:32.0391 0x11f4  nvlddmkm - ok
20:15:32.0532 0x11f4  [ 45D6780D0525D7BC29E2E3605CA73C18, C8BBE8BE9824CD1D3C4314FE370FA03BD6000187B4FC4FC935F8342E1A02FA7E ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
20:15:32.0584 0x11f4  NvNetworkService - ok
20:15:32.0622 0x11f4  [ 30458B18AEA941B1FD3A6A076BE95A71, F3B36E52D63939A89658073E1DEFFCD050EF9B39F643771E846737915012D5FB ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
20:15:32.0631 0x11f4  nvpciflt - ok
20:15:32.0663 0x11f4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:15:32.0676 0x11f4  nvraid - ok
20:15:32.0692 0x11f4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:15:32.0705 0x11f4  nvstor - ok
20:15:32.0796 0x11f4  [ A0D870DCE152EE5B92A41AD927201D19, 67FB025CB380D933BF0FDD4AFE9BE4E3C1D69A59865E02A96533BBE9EC260D71 ] NvStreamKms    C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
20:15:32.0805 0x11f4  NvStreamKms - ok
20:15:33.0371 0x11f4  [ E5597D09E5239C0F908948DB7057AC26, A6045D4D9D2F8007B0F75DAAABB2AD9FEB4A898E33A51ECE9A9D788D8E8F84A4 ] NvStreamSvc    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
20:15:34.0003 0x11f4  NvStreamSvc - ok
20:15:34.0110 0x11f4  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc          C:\Windows\system32\nvvsvc.exe
20:15:34.0142 0x11f4  nvsvc - ok
20:15:34.0182 0x11f4  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
20:15:34.0192 0x11f4  nvvad_WaveExtensible - ok
20:15:34.0215 0x11f4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:15:34.0227 0x11f4  nv_agp - ok
20:15:34.0252 0x11f4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:15:34.0265 0x11f4  ohci1394 - ok
20:15:34.0301 0x11f4  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:15:34.0314 0x11f4  ose - ok
20:15:34.0551 0x11f4  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:15:34.0730 0x11f4  osppsvc - ok
20:15:34.0779 0x11f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:15:34.0811 0x11f4  p2pimsvc - ok
20:15:34.0839 0x11f4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:15:34.0870 0x11f4  p2psvc - ok
20:15:34.0898 0x11f4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport        C:\Windows\system32\drivers\parport.sys
20:15:34.0911 0x11f4  Parport - ok
20:15:34.0942 0x11f4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
20:15:34.0952 0x11f4  partmgr - ok
20:15:34.0972 0x11f4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:15:35.0008 0x11f4  PcaSvc - ok
20:15:35.0025 0x11f4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci            C:\Windows\system32\drivers\pci.sys
20:15:35.0038 0x11f4  pci - ok
20:15:35.0057 0x11f4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:15:35.0066 0x11f4  pciide - ok
20:15:35.0085 0x11f4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:15:35.0099 0x11f4  pcmcia - ok
20:15:35.0122 0x11f4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\Windows\system32\drivers\pcw.sys
20:15:35.0132 0x11f4  pcw - ok
20:15:35.0158 0x11f4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:15:35.0218 0x11f4  PEAUTH - ok
20:15:35.0287 0x11f4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:15:35.0303 0x11f4  PerfHost - ok
20:15:35.0377 0x11f4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla            C:\Windows\system32\pla.dll
20:15:35.0462 0x11f4  pla - ok
20:15:35.0523 0x11f4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:15:35.0572 0x11f4  PlugPlay - ok
20:15:35.0594 0x11f4  PnkBstrA - ok
20:15:35.0618 0x11f4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
20:15:35.0651 0x11f4  PNRPAutoReg - ok
20:15:35.0700 0x11f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
20:15:35.0718 0x11f4  PNRPsvc - ok
20:15:35.0764 0x11f4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
20:15:35.0814 0x11f4  PolicyAgent - ok
20:15:35.0845 0x11f4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power          C:\Windows\system32\umpo.dll
20:15:35.0895 0x11f4  Power - ok
20:15:35.0931 0x11f4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:15:35.0966 0x11f4  PptpMiniport - ok
20:15:35.0981 0x11f4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\Windows\system32\drivers\processr.sys
20:15:36.0013 0x11f4  Processor - ok
20:15:36.0043 0x11f4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc        C:\Windows\system32\profsvc.dll
20:15:36.0074 0x11f4  ProfSvc - ok
20:15:36.0082 0x11f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:15:36.0092 0x11f4  ProtectedStorage - ok
20:15:36.0117 0x11f4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:15:36.0173 0x11f4  Psched - ok
20:15:36.0256 0x11f4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:15:36.0314 0x11f4  ql2300 - ok
20:15:36.0337 0x11f4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:15:36.0348 0x11f4  ql40xx - ok
20:15:36.0381 0x11f4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\Windows\system32\qwave.dll
20:15:36.0402 0x11f4  QWAVE - ok
20:15:36.0426 0x11f4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:15:36.0450 0x11f4  QWAVEdrv - ok
20:15:36.0464 0x11f4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:15:36.0499 0x11f4  RasAcd - ok
20:15:36.0531 0x11f4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
20:15:36.0569 0x11f4  RasAgileVpn - ok
20:15:36.0586 0x11f4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\Windows\System32\rasauto.dll
20:15:36.0621 0x11f4  RasAuto - ok
20:15:36.0635 0x11f4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
20:15:36.0679 0x11f4  Rasl2tp - ok
20:15:36.0706 0x11f4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:15:36.0744 0x11f4  RasMan - ok
20:15:36.0757 0x11f4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:15:36.0794 0x11f4  RasPppoe - ok
20:15:36.0818 0x11f4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
20:15:36.0864 0x11f4  RasSstp - ok
20:15:36.0885 0x11f4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
20:15:36.0927 0x11f4  rdbss - ok
20:15:36.0958 0x11f4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:15:36.0974 0x11f4  rdpbus - ok
20:15:36.0999 0x11f4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:15:37.0029 0x11f4  RDPCDD - ok
20:15:37.0052 0x11f4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:15:37.0087 0x11f4  RDPENCDD - ok
20:15:37.0095 0x11f4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:15:37.0143 0x11f4  RDPREFMP - ok
20:15:37.0174 0x11f4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:15:37.0202 0x11f4  RdpVideoMiniport - ok
20:15:37.0227 0x11f4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
20:15:37.0274 0x11f4  RDPWD - ok
20:15:37.0309 0x11f4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:15:37.0323 0x11f4  rdyboost - ok
