Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: DHL Link angeklickt, aber nicht sicher ob er echt war

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.06.2015, 19:19   #1
esmoped
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Hallo Trojaner-Board Team,

meine Frau hat eine Mail von "DHL" bekommen, dass ihr Paket bei den Nachbarn abgegeben wurde. Wie meine Frau so ist, hat Sie nicht erst mal bei den 2 Nachbarn nachgefragt, sondern erst den Link angeklickt. Angeblich hat sich eine Seite geöffnet mit der Fehlermeldung 404. Auch kam keine ZIP Datei zum downloaden. Aber wer weiß das schon?!?

Im Download Ordner habe ich nichts gefunden.

Ein Scan mit Norton 360 ergab keine Funde.

Tatsächlich wurde bei den Nachbarn ein Päckchen abgegeben.

War die Mail jetzt echt oder Fake?


Da ich unsicher bin habe ich im Internet geschaut und diese Seite gefunden.
Hier wird allgemein empfohlen das Programm Farbar Recovery Scan Tool FRST64 zum ersten checken runter zu laden und die Logs hier zu posten.
Dies wollte ich schon mal machen, aber beim Downloaden meldet Norton 360 eine Schadsoftware:
Code:
ATTFilter
Dateiname: frst64.exe
Bedrohungsname: WS.Reputation.1
Vollständiger Pfad: c:\users\nicole\desktop\frst64.exe

____________________________



Details
Unbekannte Community-Verbreitung,* Unbekanntes Alter,* Risiko Mittel





Ursprung
Heruntergeladen von
*hxxp://download.bleepingcomputer.com/farbar/FRST64.exe





Aktivität
Ausgeführte Aktionen: Ausgeführte Aktionen: 1



____________________________



Auf Computern ab*
Nicht verfügbar


Zuletzt verwendet*
10.06.2015 um 19:57:44


Start-Element*
Nein


Gestartet*
Nein


____________________________


Unbekannt
Es ist nicht bekannt, wie viele Benutzer in der Norton Community diese Datei verwendet haben.

Unbekannt
Diese Dateiversion ist nicht bekannt.

Mittel
Das Risiko dieser Datei ist mittel.

Art der Bedrohung: Insight-Netzwerkbedrohung. Es bestehen mehrere Anzeichen, dass diese Datei nicht vertrauenswürdig und daher nicht sicher ist



____________________________


hxxp://download.bleepingcomputer.com/farbar/FRST64.exe

Datei heruntergeladen frst64.exe Bedrohungsname: WS.Reputation.1
  aus bleepingcomputer.com

Quelle: externe Medien



____________________________

Dateiaktionen

Datei: c:\users\nicole\desktop\ frst64.exe entfernt
____________________________


Dateiabdruck - SHA:
23b98f644f9bfe0b6e32e501cca88839ea890f22c65c722198e6a4c3c421a628
Dateiabdruck - MD5:
Nicht verfügbar
         
soll ich Norten deaktivieren? Ich bin verunsichert.

Wenn Ihr mir helfen könntet, wäre ich euch sehr dankbar.

Vielen Dank für Eure Mühe bereits im voraus.

Es Moped

Alt 10.06.2015, 19:26   #2
M-K-D-B
/// TB-Ausbilder
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Ja, Norton deaktivieren, das ist ein Fehlalarm.



Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________


Alt 10.06.2015, 20:30   #3
esmoped
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Vielen Dank für die schnelle Kontaktaufnahme.