20:15:37.0350 0x11f4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:15:37.0389 0x11f4  RemoteAccess - ok
20:15:37.0426 0x11f4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:15:37.0460 0x11f4  RemoteRegistry - ok
20:15:37.0473 0x11f4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:15:37.0504 0x11f4  RpcEptMapper - ok
20:15:37.0526 0x11f4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:15:37.0553 0x11f4  RpcLocator - ok
20:15:37.0582 0x11f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs          C:\Windows\system32\rpcss.dll
20:15:37.0623 0x11f4  RpcSs - ok
20:15:37.0658 0x11f4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:15:37.0700 0x11f4  rspndr - ok
20:15:37.0754 0x11f4  [ D2D055E7ED70A5EE885D17D35DF97E80, 51781E55EEE111140A261822D3F78D76AD288E9DDF8578E236358E0AEB872C2F ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
20:15:37.0786 0x11f4  RTL8167 - ok
20:15:37.0821 0x11f4  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\Windows\system32\Drivers\SABI.sys
20:15:37.0850 0x11f4  SABI - ok
20:15:37.0868 0x11f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs          C:\Windows\system32\lsass.exe
20:15:37.0878 0x11f4  SamSs - ok
20:15:37.0901 0x11f4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:15:37.0911 0x11f4  sbp2port - ok
20:15:37.0971 0x11f4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:15:38.0025 0x11f4  SCardSvr - ok
20:15:38.0050 0x11f4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:15:38.0126 0x11f4  scfilter - ok
20:15:38.0194 0x11f4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:15:38.0264 0x11f4  Schedule - ok
20:15:38.0295 0x11f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc    C:\Windows\System32\certprop.dll
20:15:38.0324 0x11f4  SCPolicySvc - ok
20:15:38.0342 0x11f4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:15:38.0388 0x11f4  SDRSVC - ok
20:15:38.0425 0x11f4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:15:38.0470 0x11f4  secdrv - ok
20:15:38.0484 0x11f4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:15:38.0519 0x11f4  seclogon - ok
20:15:38.0536 0x11f4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
20:15:38.0569 0x11f4  SENS - ok
20:15:38.0609 0x11f4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:15:38.0638 0x11f4  SensrSvc - ok
20:15:38.0647 0x11f4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum        C:\Windows\system32\drivers\serenum.sys
20:15:38.0677 0x11f4  Serenum - ok
20:15:38.0727 0x11f4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
20:15:38.0749 0x11f4  Serial - ok
20:15:38.0775 0x11f4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:15:38.0786 0x11f4  sermouse - ok
20:15:38.0808 0x11f4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:15:38.0840 0x11f4  SessionEnv - ok
20:15:38.0857 0x11f4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
20:15:38.0879 0x11f4  sffdisk - ok
20:15:38.0896 0x11f4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:15:38.0923 0x11f4  sffp_mmc - ok
20:15:38.0930 0x11f4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
20:15:38.0952 0x11f4  sffp_sd - ok
20:15:38.0968 0x11f4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
20:15:38.0988 0x11f4  sfloppy - ok
20:15:39.0035 0x11f4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:15:39.0086 0x11f4  SharedAccess - ok
20:15:39.0118 0x11f4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:15:39.0179 0x11f4  ShellHWDetection - ok
20:15:39.0234 0x11f4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:15:39.0244 0x11f4  SiSRaid2 - ok
20:15:39.0259 0x11f4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:15:39.0270 0x11f4  SiSRaid4 - ok
20:15:39.0299 0x11f4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
20:15:39.0341 0x11f4  Smb - ok
20:15:39.0361 0x11f4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:15:39.0373 0x11f4  SNMPTRAP - ok
20:15:39.0388 0x11f4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\Windows\system32\drivers\spldr.sys
20:15:39.0397 0x11f4  spldr - ok
20:15:39.0433 0x11f4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler        C:\Windows\System32\spoolsv.exe
20:15:39.0478 0x11f4  Spooler - ok
20:15:39.0603 0x11f4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:15:39.0770 0x11f4  sppsvc - ok
20:15:39.0793 0x11f4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
20:15:39.0825 0x11f4  sppuinotify - ok
20:15:39.0863 0x11f4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv            C:\Windows\system32\DRIVERS\srv.sys
20:15:39.0904 0x11f4  srv - ok
20:15:39.0927 0x11f4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:15:39.0969 0x11f4  srv2 - ok
20:15:39.0990 0x11f4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:15:40.0012 0x11f4  srvnet - ok
20:15:40.0054 0x11f4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
20:15:40.0102 0x11f4  SSDPSRV - ok
20:15:40.0124 0x11f4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\Windows\system32\sstpsvc.dll
20:15:40.0155 0x11f4  SstpSvc - ok
20:15:40.0219 0x11f4  [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:15:40.0247 0x11f4  Steam Client Service - ok
20:15:40.0270 0x11f4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:15:40.0279 0x11f4  stexstor - ok
20:15:40.0327 0x11f4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:15:40.0371 0x11f4  stisvc - ok
20:15:40.0387 0x11f4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:15:40.0397 0x11f4  swenum - ok
20:15:40.0443 0x11f4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv          C:\Windows\System32\swprv.dll
20:15:40.0493 0x11f4  swprv - ok
20:15:40.0557 0x11f4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain        C:\Windows\system32\sysmain.dll
20:15:40.0641 0x11f4  SysMain - ok
20:15:40.0685 0x11f4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:15:40.0718 0x11f4  TabletInputService - ok
20:15:40.0746 0x11f4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv        C:\Windows\System32\tapisrv.dll
20:15:40.0792 0x11f4  TapiSrv - ok
20:15:40.0810 0x11f4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS            C:\Windows\System32\tbssvc.dll
20:15:40.0854 0x11f4  TBS - ok
20:15:40.0949 0x11f4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
20:15:41.0007 0x11f4  Tcpip - ok
20:15:41.0068 0x11f4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:15:41.0119 0x11f4  TCPIP6 - ok
20:15:41.0155 0x11f4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:15:41.0172 0x11f4  tcpipreg - ok
20:15:41.0190 0x11f4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:15:41.0225 0x11f4  TDPIPE - ok
20:15:41.0246 0x11f4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
20:15:41.0268 0x11f4  TDTCP - ok
20:15:41.0286 0x11f4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
20:15:41.0344 0x11f4  tdx - ok
20:15:41.0370 0x11f4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:15:41.0381 0x11f4  TermDD - ok
20:15:41.0417 0x11f4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService    C:\Windows\System32\termsrv.dll
20:15:41.0466 0x11f4  TermService - ok
20:15:41.0485 0x11f4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:15:41.0513 0x11f4  Themes - ok
20:15:41.0533 0x11f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\Windows\system32\mmcss.dll
20:15:41.0563 0x11f4  THREADORDER - ok
20:15:41.0573 0x11f4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:15:41.0618 0x11f4  TrkWks - ok
20:15:41.0667 0x11f4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:15:41.0700 0x11f4  TrustedInstaller - ok
20:15:41.0718 0x11f4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:15:41.0775 0x11f4  tssecsrv - ok
20:15:41.0818 0x11f4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:15:41.0852 0x11f4  TsUsbFlt - ok
20:15:41.0879 0x11f4  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
20:15:41.0899 0x11f4  TsUsbGD - ok
20:15:41.0941 0x11f4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:15:41.0980 0x11f4  tunnel - ok
20:15:41.0999 0x11f4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:15:42.0009 0x11f4  uagp35 - ok
20:15:42.0030 0x11f4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:15:42.0084 0x11f4  udfs - ok
20:15:42.0114 0x11f4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\Windows\system32\UI0Detect.exe
20:15:42.0126 0x11f4  UI0Detect - ok
20:15:42.0163 0x11f4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:15:42.0174 0x11f4  uliagpkx - ok
20:15:42.0200 0x11f4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
20:15:42.0226 0x11f4  umbus - ok
20:15:42.0238 0x11f4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:15:42.0273 0x11f4  UmPass - ok
20:15:42.0414 0x11f4  [ DB641944F7E4B14C13C3FEFC89843F69, C106F10E802A67D43C9F0591A4A2477F7EF7911C3313C3844A02E3C061FD3EAA ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:15:42.0490 0x11f4  UNS - ok
20:15:42.0522 0x11f4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:15:42.0573 0x11f4  upnphost - ok
20:15:42.0607 0x11f4  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
20:15:42.0646 0x11f4  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
20:15:45.0084 0x11f4  Detect skipped due to KSN trusted
20:15:45.0085 0x11f4  USBAAPL64 - ok
20:15:45.0137 0x11f4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
20:15:45.0177 0x11f4  usbccgp - ok
20:15:45.0251 0x11f4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:15:45.0280 0x11f4  usbcir - ok
20:15:45.0290 0x11f4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
20:15:45.0309 0x11f4  usbehci - ok
20:15:45.0351 0x11f4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:15:45.0380 0x11f4  usbhub - ok
20:15:45.0395 0x11f4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci        C:\Windows\system32\drivers\usbohci.sys
20:15:45.0417 0x11f4  usbohci - ok
20:15:45.0438 0x11f4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:15:45.0457 0x11f4  usbprint - ok
20:15:45.0484 0x11f4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:15:45.0529 0x11f4  USBSTOR - ok
20:15:45.0550 0x11f4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
20:15:45.0561 0x11f4  usbuhci - ok
20:15:45.0600 0x11f4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:15:45.0642 0x11f4  usbvideo - ok
20:15:45.0662 0x11f4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms          C:\Windows\System32\uxsms.dll
20:15:45.0704 0x11f4  UxSms - ok
20:15:45.0721 0x11f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:15:45.0731 0x11f4  VaultSvc - ok
20:15:45.0764 0x11f4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:15:45.0773 0x11f4  vdrvroot - ok
20:15:45.0804 0x11f4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds            C:\Windows\System32\vds.exe
20:15:45.0861 0x11f4  vds - ok
20:15:45.0887 0x11f4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
20:15:45.0914 0x11f4  vga - ok
20:15:45.0920 0x11f4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\Windows\System32\drivers\vga.sys
20:15:45.0960 0x11f4  VgaSave - ok
20:15:45.0983 0x11f4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
20:15:45.0997 0x11f4  vhdmp - ok
20:15:46.0021 0x11f4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:15:46.0030 0x11f4  viaide - ok
20:15:46.0069 0x11f4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:15:46.0079 0x11f4  volmgr - ok
20:15:46.0100 0x11f4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
20:15:46.0118 0x11f4  volmgrx - ok
20:15:46.0141 0x11f4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap        C:\Windows\system32\drivers\volsnap.sys
20:15:46.0158 0x11f4  volsnap - ok
20:15:46.0186 0x11f4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
20:15:46.0198 0x11f4  vsmraid - ok
20:15:46.0274 0x11f4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS            C:\Windows\system32\vssvc.exe
20:15:46.0361 0x11f4  VSS - ok
20:15:46.0383 0x11f4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:15:46.0406 0x11f4  vwifibus - ok
20:15:46.0427 0x11f4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:15:46.0453 0x11f4  vwififlt - ok
20:15:46.0490 0x11f4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time        C:\Windows\system32\w32time.dll
20:15:46.0546 0x11f4  W32Time - ok
20:15:46.0560 0x11f4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:15:46.0572 0x11f4  WacomPen - ok
20:15:46.0603 0x11f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:15:46.0649 0x11f4  WANARP - ok
20:15:46.0653 0x11f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:15:46.0682 0x11f4  Wanarpv6 - ok
20:15:46.0757 0x11f4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:15:46.0853 0x11f4  wbengine - ok
20:15:46.0889 0x11f4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:15:46.0918 0x11f4  WbioSrvc - ok
20:15:46.0936 0x11f4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
20:15:46.0988 0x11f4  wcncsvc - ok
20:15:47.0009 0x11f4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:15:47.0046 0x11f4  WcsPlugInService - ok
20:15:47.0069 0x11f4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:15:47.0079 0x11f4  Wd - ok
20:15:47.0115 0x11f4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:15:47.0145 0x11f4  Wdf01000 - ok
20:15:47.0179 0x11f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:15:47.0252 0x11f4  WdiServiceHost - ok
20:15:47.0256 0x11f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost  C:\Windows\system32\wdi.dll
20:15:47.0273 0x11f4  WdiSystemHost - ok