hier die Logs:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Nicole (administrator) on Karl on 10-06-2015 21:07:40
Running from C:\Users\Nicole\Desktop
Loaded Profiles: Nicole (Available Profiles: Nicole)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\asus\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files (x86)\asus\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\ASUS Trans AiO\TaichiHome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\Connection Builder\conBuilder.exe
() C:\Program Files (x86)\asus\Splendid\ColorUService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\ASUS Trans AiO\AsRunASUSTransAiO.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\P1801 System Behavior\P1801Ctrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\SysWOW64\UMonit.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\ASUS Key Suite\AsKeySuite.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\asus\ASUS Ai Charger\AiChargerAP.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Apple Inc.) D:\Programme\itunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6844560 2012-11-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Atheros Communications)
HKLM\...\Run: [UMonit] => C:\Windows\SysWOW64\UMonit.exe [40960 2013-01-31] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-06-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => D:\Programme\MSOffice\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2014-02-28] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\Programme\itunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\Run: [DAEMON Tools Lite] => D:\Programme\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3494920 2014-01-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\MountPoints2: {375500e3-7178-11e3-824f-6c71d97d4814} - "H:\SETUP.EXE" 
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-1520285763-1857122015-4067979159-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-30] (Qualcomm Atheros Commnucations)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-02-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\MSOffice\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s77l0dnw.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\itunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s77l0dnw.default\Extensions\de_DE@dicts.j3e.de [2015-03-01]
FF Extension: Adblock Plus - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s77l0dnw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-06-10]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 Microsoft Office Groove Audit Service; D:\Programme\MSOffice\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]
S2 0141411388428713mcinstcleanup; C:\Users\Nicole\AppData\Local\Temp\014141~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2011-04-12] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-30] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-31] (Symantec Corporation)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150609.002\IDSvia64.sys [684248 2015-05-31] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.032\ENG64.SYS [129752 2015-05-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.032\EX64.SYS [2137304 2015-05-01] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-04-01] (Splashtop Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 21:07 - 2015-06-10 21:08 - 00019855 _____ C:\Users\Nicole\Desktop\FRST.txt
2015-06-10 21:07 - 2015-06-10 21:07 - 00000000 ____D C:\FRST
2015-06-10 21:05 - 2015-06-10 21:05 - 02108928 _____ (Farbar) C:\Users\Nicole\Desktop\frst64.exe
2015-06-10 19:55 - 2015-06-10 19:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-10 17:27 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 17:27 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 17:27 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 17:27 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 17:27 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 17:27 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 17:27 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 17:27 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 17:27 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 17:27 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 17:27 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 17:27 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 17:27 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 17:27 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 17:27 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 17:27 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 17:27 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 17:26 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 17:26 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 17:26 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 17:26 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 17:26 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 17:26 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 17:26 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 17:26 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 17:26 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 17:26 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 17:26 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 17:26 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 17:26 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 17:26 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 17:26 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 17:26 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 17:26 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 17:26 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 17:26 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 17:26 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 17:26 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 17:26 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 17:26 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 17:26 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 17:26 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 17:26 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 17:26 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 17:26 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 17:26 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 17:26 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 17:26 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 17:26 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 17:26 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 17:26 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 17:26 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 17:26 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 17:26 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 17:26 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 17:26 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 17:26 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 17:26 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 17:26 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 17:26 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 17:26 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 17:26 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 17:26 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 17:26 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 17:26 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 17:26 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 17:26 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 17:26 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 17:26 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 17:26 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 17:26 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 17:26 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 17:26 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-07 15:43 - 2015-06-07 15:43 - 00000000 ____D C:\Users\Nicole\AppData\Local\GWX
2015-06-05 07:50 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-05 07:50 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-02 17:46 - 2015-06-05 07:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-23 13:42 - 2015-05-23 13:42 - 01972544 _____ (Audible, Inc.) C:\Users\Nicole\Downloads\AudibleDM_iTunesSetup.exe
2015-05-19 09:47 - 2015-05-23 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-05-19 09:47 - 2015-05-23 13:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\Audible
2015-05-19 09:47 - 2015-05-19 09:47 - 00255352 _____ (Audible, Inc.) C:\WINDOWS\SysWOW64\awrdscdc.ax
2015-05-19 09:47 - 2015-05-19 09:47 - 00001992 _____ C:\Users\Nicole\Desktop\Audible Manager.lnk
2015-05-19 09:47 - 2015-05-19 09:47 - 00000000 ____D C:\Users\Public\Documents\Audible
2015-05-19 09:47 - 2015-05-19 09:47 - 00000000 ____D C:\Users\Nicole\Documents\Audible
2015-05-19 09:47 - 2015-05-19 09:47 - 00000000 ____D C:\Program Files (x86)\Audible
2015-05-19 09:47 - 2003-03-18 21:20 - 01060864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-05-19 09:42 - 2015-05-19 09:42 - 01730272 _____ (Audible Inc.) C:\Users\Nicole\Downloads\ActiveSetupN.exe
2015-05-13 09:31 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:31 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:43 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 08:43 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 08:43 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 08:43 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 08:43 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 08:43 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 08:43 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 08:43 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 08:43 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 08:43 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 08:43 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 08:43 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 08:43 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 08:43 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 08:43 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 08:43 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 08:43 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 08:43 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 08:43 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 08:43 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 08:43 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 08:43 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 08:43 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 08:43 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 08:43 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 08:43 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 08:43 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 08:43 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 08:43 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 08:43 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 08:43 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 08:43 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 08:43 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 08:43 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 08:43 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 08:43 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 08:43 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 08:43 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 08:43 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 21:03 - 2013-12-30 22:08 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-10 21:02 - 2013-11-14 09:27 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-10 21:02 - 2013-11-14 09:11 - 00765378 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-10 21:02 - 2013-11-14 09:11 - 00159696 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-10 21:01 - 2013-12-30 20:11 - 00000000 ___DO C:\Users\Nicole\SkyDrive
2015-06-10 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-10 20:59 - 2013-12-30 15:35 - 00000062 _____ C:\Users\Nicole\AppData\Roaming\sp_data.sys
2015-06-10 20:57 - 2013-12-30 19:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-10 20:57 - 2013-11-14 00:18 - 00063438 _____ C:\WINDOWS\PFRO.log
2015-06-10 20:57 - 2013-08-22 16:46 - 00323336 _____ C:\WINDOWS\setupact.log
2015-06-10 20:57 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-10 20:10 - 2013-12-30 19:21 - 01530934 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-10 19:53 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-10 19:52 - 2013-08-22 16:44 - 00557496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 19:51 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-10 19:50 - 2013-12-30 16:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 19:50 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 19:49 - 2013-12-30 16:42 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 19:48 - 2013-12-30 21:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 17:59 - 2013-12-30 15:44 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1520285763-1857122015-4067979159-1001
2015-06-10 17:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-08 08:30 - 2014-08-18 20:22 - 00000000 ____D C:\Users\Nicole\AppData\Local\Adobe
2015-06-08 08:29 - 2013-12-30 22:08 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-07 09:56 - 2015-04-18 09:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-07 09:56 - 2015-03-08 12:03 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-05 07:46 - 2013-12-30 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 18:18 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-20 09:00 - 2015-04-07 15:08 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-20 09:00 - 2015-04-07 15:08 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-15 20:56 - 2014-01-08 15:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 16:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-05-13 11:00 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-13 11:00 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 09:29 - 2013-11-14 09:13 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2013-12-30 15:35 - 2015-06-10 20:59 - 0000062 _____ () C:\Users\Nicole\AppData\Roaming\sp_data.sys
2014-01-07 13:11 - 2014-01-07 13:11 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Nicole\AppData\Local\Temp\ose00000.exe
C:\Users\Nicole\AppData\Local\Temp\_is4C8E.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 21:12