20:15:47.0310 0x11f4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient      C:\Windows\System32\webclnt.dll
20:15:47.0343 0x11f4  WebClient - ok
20:15:47.0382 0x11f4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:15:47.0428 0x11f4  Wecsvc - ok
20:15:47.0439 0x11f4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
20:15:47.0476 0x11f4  wercplsupport - ok
20:15:47.0505 0x11f4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:15:47.0537 0x11f4  WerSvc - ok
20:15:47.0575 0x11f4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:15:47.0604 0x11f4  WfpLwf - ok
20:15:47.0614 0x11f4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:15:47.0623 0x11f4  WIMMount - ok
20:15:47.0650 0x11f4  WinDefend - ok
20:15:47.0654 0x11f4  WinHttpAutoProxySvc - ok
20:15:47.0720 0x11f4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
20:15:47.0764 0x11f4  Winmgmt - ok
20:15:47.0849 0x11f4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM          C:\Windows\system32\WsmSvc.dll
20:15:47.0936 0x11f4  WinRM - ok
20:15:47.0992 0x11f4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:15:48.0023 0x11f4  WinUsb - ok
20:15:48.0087 0x11f4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc        C:\Windows\System32\wlansvc.dll
20:15:48.0133 0x11f4  Wlansvc - ok
20:15:48.0174 0x11f4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
20:15:48.0188 0x11f4  WmiAcpi - ok
20:15:48.0218 0x11f4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:15:48.0235 0x11f4  wmiApSrv - ok
20:15:48.0270 0x11f4  WMPNetworkSvc - ok
20:15:48.0307 0x11f4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:15:48.0332 0x11f4  WPCSvc - ok
20:15:48.0349 0x11f4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:15:48.0384 0x11f4  WPDBusEnum - ok
20:15:48.0409 0x11f4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
20:15:48.0455 0x11f4  ws2ifsl - ok
20:15:48.0474 0x11f4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
20:15:48.0506 0x11f4  wscsvc - ok
20:15:48.0509 0x11f4  WSearch - ok
20:15:48.0598 0x11f4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:15:48.0671 0x11f4  wuauserv - ok
20:15:48.0704 0x11f4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:15:48.0763 0x11f4  WudfPf - ok
20:15:48.0803 0x11f4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:15:48.0837 0x11f4  WUDFRd - ok
20:15:48.0872 0x11f4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
20:15:48.0892 0x11f4  wudfsvc - ok
20:15:48.0920 0x11f4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc        C:\Windows\System32\wwansvc.dll
20:15:48.0960 0x11f4  WwanSvc - ok
20:15:49.0023 0x11f4  X6va022 - ok
20:15:49.0039 0x11f4  xhunter1 - ok
20:15:49.0057 0x11f4  ================ Scan global ===============================
20:15:49.0085 0x11f4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:15:49.0120 0x11f4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:15:49.0132 0x11f4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:15:49.0154 0x11f4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:15:49.0183 0x11f4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:15:49.0192 0x11f4  [ Global ] - ok
20:15:49.0192 0x11f4  ================ Scan MBR ==================================
20:15:49.0201 0x11f4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:15:49.0499 0x11f4  \Device\Harddisk0\DR0 - ok
20:15:49.0499 0x11f4  ================ Scan VBR ==================================
20:15:49.0501 0x11f4  [ 577E3C82AC5D7E280B12AE15935A1A7C ] \Device\Harddisk0\DR0\Partition1
20:15:49.0502 0x11f4  \Device\Harddisk0\DR0\Partition1 - ok
20:15:49.0504 0x11f4  [ 020B3759BEFBA497AEE67C16502F25F8 ] \Device\Harddisk0\DR0\Partition2
20:15:49.0505 0x11f4  \Device\Harddisk0\DR0\Partition2 - ok
20:15:49.0505 0x11f4  ================ Scan generic autorun ======================
20:15:49.0987 0x11f4  [ 47D99FEC44A9E082B2D761AB5A938CA8, FF8CAD5CD331A7DAFAA616C530F500E74663EC86BB832032D2EFD3F77EBF75FF ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:15:50.0432 0x11f4  RtHDVCpl - ok
20:15:50.0447 0x11f4  ETDCtrl - ok
20:15:50.0479 0x11f4  [ F9C98AE9182EFD66467E05E1DB2DC764, F6CE070D95B30EB58B0EFE18014EAEB63F20CB6214D67D0B85454508B34E3655 ] C:\Windows\system32\igfxtray.exe
20:15:50.0491 0x11f4  IgfxTray - ok
20:15:50.0509 0x11f4  [ 171609A87B7EF490E67B4B4B986A1DD7, 6CA5AB65C5264AC35EA2548C21353036311799D9A5CA1D7F8F1FEF69818BF7A1 ] C:\Windows\system32\hkcmd.exe
20:15:50.0526 0x11f4  HotKeysCmds - ok
20:15:50.0552 0x11f4  [ 6E257CC7E39A38C492CE1F61CB632E57, 1250614B28FD6111617D2E497AA075E33BC97E28D480F53367D3AEAE929C42CE ] C:\Windows\system32\igfxpers.exe
20:15:50.0569 0x11f4  Persistence - ok
20:15:50.0706 0x11f4  [ 05470C684B62C2F86325D8685E4513CB, EDE70A162AFA104D774AE1D8D3A077F2C12940851EC5BA785242F4032EEA902E ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
20:15:50.0776 0x11f4  NvBackend - ok
20:15:50.0801 0x11f4  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
20:15:50.0828 0x11f4  ShadowPlay - ok
20:15:50.0904 0x11f4  [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] c:\Program Files\Microsoft Security Client\msseces.exe
20:15:50.0949 0x11f4  MSC - ok
20:15:51.0043 0x11f4  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:15:51.0075 0x11f4  Adobe ARM - ok
20:15:51.0130 0x11f4  [ BE3F6956EF8FEF4AAD1F67334C406839, 606A5A6309259D89AFA9E17EA248EE63F044E371EB038812FC7CF40F1E03BCA4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:15:51.0150 0x11f4  SunJavaUpdateSched - ok
20:15:51.0380 0x11f4  [ CC78200C3ECFFA178E78308A0E160D80, 4E02D6827A99401781032A397663770FA7BE56397AA20F6E2FACE0A0004109C5 ] C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe
20:15:52.0814 0x11f4  Akamai NetSession Interface - ok
20:15:52.0904 0x11f4  [ D72D08898E2BA14B8FD6E9533C714385, F4337D46BBB5886ED654157C3BB1B2779376E919F1C5D8E5FF2F8C6B7306F8C4 ] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
20:15:53.0123 0x11f4  FileHippo.com - detected UnsignedFile.Multi.Generic ( 1 )
20:15:55.0469 0x11f4  Detect skipped due to KSN trusted
20:15:55.0470 0x11f4  FileHippo.com - ok
20:15:55.0470 0x11f4  Waiting for KSN requests completion. In queue: 75
20:15:56.0470 0x11f4  Waiting for KSN requests completion. In queue: 75
20:15:57.0470 0x11f4  Waiting for KSN requests completion. In queue: 75
20:15:58.0479 0x11f4  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )
20:15:58.0526 0x11f4  Win FW state via NFP2: enabled
20:16:01.0004 0x11f4  ============================================================
20:16:01.0004 0x11f4  Scan finished
20:16:01.0004 0x11f4  ============================================================
20:16:01.0010 0x12c4  Detected object count: 0
20:16:01.0010 0x12c4  Actual detected object count: 0

Beste Grüße!

cosinus 06.09.2014 19:23

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Prejudice 06.09.2014 19:56

Schon mal DANKE für die schnellen Antworten!

Code:

# AdwCleaner v3.309 - Bericht erstellt am 06/09/2014 um 20:37:17
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Nico - NICO-PC
# Gestartet von : C:\Users\Nico\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\END

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Google Chrome v37.0.2062.103

[ Datei : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R10].txt - [1549 octets] - [31/07/2014 16:56:49]
AdwCleaner[R11].txt - [1610 octets] - [05/08/2014 15:31:18]
AdwCleaner[R12].txt - [2201 octets] - [30/08/2014 12:12:37]
AdwCleaner[R13].txt - [2135 octets] - [06/09/2014 20:36:20]
AdwCleaner[R2].txt - [1819 octets] - [26/06/2014 17:18:46]
AdwCleaner[R3].txt - [999 octets] - [30/06/2014 11:26:55]
AdwCleaner[R4].txt - [1058 octets] - [01/07/2014 10:54:13]
AdwCleaner[R5].txt - [1119 octets] - [03/07/2014 15:17:26]
AdwCleaner[R6].txt - [1239 octets] - [05/07/2014 14:10:00]
AdwCleaner[R7].txt - [1386 octets] - [11/07/2014 16:20:43]
AdwCleaner[R8].txt - [1325 octets] - [19/07/2014 22:59:32]
AdwCleaner[R9].txt - [1703 octets] - [26/07/2014 17:07:30]
AdwCleaner[S0].txt - [1547 octets] - [26/06/2014 17:21:48]
AdwCleaner[S1].txt - [1059 octets] - [30/06/2014 11:28:26]
AdwCleaner[S2].txt - [1181 octets] - [03/07/2014 15:26:51]
AdwCleaner[S3].txt - [2009 octets] - [06/09/2014 20:37:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2069 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nico on 06.09.2014 at 20:44:41,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.09.2014 at 20:50:31,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by Nico (administrator) on NICO-PC on 06-09-2014 20:51:25
Running from C:\Users\Nico\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Akamai Technologies, Inc.) C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-07-26] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2048815063-3532768989-2356643285-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nico\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2048815063-3532768989-2356643285-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {74F9432C-AA05-4FB6-867D-BD2D30880251} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> DDF7DD28148308F6FA6A9F16A9758D4081E7A354CD81BFA25229213B1BD82B56
CHR DefaultSearchProvider: Default -> B05EB190E7A662CFD2ECAECAC3862C75BA718B005A769F04C97091678E147B07
CHR DefaultSearchURL: Default -> 06AD2463E0DC38E71606B1210B4B3A51A9FD521ADE7DF14ECCA9C6312A612358
CHR Profile: C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11]
CHR Extension: (Google Drive) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (Adblock Plus) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-11]
CHR Extension: (Google-Suche) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR Extension: (Google Mail) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-09-05] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-07-26] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 20:51 - 2014-09-06 20:52 - 00014568 _____ () C:\Users\Nico\Desktop\FRST.txt
2014-09-06 20:50 - 2014-09-06 20:50 - 00002149 _____ () C:\Users\Nico\Desktop\Neues Textdokument.txt
2014-09-06 20:50 - 2014-09-06 20:50 - 00000694 _____ () C:\Users\Nico\Desktop\JRT.txt
2014-09-06 20:44 - 2014-09-06 20:44 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 20:39 - 2014-09-06 20:39 - 00000168 _____ () C:\Windows\setupact.log
2014-09-06 20:39 - 2014-09-06 20:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:38 - 2014-09-06 20:38 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-06 20:35 - 2014-09-06 20:35 - 02104832 _____ (Farbar) C:\Users\Nico\Desktop\FRST64.exe
2014-09-06 20:35 - 2014-09-06 20:35 - 01016261 _____ (Thisisu) C:\Users\Nico\Desktop\JRT.exe
2014-09-06 20:34 - 2014-09-06 20:35 - 01370467 _____ () C:\Users\Nico\Desktop\adwcleaner_3.309.exe
2014-09-06 19:22 - 2014-09-06 19:23 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Nico\Desktop\tdsskiller.exe
2014-09-06 15:36 - 2014-09-06 20:51 - 00000000 ____D () C:\FRST
2014-09-05 18:45 - 2014-09-05 18:45 - 00000934 _____ () C:\Users\Nico\Desktop\Sweet Home 3D.lnk
2014-09-05 18:45 - 2014-09-05 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2014-09-05 18:45 - 2014-09-05 18:45 - 00000000 ____D () C:\Program Files\Sweet Home 3D
2014-09-05 12:56 - 2014-09-05 12:56 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-09-05 12:56 - 2014-09-05 12:56 - 00000000 ____D () C:\ProgramData\BitRaider
2014-09-05 12:55 - 2014-09-05 12:55 - 00001439 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-05 12:54 - 2014-09-05 12:55 - 00014271 _____ () C:\Users\Nico\Documents\Install STAR WARS The Old Republic.log
2014-09-03 23:49 - 2014-09-03 23:50 - 00001103 _____ () C:\Users\Public\Desktop\Diablo II.lnk
2014-09-03 23:49 - 2014-09-03 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-09-03 23:49 - 2014-09-03 23:50 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-09-03 14:02 - 2014-09-03 14:02 - 00004146 _____ () C:\Windows\System32\Tasks\Definitionsupdate Microsoft Security Essentials
2014-09-03 13:47 - 2014-09-03 13:47 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-03 13:47 - 2014-09-03 13:47 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-03 13:47 - 2014-09-03 13:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Guild Wars 2
2014-09-02 11:43 - 2014-09-02 11:43 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-09-02 11:43 - 2014-09-02 11:43 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-02 11:16 - 2014-09-02 11:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 11:15 - 2014-09-02 11:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 11:08 - 2014-09-02 11:08 - 00000000 ____D () C:\Users\Nico\Documents\Diablo III
2014-09-01 22:25 - 2014-09-01 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-01 22:23 - 2014-09-02 11:07 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-01 22:11 - 2014-09-01 22:11 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-01 21:21 - 2014-09-03 13:35 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Panda Security
2014-09-01 21:20 - 2014-09-03 13:40 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-09-01 21:19 - 2014-09-03 13:35 - 00000000 ____D () C:\ProgramData\Panda Security
2014-08-31 03:48 - 2014-08-31 03:48 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-31 02:43 - 2014-08-31 02:50 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Curse Client
2014-08-31 02:43 - 2014-08-31 02:43 - 00001028 _____ () C:\Users\Nico\Desktop\Curse.lnk
2014-08-31 02:43 - 2014-08-31 02:43 - 00001014 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-08-30 12:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-30 12:04 - 2014-09-02 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-30 12:04 - 2014-08-30 12:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-30 12:03 - 2014-08-30 12:03 - 00000000 ____D () C:\Program Files\Java
2014-08-30 11:57 - 2014-08-30 11:57 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-30 11:57 - 2014-08-30 11:57 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-30 11:36 - 2014-08-30 11:36 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-30 10:37 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 10:37 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 10:37 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 14:39 - 2014-08-17 15:42 - 00000000 ____D () C:\Users\Nico\AppData\Local\Microsoft Game Studios
2014-08-17 14:38 - 2014-08-17 15:43 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-08-17 14:37 - 2014-08-17 15:43 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft Game Studios
2014-08-17 13:35 - 2014-08-17 13:44 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Apple Computer
2014-08-17 13:35 - 2014-08-17 13:35 - 00000000 ____D () C:\Users\Nico\AppData\Local\Apple Computer