==================== End of log ============================
         


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Nicole (administrator) on Karl on 10-06-2015 21:07:40
Running from C:\Users\Nicole\Desktop
Loaded Profiles: Nicole (Available Profiles: Nicole)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\asus\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files (x86)\asus\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\ASUS Trans AiO\TaichiHome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\Connection Builder\conBuilder.exe
() C:\Program Files (x86)\asus\Splendid\ColorUService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\ASUS Trans AiO\AsRunASUSTransAiO.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\P1801 System Behavior\P1801Ctrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\SysWOW64\UMonit.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\asus\ASUS Key Suite\AsKeySuite.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\asus\ASUS Ai Charger\AiChargerAP.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Apple Inc.) D:\Programme\itunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6844560 2012-11-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Atheros Communications)
HKLM\...\Run: [UMonit] => C:\Windows\SysWOW64\UMonit.exe [40960 2013-01-31] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-06-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => D:\Programme\MSOffice\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2014-02-28] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\Programme\itunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\Run: [DAEMON Tools Lite] => D:\Programme\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3494920 2014-01-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\MountPoints2: {375500e3-7178-11e3-824f-6c71d97d4814} - "H:\SETUP.EXE" 
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-1520285763-1857122015-4067979159-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-30] (Qualcomm Atheros Commnucations)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-02-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\MSOffice\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s77l0dnw.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\itunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s77l0dnw.default\Extensions\de_DE@dicts.j3e.de [2015-03-01]
FF Extension: Adblock Plus - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s77l0dnw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-06-10]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 Microsoft Office Groove Audit Service; D:\Programme\MSOffice\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]
S2 0141411388428713mcinstcleanup; C:\Users\Nicole\AppData\Local\Temp\014141~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2011-04-12] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-30] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-31] (Symantec Corporation)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150609.002\IDSvia64.sys [684248 2015-05-31] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.032\ENG64.SYS [129752 2015-05-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.032\EX64.SYS [2137304 2015-05-01] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-04-01] (Splashtop Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 21:07 - 2015-06-10 21:08 - 00019855 _____ C:\Users\Nicole\Desktop\FRST.txt
2015-06-10 21:07 - 2015-06-10 21:07 - 00000000 ____D C:\FRST
2015-06-10 21:05 - 2015-06-10 21:05 - 02108928 _____ (Farbar) C:\Users\Nicole\Desktop\frst64.exe
2015-06-10 19:55 - 2015-06-10 19:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-10 17:27 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 17:27 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 17:27 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 17:27 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 17:27 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 17:27 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 17:27 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 17:27 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 17:27 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 17:27 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 17:27 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 17:27 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 17:27 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 17:27 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 17:27 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 17:27 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 17:27 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 17:26 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 17:26 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 17:26 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 17:26 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 17:26 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 17:26 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 17:26 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 17:26 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 17:26 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 17:26 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 17:26 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 17:26 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 17:26 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 17:26 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 17:26 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 17:26 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 17:26 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 17:26 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 17:26 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 17:26 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 17:26 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 17:26 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 17:26 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 17:26 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 17:26 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 17:26 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 17:26 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 17:26 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 17:26 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 17:26 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 17:26 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 17:26 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 17:26 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 17:26 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 17:26 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 17:26 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 17:26 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 17:26 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 17:26 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 17:26 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 17:26 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 17:26 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 17:26 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 17:26 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 17:26 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 17:26 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 17:26 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 17:26 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 17:26 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 17:26 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 17:26 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 17:26 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 17:26 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 17:26 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 17:26 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 17:26 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-07 15:43 - 2015-06-07 15:43 - 00000000 ____D C:\Users\Nicole\AppData\Local\GWX
2015-06-05 07:50 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-05 07:50 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-02 17:46 - 2015-06-05 07:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-23 13:42 - 2015-05-23 13:42 - 01972544 _____ (Audible, Inc.) C:\Users\Nicole\Downloads\AudibleDM_iTunesSetup.exe
2015-05-19 09:47 - 2015-05-23 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-05-19 09:47 - 2015-05-23 13:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\Audible
2015-05-19 09:47 - 2015-05-19 09:47 - 00255352 _____ (Audible, Inc.) C:\WINDOWS\SysWOW64\awrdscdc.ax
2015-05-19 09:47 - 2015-05-19 09:47 - 00001992 _____ C:\Users\Nicole\Desktop\Audible Manager.lnk
2015-05-19 09:47 - 2015-05-19 09:47 - 00000000 ____D C:\Users\Public\Documents\Audible
2015-05-19 09:47 - 2015-05-19 09:47 - 00000000 ____D C:\Users\Nicole\Documents\Audible
2015-05-19 09:47 - 2015-05-19 09:47 - 00000000 ____D C:\Program Files (x86)\Audible
2015-05-19 09:47 - 2003-03-18 21:20 - 01060864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-05-19 09:42 - 2015-05-19 09:42 - 01730272 _____ (Audible Inc.) C:\Users\Nicole\Downloads\ActiveSetupN.exe
2015-05-13 09:31 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:31 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:43 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 08:43 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 08:43 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 08:43 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 08:43 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 08:43 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 08:43 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 08:43 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 08:43 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 08:43 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 08:43 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 08:43 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 08:43 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 08:43 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 08:43 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 08:43 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 08:43 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 08:43 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 08:43 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 08:43 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 08:43 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 08:43 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 08:43 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 08:43 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 08:43 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 08:43 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 08:43 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 08:43 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 08:43 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 08:43 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 08:43 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 08:43 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 08:43 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 08:43 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 08:43 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 08:43 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 08:43 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 08:43 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 08:43 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 21:03 - 2013-12-30 22:08 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-10 21:02 - 2013-11-14 09:27 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-10 21:02 - 2013-11-14 09:11 - 00765378 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-10 21:02 - 2013-11-14 09:11 - 00159696 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-10 21:01 - 2013-12-30 20:11 - 00000000 ___DO C:\Users\Nicole\SkyDrive
2015-06-10 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-10 20:59 - 2013-12-30 15:35 - 00000062 _____ C:\Users\Nicole\AppData\Roaming\sp_data.sys
2015-06-10 20:57 - 2013-12-30 19:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-10 20:57 - 2013-11-14 00:18 - 00063438 _____ C:\WINDOWS\PFRO.log
2015-06-10 20:57 - 2013-08-22 16:46 - 00323336 _____ C:\WINDOWS\setupact.log
2015-06-10 20:57 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-10 20:10 - 2013-12-30 19:21 - 01530934 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-10 19:53 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-10 19:52 - 2013-08-22 16:44 - 00557496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 19:51 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-10 19:50 - 2013-12-30 16:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 19:50 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 19:49 - 2013-12-30 16:42 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 19:48 - 2013-12-30 21:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 17:59 - 2013-12-30 15:44 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1520285763-1857122015-4067979159-1001
2015-06-10 17:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-08 08:30 - 2014-08-18 20:22 - 00000000 ____D C:\Users\Nicole\AppData\Local\Adobe
2015-06-08 08:29 - 2013-12-30 22:08 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-07 09:56 - 2015-04-18 09:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-07 09:56 - 2015-03-08 12:03 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-05 07:46 - 2013-12-30 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 18:18 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-20 09:00 - 2015-04-07 15:08 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-20 09:00 - 2015-04-07 15:08 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-15 20:56 - 2014-01-08 15:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 16:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-05-13 11:00 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-13 11:00 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 09:29 - 2013-11-14 09:13 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2013-12-30 15:35 - 2015-06-10 20:59 - 0000062 _____ () C:\Users\Nicole\AppData\Roaming\sp_data.sys
2014-01-07 13:11 - 2014-01-07 13:11 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Nicole\AppData\Local\Temp\ose00000.exe
C:\Users\Nicole\AppData\Local\Temp\_is4C8E.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 21:12

==================== End of log ============================
         
__________________

Alt 10.06.2015, 20:31   #4
esmoped
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



eine Bedrohung wurde gefunden "UMonit":
Code:
ATTFilter
21:16:07.0849 0x1248  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:16:07.0849 0x1248  UEFI system
21:16:14.0240 0x1248  ============================================================
21:16:14.0240 0x1248  Current date / time: 2015/06/10 21:16:14.0240
21:16:14.0240 0x1248  SystemInfo:
21:16:14.0240 0x1248  
21:16:14.0240 0x1248  OS Version: 6.3.9600 ServicePack: 0.0
21:16:14.0240 0x1248  Product type: Workstation
21:16:14.0240 0x1248  ComputerName: Karl
21:16:14.0240 0x1248  UserName: Nicole
21:16:14.0240 0x1248  Windows directory: C:\WINDOWS
21:16:14.0240 0x1248  System windows directory: C:\WINDOWS
21:16:14.0240 0x1248  Running under WOW64
21:16:14.0240 0x1248  Processor architecture: Intel x64
21:16:14.0240 0x1248  Number of processors: 8
21:16:14.0240 0x1248  Page size: 0x1000
21:16:14.0240 0x1248  Boot type: Normal boot
21:16:14.0240 0x1248  ============================================================
21:16:14.0866 0x1248  KLMD registered as C:\WINDOWS\system32\drivers\49174424.sys
21:16:15.0272 0x1248  System UUID: {EFCF8869-8955-8600-CF92-4F751C76DB66}
21:16:15.0694 0x1248  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:16:15.0709 0x1248  ============================================================
21:16:15.0709 0x1248  \Device\Harddisk0\DR0:
21:16:15.0709 0x1248  GPT partitions:
21:16:15.0709 0x1248  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {791BD976-5A6D-46D0-B96E-2EDCC17B65EC}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x190000
21:16:15.0709 0x1248  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0E9005A0-98B3-4456-95C1-8CDB6CC11BE3}, Name: EFI system partition, StartLBA 0x190800, BlocksNum 0x82000
21:16:15.0709 0x1248  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {90C7CEDD-2092-42C4-A065-6339ACE7E70F}, Name: Microsoft reserved partition, StartLBA 0x212800, BlocksNum 0x40000
21:16:15.0709 0x1248  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BFE349B5-E6E9-461D-8124-42B168DD7E2D}, Name: Basic data partition, StartLBA 0x252800, BlocksNum 0x12B51000
21:16:15.0709 0x1248  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {85BB309D-673C-4052-B1B9-B977444A9E82}, Name: , StartLBA 0x12DA3800, BlocksNum 0xAF000
21:16:15.0709 0x1248  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AD6C25D3-42E6-49C6-9490-1549ADE18C2F}, Name: Basic data partition, StartLBA 0x12E52800, BlocksNum 0xD3AF8800
21:16:15.0709 0x1248  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C6811CD5-4BBC-48D9-B3A0-C0BB6D503023}, Name: Basic data partition, StartLBA 0xE694B000, BlocksNum 0x24BD800
21:16:15.0709 0x1248  MBR partitions:
21:16:15.0709 0x1248  ============================================================
21:16:15.0725 0x1248  C: <-> \Device\Harddisk0\DR0\Partition4
21:16:15.0741 0x1248  D: <-> \Device\Harddisk0\DR0\Partition6
21:16:15.0741 0x1248  ============================================================
21:16:15.0741 0x1248  Initialize success
21:16:15.0741 0x1248  ============================================================
21:17:27.0696 0x1438  ============================================================
21:17:27.0696 0x1438  Scan started
21:17:27.0696 0x1438  Mode: Manual; SigCheck; TDLFS; 
21:17:27.0696 0x1438  ============================================================
21:17:27.0696 0x1438  KSN ping started
21:17:31.0040 0x1438  KSN ping finished: true
21:17:31.0775 0x1438  ================ Scan system memory ========================
21:17:31.0775 0x1438  System memory - ok
21:17:31.0775 0x1438  ================ Scan services =============================
21:17:31.0915 0x1438  0141411388428713mcinstcleanup - ok
21:17:31.0993 0x1438  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
21:17:32.0025 0x1438  1394ohci - ok
21:17:32.0056 0x1438  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
21:17:32.0072 0x1438  3ware - ok
21:17:32.0103 0x1438  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
21:17:32.0118 0x1438  ACPI - ok
21:17:32.0118 0x1438  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
21:17:32.0134 0x1438  acpiex - ok
21:17:32.0134 0x1438  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
21:17:32.0150 0x1438  acpipagr - ok
21:17:32.0165 0x1438  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
21:17:32.0165 0x1438  AcpiPmi - ok
21:17:32.0181 0x1438  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
21:17:32.0181 0x1438  acpitime - ok
21:17:32.0243 0x1438  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:17:32.0259 0x1438  AdobeARMservice - ok
21:17:32.0337 0x1438  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:17:32.0353 0x1438  AdobeFlashPlayerUpdateSvc - ok
21:17:32.0384 0x1438  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
21:17:32.0400 0x1438  ADP80XX - ok
21:17:32.0415 0x1438  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
21:17:32.0431 0x1438  AeLookupSvc - ok
21:17:32.0462 0x1438  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
21:17:32.0478 0x1438  AFD - ok
21:17:32.0493 0x1438  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
21:17:32.0509 0x1438  agp440 - ok
21:17:32.0525 0x1438  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
21:17:32.0540 0x1438  ahcache - ok
21:17:32.0540 0x1438  [ FF5221C2E5D5CC82F93EB7C99DC2852F, FFA8522782A633444087029F8E52D549575C96FAA06E4899555DE92ACB79B913 ] AiCharger       C:\WINDOWS\syswow64\drivers\AiCharger.sys
21:17:32.0556 0x1438  AiCharger - ok
21:17:32.0572 0x1438  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
21:17:32.0587 0x1438  ALG - ok
21:17:32.0603 0x1438  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
21:17:32.0634 0x1438  AmdK8 - ok
21:17:32.0650 0x1438  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
21:17:32.0650 0x1438  AmdPPM - ok
21:17:32.0650 0x1438  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
21:17:32.0665 0x1438  amdsata - ok
21:17:32.0681 0x1438  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
21:17:32.0697 0x1438  amdsbs - ok
21:17:32.0697 0x1438  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
21:17:32.0712 0x1438  amdxata - ok
21:17:32.0728 0x1438  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
21:17:32.0728 0x1438  AppID - ok
21:17:32.0759 0x1438  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
21:17:32.0775 0x1438  AppIDSvc - ok
21:17:32.0806 0x1438  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
21:17:32.0822 0x1438  Appinfo - ok
21:17:32.0853 0x1438  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:17:32.0869 0x1438  Apple Mobile Device - ok
21:17:32.0900 0x1438  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
21:17:32.0931 0x1438  AppReadiness - ok
21:17:32.0962 0x1438  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
21:17:32.0994 0x1438  AppXSvc - ok
21:17:33.0009 0x1438  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
21:17:33.0009 0x1438  arcsas - ok
21:17:33.0025 0x1438  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\WINDOWS\syswow64\drivers\AsIO.sys
21:17:33.0040 0x1438  AsIO - ok
21:17:33.0056 0x1438  [ AD8947D621FDCA48F1F39F4624B60AA1, D685CD1A378FA411EA11C18615A1EC5D66CEC2F990DB0D4181EE3140B9DF3E8B ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
21:17:33.0072 0x1438  AsSysCtrlService - ok
21:17:33.0072 0x1438  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\WINDOWS\syswow64\drivers\AsUpIO.sys
21:17:33.0087 0x1438  AsUpIO - ok
21:17:33.0119 0x1438  [ AAE374280DDC307061A43ED9FAD1AD57, BFBE60D67B4283868D148C38502689FFE52CC7F13F4294E21F47B37D14FB5821 ] Asus WebStorage Windows Service C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
21:17:33.0119 0x1438  Asus WebStorage Windows Service - detected UnsignedFile.Multi.Generic ( 1 )
21:17:35.0510 0x1438  Detect skipped due to KSN trusted
21:17:35.0510 0x1438  Asus WebStorage Windows Service - ok
21:17:35.0556 0x1438  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
21:17:35.0572 0x1438  atapi - ok
21:17:35.0619 0x1438  [ 51C6777AD7649F6C3ED389151CFD9DE6, B010089D83A9D96DC5D1C525B8EA913CF2F80FA0254684A16DD29CCA9BE84620 ] AthBTPort       C:\WINDOWS\system32\DRIVERS\btath_flt.sys
21:17:35.0635 0x1438  AthBTPort - ok