2014-08-17 13:34 - 2014-08-30 11:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-17 13:34 - 2014-08-17 13:34 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-17 13:33 - 2014-08-17 13:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\Apple
2014-08-17 13:32 - 2014-08-30 11:30 - 00000000 ____D () C:\ProgramData\Apple
2014-08-14 20:19 - 2014-08-30 10:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\FreePDF_XP
2014-08-14 20:17 - 2014-08-18 12:09 - 00000000 ____D () C:\Users\Nico\Desktop\BA
2014-08-14 20:10 - 2014-08-14 20:10 - 00000000 ____D () C:\Users\Nico\AppData\Local\PDF24
2014-08-14 11:47 - 2014-08-14 11:47 - 00000000 ____D () C:\Users\Nico\AppData\Local\Secunia PSI
2014-08-14 11:42 - 2014-08-14 11:42 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-13 15:54 - 2014-08-13 15:54 - 00000000 ____D () C:\Users\Nico\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-13 15:07 - 2014-08-18 21:03 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico-PC-Nico Nico-PC
2014-08-13 15:01 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 15:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 15:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 15:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 15:01 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 15:01 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 15:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 15:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 13:16 - 2014-08-13 13:16 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-13 13:07 - 2014-08-30 11:37 - 00000000 ____D () C:\ProgramData\FreePDF
2014-08-13 13:07 - 2014-08-30 11:37 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2014-08-13 13:06 - 2014-08-13 13:06 - 00000000 ____D () C:\Program Files\gs
2014-08-13 13:00 - 2014-08-13 13:00 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-13 12:57 - 2014-08-13 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-13 12:55 - 2014-08-30 10:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-13 12:46 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 12:46 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 12:46 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 12:46 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 12:46 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 12:46 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 12:46 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 12:46 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 12:45 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 12:45 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 12:45 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 12:45 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 12:45 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 12:45 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 12:45 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 12:45 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 12:45 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 12:45 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 12:45 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 12:45 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 12:45 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 12:45 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 12:45 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 12:45 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 12:45 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 12:45 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 12:45 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 12:45 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 12:45 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 12:45 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 12:45 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 12:45 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 12:45 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 12:45 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 12:45 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 12:45 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 12:45 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 12:45 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 12:45 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 12:45 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 12:45 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 12:45 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 12:45 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 12:45 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 12:45 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 12:45 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 12:45 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 12:45 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 12:45 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 12:45 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 12:45 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 12:45 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 12:45 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 12:45 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 12:45 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 12:45 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 12:45 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 12:45 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 12:45 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 12:45 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 12:45 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 12:45 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 12:45 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 12:45 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 12:45 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 12:45 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 12:45 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 12:45 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 12:45 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 12:45 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 12:45 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 12:45 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 12:45 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 12:45 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 12:45 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 12:45 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 12:44 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 12:44 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 12:44 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 12:44 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 14:30 - 2014-08-12 14:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\The Lord of the Rings Online
2014-08-11 22:33 - 2014-08-12 13:28 - 00000000 ____D () C:\Users\Nico\AppData\Local\Turbine
2014-08-11 22:31 - 2014-08-11 22:31 - 00000000 ____D () C:\Program Files (x86)\Turbine
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 20:04 - 2014-09-06 20:40 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 20:04 - 2014-09-06 20:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 20:04 - 2014-08-30 11:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-11 20:04 - 2014-08-18 19:42 - 00000000 ____D () C:\Users\Nico\AppData\Local\Google
2014-08-11 20:04 - 2014-08-11 20:04 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-11 20:04 - 2014-08-11 20:04 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-10 22:48 - 2014-08-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Flixster
2014-08-10 22:39 - 2014-08-12 14:29 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\dvdcss
2014-08-10 18:06 - 2014-08-10 22:44 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-08-08 17:06 - 2014-08-09 18:06 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Origin
2014-08-08 17:04 - 2014-08-10 20:11 - 00000000 ____D () C:\ProgramData\Origin
2014-08-08 13:28 - 2014-08-08 13:28 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\NVIDIA