21:17:35.0666 0x1438  [ 67EC05E67E1416A51C478A5DAA59302E, 1957D9978603088481089075DC2D4AE88B9152B9517EA2768429B9955D8D448E ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:17:35.0682 0x1438  AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
21:17:38.0213 0x1438  Detect skipped due to KSN trusted
21:17:38.0213 0x1438  AtherosSvc - ok
21:17:38.0338 0x1438  [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\WINDOWS\system32\DRIVERS\athw8x.sys
21:17:38.0385 0x1438  athr - ok
21:17:38.0416 0x1438  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
21:17:38.0416 0x1438  AudioEndpointBuilder - ok
21:17:38.0448 0x1438  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
21:17:38.0463 0x1438  Audiosrv - ok
21:17:38.0479 0x1438  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
21:17:38.0494 0x1438  AxInstSV - ok
21:17:38.0510 0x1438  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
21:17:38.0526 0x1438  b06bdrv - ok
21:17:38.0541 0x1438  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
21:17:38.0557 0x1438  BasicDisplay - ok
21:17:38.0588 0x1438  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
21:17:38.0588 0x1438  BasicRender - ok
21:17:38.0604 0x1438  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
21:17:38.0604 0x1438  bcmfn2 - ok
21:17:38.0635 0x1438  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
21:17:38.0651 0x1438  BDESVC - ok
21:17:38.0666 0x1438  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:17:38.0666 0x1438  Beep - ok
21:17:38.0698 0x1438  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
21:17:38.0713 0x1438  BFE - ok
21:17:38.0823 0x1438  [ DBC2EF1C27C7D65589D99596EE475145, A10BB062B2FCF1A70C3286E84F90B77F7856A79882CF89F19574E46CCBE01B18 ] BHDrvx64        C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150602.001\BHDrvx64.sys
21:17:38.0854 0x1438  BHDrvx64 - ok
21:17:38.0885 0x1438  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
21:17:38.0901 0x1438  BITS - ok
21:17:38.0948 0x1438  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:17:38.0948 0x1438  Bonjour Service - ok
21:17:38.0963 0x1438  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
21:17:38.0963 0x1438  bowser - ok
21:17:38.0994 0x1438  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
21:17:39.0010 0x1438  BrokerInfrastructure - ok
21:17:39.0026 0x1438  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
21:17:39.0026 0x1438  Browser - ok
21:17:39.0026 0x1438  BTATH_LWFLT - ok
21:17:39.0057 0x1438  [ B4A748101F8A06EFD0BF89AA7220B6EE, E36BA3EE483E3FBF45C2E97FA682D94EEA02856D3B4171A1A3507EDCF9B16A87 ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
21:17:39.0073 0x1438  BtFilter - ok
21:17:39.0088 0x1438  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
21:17:39.0088 0x1438  BthAvrcpTg - ok
21:17:39.0119 0x1438  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
21:17:39.0135 0x1438  BthEnum - ok
21:17:39.0151 0x1438  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
21:17:39.0166 0x1438  BthHFEnum - ok
21:17:39.0166 0x1438  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
21:17:39.0182 0x1438  bthhfhid - ok
21:17:39.0198 0x1438  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
21:17:39.0213 0x1438  BthHFSrv - ok
21:17:39.0229 0x1438  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
21:17:39.0229 0x1438  BthLEEnum - ok
21:17:39.0244 0x1438  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
21:17:39.0260 0x1438  BTHMODEM - ok
21:17:39.0276 0x1438  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
21:17:39.0291 0x1438  BthPan - ok
21:17:39.0323 0x1438  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
21:17:39.0338 0x1438  BTHPORT - ok
21:17:39.0354 0x1438  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
21:17:39.0369 0x1438  bthserv - ok
21:17:39.0369 0x1438  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
21:17:39.0385 0x1438  BTHUSB - ok
21:17:39.0416 0x1438  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360x64\1507000.00B\ccSetx64.sys
21:17:39.0416 0x1438  ccSet_N360 - ok
21:17:39.0432 0x1438  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
21:17:39.0448 0x1438  cdfs - ok
21:17:39.0463 0x1438  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
21:17:39.0463 0x1438  cdrom - ok
21:17:39.0479 0x1438  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
21:17:39.0479 0x1438  CertPropSvc - ok
21:17:39.0494 0x1438  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
21:17:39.0510 0x1438  circlass - ok
21:17:39.0526 0x1438  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
21:17:39.0541 0x1438  CLFS - ok
21:17:39.0557 0x1438  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
21:17:39.0557 0x1438  CmBatt - ok
21:17:39.0588 0x1438  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
21:17:39.0604 0x1438  CNG - ok
21:17:39.0604 0x1438  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
21:17:39.0620 0x1438  CompositeBus - ok
21:17:39.0620 0x1438  COMSysApp - ok
21:17:39.0620 0x1438  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
21:17:39.0635 0x1438  condrv - ok
21:17:39.0651 0x1438  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
21:17:39.0667 0x1438  CryptSvc - ok
21:17:39.0667 0x1438  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
21:17:39.0667 0x1438  dam - ok
21:17:39.0698 0x1438  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:17:39.0713 0x1438  DcomLaunch - ok
21:17:39.0745 0x1438  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
21:17:39.0760 0x1438  defragsvc - ok
21:17:39.0776 0x1438  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
21:17:39.0792 0x1438  DeviceAssociationService - ok
21:17:39.0807 0x1438  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
21:17:39.0807 0x1438  DeviceInstall - ok
21:17:39.0823 0x1438  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
21:17:39.0838 0x1438  Dfsc - ok
21:17:39.0854 0x1438  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
21:17:39.0870 0x1438  Dhcp - ok
21:17:39.0917 0x1438  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
21:17:39.0932 0x1438  DiagTrack - ok
21:17:39.0948 0x1438  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
21:17:39.0948 0x1438  disk - ok
21:17:39.0963 0x1438  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
21:17:39.0979 0x1438  dmvsc - ok
21:17:39.0995 0x1438  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:17:40.0010 0x1438  Dnscache - ok
21:17:40.0026 0x1438  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:17:40.0042 0x1438  dot3svc - ok
21:17:40.0042 0x1438  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
21:17:40.0057 0x1438  DPS - ok
21:17:40.0073 0x1438  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:17:40.0073 0x1438  drmkaud - ok
21:17:40.0088 0x1438  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
21:17:40.0088 0x1438  DsmSvc - ok
21:17:40.0120 0x1438  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01     C:\WINDOWS\System32\drivers\dtsoftbus01.sys
21:17:40.0120 0x1438  dtsoftbus01 - ok
21:17:40.0167 0x1438  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
21:17:40.0198 0x1438  DXGKrnl - ok
21:17:40.0213 0x1438  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
21:17:40.0229 0x1438  Eaphost - ok
21:17:40.0323 0x1438  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
21:17:40.0370 0x1438  ebdrv - ok
21:17:40.0401 0x1438  [ E5CE7CFE2E08B03E9AEC2CC3750ACBCB, 9892C142143A761072B1B4AD3ADDB738B3B26A6B4D7C4B1A97C74FBF59A9FDD3 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:17:40.0417 0x1438  eeCtrl - ok
21:17:40.0432 0x1438  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
21:17:40.0432 0x1438  EFS - ok
21:17:40.0448 0x1438  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
21:17:40.0463 0x1438  EhStorClass - ok
21:17:40.0479 0x1438  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
21:17:40.0479 0x1438  EhStorTcgDrv - ok
21:17:40.0510 0x1438  [ B57C2B7900F93C72CC49E51C173A7739, 17FC16704459B6EE45A6486803510379E874628DE227AFBDF1609961EA7DEE8A ] enecir          C:\WINDOWS\system32\DRIVERS\enecir.sys
21:17:40.0526 0x1438  enecir - ok
21:17:40.0557 0x1438  [ 13E3BBC4578742E80854451FA16F272A, A9B2D972B114ED2E18246CCBDEE97F6C1AFA8B143791AD5DAED70100E58CD25F ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:17:40.0573 0x1438  EraserUtilRebootDrv - ok
21:17:40.0604 0x1438  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
21:17:40.0620 0x1438  ErrDev - ok
21:17:40.0667 0x1438  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
21:17:40.0698 0x1438  EventSystem - ok
21:17:40.0714 0x1438  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
21:17:40.0729 0x1438  exfat - ok
21:17:40.0760 0x1438  Fabs - ok
21:17:40.0776 0x1438  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
21:17:40.0792 0x1438  fastfat - ok
21:17:40.0807 0x1438  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
21:17:40.0823 0x1438  Fax - ok
21:17:40.0839 0x1438  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
21:17:40.0854 0x1438  fdc - ok
21:17:40.0870 0x1438  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
21:17:40.0885 0x1438  fdPHost - ok
21:17:40.0901 0x1438  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
21:17:40.0901 0x1438  FDResPub - ok
21:17:40.0932 0x1438  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
21:17:40.0932 0x1438  fhsvc - ok
21:17:40.0964 0x1438  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
21:17:40.0964 0x1438  FileInfo - ok
21:17:40.0979 0x1438  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
21:17:40.0995 0x1438  Filetrace - ok
21:17:41.0042 0x1438  [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:17:41.0073 0x1438  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
21:17:43.0620 0x1438  Detect skipped due to KSN trusted
21:17:43.0620 0x1438  FirebirdServerMAGIXInstance - ok
21:17:43.0698 0x1438  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
21:17:43.0714 0x1438  flpydisk - ok
21:17:43.0729 0x1438  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:17:43.0761 0x1438  FltMgr - ok
21:17:43.0792 0x1438  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
21:17:43.0823 0x1438  FontCache - ok
21:17:43.0901 0x1438  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:17:43.0917 0x1438  FontCache3.0.0.0 - ok
21:17:43.0948 0x1438  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
21:17:43.0964 0x1438  FsDepends - ok
21:17:43.0964 0x1438  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:17:43.0979 0x1438  Fs_Rec - ok
21:17:44.0011 0x1438  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
21:17:44.0026 0x1438  fvevol - ok
21:17:44.0042 0x1438  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
21:17:44.0042 0x1438  FxPPM - ok
21:17:44.0058 0x1438  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
21:17:44.0058 0x1438  gagp30kx - ok
21:17:44.0089 0x1438  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:17:44.0089 0x1438  GEARAspiWDM - ok
21:17:44.0104 0x1438  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
21:17:44.0120 0x1438  gencounter - ok
21:17:44.0136 0x1438  [ 2D15E93C8836D8F834695419E33EAB38, 86CC7FC465512BE3B957DAA9C95F1063A22FABF59F130D0F18360B92A077D105 ] GeneStor        C:\WINDOWS\System32\drivers\GeneStor.sys
21:17:44.0151 0x1438  GeneStor - ok
21:17:44.0167 0x1438  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
21:17:44.0167 0x1438  GPIOClx0101 - ok
21:17:44.0214 0x1438  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
21:17:44.0245 0x1438  gpsvc - ok
21:17:44.0261 0x1438  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
21:17:44.0261 0x1438  HDAudBus - ok
21:17:44.0276 0x1438  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
21:17:44.0292 0x1438  HidBatt - ok
21:17:44.0308 0x1438  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
21:17:44.0323 0x1438  HidBth - ok
21:17:44.0339 0x1438  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
21:17:44.0339 0x1438  hidi2c - ok
21:17:44.0339 0x1438  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
21:17:44.0354 0x1438  HidIr - ok
21:17:44.0370 0x1438  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
21:17:44.0386 0x1438  hidserv - ok
21:17:44.0386 0x1438  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
21:17:44.0401 0x1438  HidUsb - ok
21:17:44.0417 0x1438  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
21:17:44.0417 0x1438  hkmsvc - ok
21:17:44.0433 0x1438  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
21:17:44.0448 0x1438  HomeGroupListener - ok
21:17:44.0479 0x1438  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
21:17:44.0495 0x1438  HomeGroupProvider - ok
21:17:44.0511 0x1438  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
21:17:44.0511 0x1438  HpSAMD - ok
21:17:44.0558 0x1438  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
21:17:44.0573 0x1438  HTTP - ok
21:17:44.0589 0x1438  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
21:17:44.0589 0x1438  hwpolicy - ok
21:17:44.0605 0x1438  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
21:17:44.0605 0x1438  hyperkbd - ok
21:17:44.0620 0x1438  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
21:17:44.0620 0x1438  HyperVideo - ok
21:17:44.0636 0x1438  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
21:17:44.0652 0x1438  i8042prt - ok
21:17:44.0652 0x1438  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
21:17:44.0652 0x1438  iaLPSSi_GPIO - ok
21:17:44.0667 0x1438  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
21:17:44.0667 0x1438  iaLPSSi_I2C - ok
21:17:44.0698 0x1438  [ 6C91E425ACE29594BD574DE38AC9B76D, 697784E4C7AF08B1F35662D8AD871E6890CECE22B6E64985B7C1A66C10DA390D ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
21:17:44.0714 0x1438  iaStorA - ok
21:17:44.0745 0x1438  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
21:17:44.0745 0x1438  iaStorAV - ok
21:17:44.0792 0x1438  [ 0AB254994A460550258446950BB58311, BD10811912680DD3B814B7D1303785C996D892C79108110A2257E9BD0C28245C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:17:44.0792 0x1438  IAStorDataMgrSvc - ok
21:17:44.0792 0x1438  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
21:17:44.0808 0x1438  iaStorV - ok
21:17:44.0886 0x1438  [ 46EEACCFEEA6F4B8CB55F5141423BF76, 6F576C7020A47BFBF7477BECEB45406A10AECAE530E73661FCE75D84E013CFB8 ] IDSVia64        C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150609.002\IDSvia64.sys
21:17:44.0902 0x1438  IDSVia64 - ok
21:17:44.0902 0x1438  IEEtwCollectorService - ok
21:17:44.0948 0x1438  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
21:17:44.0964 0x1438  IKEEXT - ok
21:17:45.0058 0x1438  [ 5AB35054EC837E5E2196CA91BCDF8232, 25D881B076162420742B2E0919E0950D05101E7F3127A65BD4B6D9E8507B1150 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
21:17:45.0120 0x1438  IntcAzAudAddService - ok
21:17:45.0167 0x1438  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:17:45.0183 0x1438  Intel(R) Capability Licensing Service Interface - ok
21:17:45.0183 0x1438  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
21:17:45.0198 0x1438  intelide - ok
21:17:45.0214 0x1438  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
21:17:45.0230 0x1438  intelpep - ok
21:17:45.0245 0x1438  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
21:17:45.0245 0x1438  intelppm - ok
21:17:45.0261 0x1438  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:17:45.0277 0x1438  IpFilterDriver - ok
21:17:45.0308 0x1438  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
21:17:45.0323 0x1438  iphlpsvc - ok
21:17:45.0339 0x1438  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
21:17:45.0355 0x1438  IPMIDRV - ok
21:17:45.0370 0x1438  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
21:17:45.0370 0x1438  IPNAT - ok
21:17:45.0417 0x1438  [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:17:45.0417 0x1438  iPod Service - ok
21:17:45.0448 0x1438  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
21:17:45.0448 0x1438  IRENUM - ok
21:17:45.0480 0x1438  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
21:17:45.0480 0x1438  isapnp - ok
21:17:45.0495 0x1438  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
21:17:45.0511 0x1438  iScsiPrt - ok
21:17:45.0542 0x1438  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:17:45.0558 0x1438  jhi_service - ok