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 20:52 - 2014-09-06 20:51 - 00014568 _____ () C:\Users\Nico\Desktop\FRST.txt
2014-09-06 20:51 - 2014-09-06 15:36 - 00000000 ____D () C:\FRST
2014-09-06 20:50 - 2014-09-06 20:50 - 00002149 _____ () C:\Users\Nico\Desktop\Neues Textdokument.txt
2014-09-06 20:50 - 2014-09-06 20:50 - 00000694 _____ () C:\Users\Nico\Desktop\JRT.txt
2014-09-06 20:47 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 20:47 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 20:44 - 2014-09-06 20:44 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 20:44 - 2014-04-09 03:05 - 01416186 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 20:40 - 2014-08-11 20:04 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 20:40 - 2014-04-21 17:31 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-06 20:39 - 2014-09-06 20:39 - 00000168 _____ () C:\Windows\setupact.log
2014-09-06 20:39 - 2014-09-06 20:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 20:38 - 2014-09-06 20:38 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-06 20:37 - 2014-06-26 17:18 - 00000000 ____D () C:\AdwCleaner
2014-09-06 20:37 - 2014-04-10 21:00 - 00000000 ____D () C:\Users\Nico\AppData\Local\Battle.net
2014-09-06 20:35 - 2014-09-06 20:35 - 02104832 _____ (Farbar) C:\Users\Nico\Desktop\FRST64.exe
2014-09-06 20:35 - 2014-09-06 20:35 - 01016261 _____ (Thisisu) C:\Users\Nico\Desktop\JRT.exe
2014-09-06 20:35 - 2014-09-06 20:34 - 01370467 _____ () C:\Users\Nico\Desktop\adwcleaner_3.309.exe
2014-09-06 20:09 - 2014-08-11 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 19:23 - 2014-09-06 19:22 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Nico\Desktop\tdsskiller.exe
2014-09-06 15:39 - 2014-07-22 18:27 - 00253440 ___SH () C:\Users\Nico\Desktop\Thumbs.db
2014-09-06 15:14 - 2014-06-16 16:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 15:13 - 2014-04-10 20:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-05 18:45 - 2014-09-05 18:45 - 00000934 _____ () C:\Users\Nico\Desktop\Sweet Home 3D.lnk
2014-09-05 18:45 - 2014-09-05 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2014-09-05 18:45 - 2014-09-05 18:45 - 00000000 ____D () C:\Program Files\Sweet Home 3D
2014-09-05 12:56 - 2014-09-05 12:56 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-09-05 12:56 - 2014-09-05 12:56 - 00000000 ____D () C:\ProgramData\BitRaider
2014-09-05 12:55 - 2014-09-05 12:55 - 00001439 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-05 12:55 - 2014-09-05 12:54 - 00014271 _____ () C:\Users\Nico\Documents\Install STAR WARS The Old Republic.log
2014-09-05 12:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-04 10:58 - 2009-07-14 06:45 - 05069424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-03 23:50 - 2014-09-03 23:49 - 00001103 _____ () C:\Users\Public\Desktop\Diablo II.lnk
2014-09-03 23:50 - 2014-09-03 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-09-03 23:50 - 2014-09-03 23:49 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-09-03 23:50 - 2014-06-24 22:11 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-03 23:14 - 2014-04-09 07:07 - 00000000 ____D () C:\Users\Nico
2014-09-03 15:14 - 2014-04-09 19:49 - 00000000 ____D () C:\Users\Nico\AppData\Local\PMB Files
2014-09-03 14:44 - 2014-04-09 19:49 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-03 14:02 - 2014-09-03 14:02 - 00004146 _____ () C:\Windows\System32\Tasks\Definitionsupdate Microsoft Security Essentials
2014-09-03 13:47 - 2014-09-03 13:47 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-03 13:47 - 2014-09-03 13:47 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-03 13:47 - 2014-09-03 13:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-03 13:47 - 2014-06-24 17:28 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-03 13:47 - 2014-04-09 14:40 - 00139816 _____ () C:\Users\Nico\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-03 13:46 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Nico\Documents\CCleaner
2014-09-03 13:45 - 2014-04-11 13:18 - 00000000 ____D () C:\Windows\Minidump
2014-09-03 13:40 - 2014-09-01 21:20 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-09-03 13:35 - 2014-09-01 21:21 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Panda Security
2014-09-03 13:35 - 2014-09-01 21:19 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Guild Wars 2
2014-09-02 11:43 - 2014-09-02 11:43 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-09-02 11:43 - 2014-09-02 11:43 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-02 11:16 - 2014-04-09 17:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-02 11:15 - 2014-09-02 11:16 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-02 11:15 - 2014-09-02 11:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 11:15 - 2014-09-02 11:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 11:15 - 2014-08-30 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-02 11:08 - 2014-09-02 11:08 - 00000000 ____D () C:\Users\Nico\Documents\Diablo III
2014-09-02 11:07 - 2014-09-01 22:23 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-01 22:25 - 2014-09-01 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-01 22:11 - 2014-09-01 22:11 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-31 03:50 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\AVAST Software
2014-08-31 03:50 - 2014-07-12 19:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 03:50 - 2014-07-12 19:53 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 03:48 - 2014-08-31 03:48 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-31 02:50 - 2014-08-31 02:43 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Curse Client
2014-08-31 02:43 - 2014-08-31 02:43 - 00001028 _____ () C:\Users\Nico\Desktop\Curse.lnk
2014-08-31 02:43 - 2014-08-31 02:43 - 00001014 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-08-30 12:04 - 2014-08-30 12:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-30 12:03 - 2014-08-30 12:03 - 00000000 ____D () C:\Program Files\Java
2014-08-30 11:57 - 2014-08-30 11:57 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-30 11:57 - 2014-08-30 11:57 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-30 11:57 - 2014-08-30 11:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-30 11:45 - 2014-04-10 21:03 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-30 11:44 - 2014-04-24 19:52 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-08-30 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-30 11:40 - 2014-08-17 13:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-30 11:38 - 2014-08-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-30 11:37 - 2014-08-13 13:07 - 00000000 ____D () C:\ProgramData\FreePDF
2014-08-30 11:37 - 2014-08-13 13:07 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2014-08-30 11:37 - 2014-04-25 17:57 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\DVDVideoSoft
2014-08-30 11:36 - 2014-08-30 11:36 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-30 11:35 - 2014-07-13 13:36 - 00000000 ____D () C:\Users\Nico\AppData\Local\Deployment
2014-08-30 11:30 - 2014-08-17 13:32 - 00000000 ____D () C:\ProgramData\Apple
2014-08-30 11:20 - 2011-03-20 11:08 - 00698980 _____ () C:\Windows\system32\perfh007.dat
2014-08-30 11:20 - 2011-03-20 11:08 - 00149088 _____ () C:\Windows\system32\perfc007.dat
2014-08-30 11:20 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 11:19 - 2014-04-10 18:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-30 11:19 - 2014-04-09 16:45 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Adobe
2014-08-30 11:18 - 2014-04-10 18:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-30 11:17 - 2014-06-24 16:56 - 00000000 ____D () C:\Users\Nico\AppData\Local\Adobe
2014-08-30 11:16 - 2014-04-09 17:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-30 10:40 - 2014-08-13 12:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-30 10:30 - 2014-08-14 20:19 - 00000000 ____D () C:\Users\Nico\AppData\Local\FreePDF_XP
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-30 10:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 10:37 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 10:37 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 21:03 - 2014-08-13 15:07 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico-PC-Nico Nico-PC
2014-08-18 20:51 - 2014-07-12 19:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-18 19:42 - 2014-08-11 20:04 - 00000000 ____D () C:\Users\Nico\AppData\Local\Google
2014-08-18 12:09 - 2014-08-14 20:17 - 00000000 ____D () C:\Users\Nico\Desktop\BA
2014-08-17 15:43 - 2014-08-17 14:38 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-08-17 15:43 - 2014-08-17 14:37 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft Game Studios
2014-08-17 15:42 - 2014-08-17 14:39 - 00000000 ____D () C:\Users\Nico\AppData\Local\Microsoft Game Studios
2014-08-17 13:44 - 2014-08-17 13:35 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Apple Computer
2014-08-17 13:35 - 2014-08-17 13:35 - 00000000 ____D () C:\Users\Nico\AppData\Local\Apple Computer
2014-08-17 13:34 - 2014-08-17 13:34 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-17 13:33 - 2014-08-17 13:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\Apple
2014-08-14 20:10 - 2014-08-14 20:10 - 00000000 ____D () C:\Users\Nico\AppData\Local\PDF24
2014-08-14 12:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 11:47 - 2014-08-14 11:47 - 00000000 ____D () C:\Users\Nico\AppData\Local\Secunia PSI
2014-08-14 11:42 - 2014-08-14 11:42 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-14 11:41 - 2014-07-26 15:29 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nico)
2014-08-13 19:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 17:43 - 2014-06-15 22:52 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\vlc
2014-08-13 15:54 - 2014-08-13 15:54 - 00000000 ____D () C:\Users\Nico\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-13 15:10 - 2014-04-09 12:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:06 - 2014-04-09 12:46 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 15:00 - 2014-04-30 09:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 13:16 - 2014-08-13 13:16 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-13 13:06 - 2014-08-13 13:06 - 00000000 ____D () C:\Program Files\gs
2014-08-13 13:01 - 2014-08-13 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-13 13:00 - 2014-08-13 13:00 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-08-13 13:00 - 2014-06-05 13:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-13 12:57 - 2014-04-09 07:07 - 00000000 ____D () C:\Users\Nico\AppData\Local\VirtualStore
2014-08-13 12:52 - 2014-06-05 13:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 12:51 - 2010-11-21 09:16 - 00000000 ____D () C:\Windows\ShellNew
2014-08-12 14:40 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-12 14:30 - 2014-08-12 14:30 - 00000000 ____D () C:\Users\Nico\AppData\Local\The Lord of the Rings Online
2014-08-12 14:29 - 2014-08-10 22:39 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\dvdcss
2014-08-12 13:28 - 2014-08-11 22:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\Turbine
2014-08-11 22:31 - 2014-08-11 22:31 - 00000000 ____D () C:\Program Files (x86)\Turbine
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 20:04 - 2014-08-11 20:04 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-11 20:04 - 2014-08-11 20:04 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-10 22:48 - 2014-08-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Flixster
2014-08-10 22:48 - 2014-04-10 18:15 - 00000883 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flixster.lnk
2014-08-10 22:48 - 2014-04-10 18:15 - 00000871 _____ () C:\Users\Public\Desktop\Flixster.lnk
2014-08-10 22:44 - 2014-08-10 18:06 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-08-10 20:11 - 2014-08-08 17:04 - 00000000 ____D () C:\ProgramData\Origin
2014-08-10 20:00 - 2014-06-11 12:33 - 00000000 ____D () C:\Users\Nico\AppData\Local\PunkBuster
2014-08-10 20:00 - 2014-06-10 18:52 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-10 18:06 - 2014-06-10 18:52 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-10 18:06 - 2014-06-10 18:52 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-09 18:06 - 2014-08-08 17:06 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Origin
2014-08-08 13:28 - 2014-08-08 13:28 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\NVIDIA
2014-08-07 04:06 - 2014-08-13 12:44 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 12:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Nico\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 10:39

==================== End Of Log ============================

--- --- ---


Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014
Ran by Nico at 2014-09-06 20:52:18
Running from C:\Users\Nico\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 10.7.14.12_WHQL (HKLM\...\Elantech) (Version: 10.7.14.12 - ELAN Microelectronic Corp.)
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.3 - Warner Bros. Entertainment, Inc.)
Flixster (x32 Version: 2.2.3 - Warner Bros. Entertainment, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.50 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sweet Home 3D version 4.4 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-09-2014 08:32:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-06-16 21:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11B6C961-646C-4299-A8E8-4D74A09F81CE} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {15FEFD6F-F3C6-4321-AC6C-3C5F0B4ECB40} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {19AA24C7-EC7F-48DC-A4D3-A6DF22B2EBB3} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {1CC4B017-9C5D-4093-A7F4-AC9BB2F06D01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {4D8C196A-841F-440D-9F8D-C90BA6D1E4B9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {5BDF5EE3-83B0-4DF2-88BC-8016796DA31B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11] (Google Inc.)
Task: {6D558D4F-D6C4-41AE-8DC6-29C8182D38E8} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-12] (Samsung Electronics)
Task: {8B616943-0705-4797-8069-F060BAE38A6C} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {8D0ED9DD-EE46-4530-B95B-639666D07700} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {95981088-BD5D-4688-80C8-27EF913898F0} - System32\Tasks\Definitionsupdate Microsoft Security Essentials => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2014-03-11] (Microsoft Corporation)
Task: {A5BCB12D-903D-4DAB-A912-3F196B2BE7E6} - System32\Tasks\Driver Booster SkipUAC (Nico) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {A9987F19-648B-49BD-801B-C784996E8D2F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico-PC-Nico Nico-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-13] (Microsoft Corporation)
Task: {AC0FA78E-5944-4B90-BAA8-7D9A7BA07548} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {DAA03928-2A88-4516-97C5-37C178E4F1D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11] (Google Inc.)
Task: {F32A8609-7E6D-46FA-AA59-35AB909920A5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-04 17:08 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-13 12:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-10 18:52 - 2014-08-10 18:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-09 11:36 - 2014-04-09 11:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-04 16:59 - 2014-07-02 22:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-09 11:47 - 2010-07-05 19:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2014-04-09 11:34 - 2010-05-07 23:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-23 17:39:58.290
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.286
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.276
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.274
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-23 17:39:58.272
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-18 13:51:12.143
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-18 13:51:12.143
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-18 13:51:12.127
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-18 13:51:12.096
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 37%
Total physical RAM: 4008.29 MB
Available physical RAM: 2516.17 MB
Total Pagefile: 8014.76 MB
Available Pagefile: 6349.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:573.24 GB) (Free:467.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1F8D46A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=573.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.8 GB) - (Type=12)

==================== End Of Log ============================

Danke!
Beste Grüße!

cosinus 06.09.2014 20:38

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Prejudice 07.09.2014 12:16

Danke für die Antwort!

Anbei das Log von FRST Fix:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-09-2014
Ran by Nico at 2014-09-07 11:18:36 Run:1
Running from C:\Users\Nico\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp:
*****************

EmptyTemp: => Removed 244.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


cosinus 07.09.2014 12:25

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Prejudice 08.09.2014 13:11

So die Scans sind ausgeführt.

Eset schmeißt mir als Log allerdings nur folgendes aus:
Code:

ESETSmartInstaller@High as downloader log:
all ok

MBAM:

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 07.09.2014
Suchlauf-Zeit: 20:06:11
Logdatei: das.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.07.05
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Nico

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328276
Verstrichene Zeit: 8 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)


cosinus 08.09.2014 13:20

Zitat:

Eset schmeißt mir als Log allerdings nur folgendes aus:
Wir haben doch extra ne bebilderte Anleitung dazu
http://img.trojaner-board.de/alle-lo...-alle-logs.png

Prejudice 08.09.2014 15:23

So ich reiche mal den Scan von Eset nach:

Code:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=959c0137a814ae4280040ee8a1869cb0
# engine=20052
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-08 02:11:51
# local_time=2014-09-08 04:11:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 440662 33169505 0 0
# scanned=156161
# found=0
# cleaned=0
# scan_time=6267


cosinus 08.09.2014 15:39

Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Prejudice 08.09.2014 15:46

Alles Top.

Danke für deine Hilfe :)

cosinus 08.09.2014 15:47

Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132