21:17:45.0573 0x1438  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
21:17:45.0573 0x1438  kbdclass - ok
21:17:45.0605 0x1438  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
21:17:45.0605 0x1438  kbdhid - ok
21:17:45.0620 0x1438  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
21:17:45.0636 0x1438  kdnic - ok
21:17:45.0636 0x1438  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
21:17:45.0652 0x1438  KeyIso - ok
21:17:45.0652 0x1438  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
21:17:45.0667 0x1438  KSecDD - ok
21:17:45.0683 0x1438  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
21:17:45.0698 0x1438  KSecPkg - ok
21:17:45.0698 0x1438  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
21:17:45.0714 0x1438  ksthunk - ok
21:17:45.0730 0x1438  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
21:17:45.0745 0x1438  KtmRm - ok
21:17:45.0761 0x1438  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
21:17:45.0792 0x1438  LanmanServer - ok
21:17:45.0808 0x1438  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
21:17:45.0823 0x1438  LanmanWorkstation - ok
21:17:45.0839 0x1438  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
21:17:45.0855 0x1438  lfsvc - ok
21:17:45.0870 0x1438  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
21:17:45.0870 0x1438  lltdio - ok
21:17:45.0886 0x1438  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
21:17:45.0902 0x1438  lltdsvc - ok
21:17:45.0917 0x1438  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
21:17:45.0933 0x1438  lmhosts - ok
21:17:45.0948 0x1438  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:17:45.0948 0x1438  LMS - ok
21:17:45.0964 0x1438  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
21:17:45.0980 0x1438  LSI_SAS - ok
21:17:45.0980 0x1438  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
21:17:45.0995 0x1438  LSI_SAS2 - ok
21:17:45.0995 0x1438  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
21:17:46.0011 0x1438  LSI_SAS3 - ok
21:17:46.0011 0x1438  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
21:17:46.0011 0x1438  LSI_SSS - ok
21:17:46.0042 0x1438  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
21:17:46.0058 0x1438  LSM - ok
21:17:46.0089 0x1438  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
21:17:46.0089 0x1438  luafv - ok
21:17:46.0105 0x1438  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
21:17:46.0105 0x1438  megasas - ok
21:17:46.0120 0x1438  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
21:17:46.0136 0x1438  megasr - ok
21:17:46.0152 0x1438  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
21:17:46.0152 0x1438  MEIx64 - ok
21:17:46.0245 0x1438  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service D:\Programme\MSOffice\Office12\GrooveAuditService.exe
21:17:46.0261 0x1438  Microsoft Office Groove Audit Service - ok
21:17:46.0292 0x1438  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
21:17:46.0308 0x1438  MMCSS - ok
21:17:46.0324 0x1438  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
21:17:46.0339 0x1438  Modem - ok
21:17:46.0339 0x1438  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
21:17:46.0355 0x1438  monitor - ok
21:17:46.0355 0x1438  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
21:17:46.0371 0x1438  mouclass - ok
21:17:46.0386 0x1438  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
21:17:46.0386 0x1438  mouhid - ok
21:17:46.0402 0x1438  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
21:17:46.0417 0x1438  mountmgr - ok
21:17:46.0449 0x1438  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:17:46.0449 0x1438  MozillaMaintenance - ok
21:17:46.0480 0x1438  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
21:17:46.0496 0x1438  mpsdrv - ok
21:17:46.0527 0x1438  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
21:17:46.0542 0x1438  MpsSvc - ok
21:17:46.0574 0x1438  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
21:17:46.0574 0x1438  MRxDAV - ok
21:17:46.0589 0x1438  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:17:46.0605 0x1438  mrxsmb - ok
21:17:46.0621 0x1438  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
21:17:46.0636 0x1438  mrxsmb10 - ok
21:17:46.0668 0x1438  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
21:17:46.0668 0x1438  mrxsmb20 - ok
21:17:46.0683 0x1438  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
21:17:46.0683 0x1438  MsBridge - ok
21:17:46.0699 0x1438  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
21:17:46.0714 0x1438  MSDTC - ok
21:17:46.0730 0x1438  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:17:46.0761 0x1438  Msfs - ok
21:17:46.0761 0x1438  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
21:17:46.0777 0x1438  msgpiowin32 - ok
21:17:46.0793 0x1438  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
21:17:46.0793 0x1438  mshidkmdf - ok
21:17:46.0793 0x1438  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
21:17:46.0808 0x1438  mshidumdf - ok
21:17:46.0824 0x1438  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
21:17:46.0824 0x1438  msisadrv - ok
21:17:46.0839 0x1438  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
21:17:46.0855 0x1438  MSiSCSI - ok
21:17:46.0855 0x1438  msiserver - ok
21:17:46.0855 0x1438  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:17:46.0871 0x1438  MSKSSRV - ok
21:17:46.0886 0x1438  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
21:17:46.0886 0x1438  MsLldp - ok
21:17:46.0886 0x1438  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:17:46.0902 0x1438  MSPCLOCK - ok
21:17:46.0902 0x1438  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:17:46.0902 0x1438  MSPQM - ok
21:17:46.0918 0x1438  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
21:17:46.0933 0x1438  MsRPC - ok
21:17:46.0949 0x1438  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
21:17:46.0949 0x1438  mssmbios - ok
21:17:46.0964 0x1438  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:17:46.0980 0x1438  MSTEE - ok
21:17:46.0996 0x1438  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
21:17:46.0996 0x1438  MTConfig - ok
21:17:47.0011 0x1438  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
21:17:47.0011 0x1438  Mup - ok
21:17:47.0027 0x1438  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
21:17:47.0043 0x1438  mvumis - ok
21:17:47.0183 0x1438  [ 06F83F2E1FE29115E2D397046BA3C10D, 6551E1A580B6FB7047D445F81305451BB0408859376DE9EA2132F5C5EB48993A ] N360            C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe
21:17:47.0199 0x1438  N360 - ok
21:17:47.0230 0x1438  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
21:17:47.0230 0x1438  napagent - ok
21:17:47.0261 0x1438  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
21:17:47.0277 0x1438  NativeWifiP - ok
21:17:47.0339 0x1438  [ 54F4B358F41C664CBDE4507D67EED1CD, CDCA0A778AF596933CD7CBF1119FCA551ECC03CBBD4F1E8213C3FD2FECA902F2 ] NAVENG          C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.032\ENG64.SYS
21:17:47.0355 0x1438  NAVENG - ok
21:17:47.0418 0x1438  [ A74D67EEEB3938FD2FA3B65B24C32C44, 4D780B70B57E23A3A155794C4DEEBD856E32D35B789BDF4673AAC8FC3AC4367B ] NAVEX15         C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150609.032\EX64.SYS
21:17:47.0449 0x1438  NAVEX15 - ok
21:17:47.0464 0x1438  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
21:17:47.0480 0x1438  NcaSvc - ok
21:17:47.0496 0x1438  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
21:17:47.0511 0x1438  NcbService - ok
21:17:47.0527 0x1438  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
21:17:47.0527 0x1438  NcdAutoSetup - ok
21:17:47.0558 0x1438  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
21:17:47.0590 0x1438  NDIS - ok
21:17:47.0605 0x1438  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
21:17:47.0605 0x1438  NdisCap - ok
21:17:47.0621 0x1438  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
21:17:47.0636 0x1438  NdisImPlatform - ok
21:17:47.0636 0x1438  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:17:47.0652 0x1438  NdisTapi - ok
21:17:47.0668 0x1438  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:17:47.0668 0x1438  Ndisuio - ok
21:17:47.0699 0x1438  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
21:17:47.0699 0x1438  NdisVirtualBus - ok
21:17:47.0715 0x1438  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:47.0730 0x1438  NdisWan - ok
21:17:47.0730 0x1438  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:47.0746 0x1438  NdisWanLegacy - ok
21:17:47.0761 0x1438  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:17:47.0761 0x1438  NDProxy - ok
21:17:47.0777 0x1438  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
21:17:47.0793 0x1438  Ndu - ok
21:17:47.0808 0x1438  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:17:47.0808 0x1438  NetBIOS - ok
21:17:47.0824 0x1438  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:17:47.0840 0x1438  NetBT - ok
21:17:47.0840 0x1438  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:17:47.0855 0x1438  Netlogon - ok
21:17:47.0871 0x1438  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
21:17:47.0886 0x1438  Netman - ok
21:17:47.0918 0x1438  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
21:17:47.0933 0x1438  netprofm - ok
21:17:47.0949 0x1438  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:47.0980 0x1438  NetTcpPortSharing - ok
21:17:47.0996 0x1438  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
21:17:48.0011 0x1438  netvsc - ok
21:17:48.0027 0x1438  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
21:17:48.0043 0x1438  NlaSvc - ok
21:17:48.0043 0x1438  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:17:48.0074 0x1438  Npfs - ok
21:17:48.0090 0x1438  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
21:17:48.0090 0x1438  npsvctrig - ok
21:17:48.0105 0x1438  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
21:17:48.0121 0x1438  nsi - ok
21:17:48.0136 0x1438  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
21:17:48.0136 0x1438  nsiproxy - ok
21:17:48.0183 0x1438  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:48.0230 0x1438  Ntfs - ok
21:17:48.0246 0x1438  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:17:48.0261 0x1438  Null - ok
21:17:48.0261 0x1438  [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
21:17:48.0277 0x1438  NVHDA - ok
21:17:48.0480 0x1438  [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
21:17:48.0621 0x1438  nvlddmkm - ok
21:17:48.0668 0x1438  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
21:17:48.0683 0x1438  nvraid - ok
21:17:48.0715 0x1438  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
21:17:48.0730 0x1438  nvstor - ok
21:17:48.0746 0x1438  [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
21:17:48.0777 0x1438  nvsvc - ok
21:17:48.0793 0x1438  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
21:17:48.0793 0x1438  nv_agp - ok
21:17:48.0840 0x1438  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:48.0855 0x1438  odserv - ok
21:17:48.0871 0x1438  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:48.0871 0x1438  ose - ok
21:17:48.0902 0x1438  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
21:17:48.0902 0x1438  p2pimsvc - ok
21:17:48.0933 0x1438  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
21:17:48.0949 0x1438  p2psvc - ok
21:17:48.0965 0x1438  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
21:17:48.0980 0x1438  Parport - ok
21:17:48.0996 0x1438  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
21:17:49.0012 0x1438  partmgr - ok
21:17:49.0027 0x1438  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
21:17:49.0043 0x1438  PcaSvc - ok
21:17:49.0058 0x1438  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
21:17:49.0074 0x1438  pci - ok
21:17:49.0074 0x1438  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
21:17:49.0090 0x1438  pciide - ok
21:17:49.0090 0x1438  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
21:17:49.0105 0x1438  pcmcia - ok
21:17:49.0121 0x1438  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
21:17:49.0121 0x1438  pcw - ok
21:17:49.0137 0x1438  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
21:17:49.0137 0x1438  pdc - ok
21:17:49.0168 0x1438  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
21:17:49.0183 0x1438  PEAUTH - ok
21:17:49.0230 0x1438  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
21:17:49.0246 0x1438  PerfHost - ok
21:17:49.0277 0x1438  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
21:17:49.0308 0x1438  pla - ok
21:17:49.0324 0x1438  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
21:17:49.0340 0x1438  PlugPlay - ok
21:17:49.0355 0x1438  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
21:17:49.0371 0x1438  PNRPAutoReg - ok
21:17:49.0371 0x1438  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
21:17:49.0387 0x1438  PNRPsvc - ok
21:17:49.0418 0x1438  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
21:17:49.0433 0x1438  PolicyAgent - ok
21:17:49.0449 0x1438  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
21:17:49.0465 0x1438  Power - ok
21:17:49.0558 0x1438  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
21:17:49.0605 0x1438  PrintNotify - ok
21:17:49.0637 0x1438  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
21:17:49.0637 0x1438  Processor - ok
21:17:49.0668 0x1438  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
21:17:49.0683 0x1438  ProfSvc - ok
21:17:49.0699 0x1438  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
21:17:49.0699 0x1438  Psched - ok
21:17:49.0730 0x1438  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
21:17:49.0730 0x1438  QWAVE - ok
21:17:49.0746 0x1438  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
21:17:49.0762 0x1438  QWAVEdrv - ok
21:17:49.0777 0x1438  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:49.0777 0x1438  RasAcd - ok
21:17:49.0793 0x1438  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:17:49.0808 0x1438  RasAuto - ok
21:17:49.0840 0x1438  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:17:49.0855 0x1438  RasMan - ok
21:17:49.0871 0x1438  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:49.0871 0x1438  RasPppoe - ok
21:17:49.0902 0x1438  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:49.0918 0x1438  rdbss - ok
21:17:49.0934 0x1438  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
21:17:49.0949 0x1438  rdpbus - ok
21:17:49.0949 0x1438  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
21:17:49.0965 0x1438  RDPDR - ok
21:17:49.0996 0x1438  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
21:17:49.0996 0x1438  RdpVideoMiniport - ok
21:17:50.0027 0x1438  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
21:17:50.0043 0x1438  rdyboost - ok
21:17:50.0074 0x1438  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
21:17:50.0090 0x1438  ReFS - ok
21:17:50.0105 0x1438  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:17:50.0121 0x1438  RemoteAccess - ok
21:17:50.0137 0x1438  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:17:50.0152 0x1438  RemoteRegistry - ok
21:17:50.0168 0x1438  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
21:17:50.0184 0x1438  RFCOMM - ok
21:17:50.0199 0x1438  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
21:17:50.0215 0x1438  RpcEptMapper - ok
21:17:50.0230 0x1438  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:17:50.0246 0x1438  RpcLocator - ok
21:17:50.0262 0x1438  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:17:50.0277 0x1438  RpcSs - ok
21:17:50.0293 0x1438  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:17:50.0309 0x1438  rspndr - ok
21:17:50.0340 0x1438  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
21:17:50.0355 0x1438  RTL8168 - ok
21:17:50.0371 0x1438  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
21:17:50.0387 0x1438  s3cap - ok
21:17:50.0402 0x1438  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
21:17:50.0418 0x1438  SamSs - ok
21:17:50.0434 0x1438  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
21:17:50.0449 0x1438  sbp2port - ok
21:17:50.0465 0x1438  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
21:17:50.0480 0x1438  SCardSvr - ok
21:17:50.0480 0x1438  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
21:17:50.0496 0x1438  ScDeviceEnum - ok
21:17:50.0512 0x1438  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
21:17:50.0512 0x1438  scfilter - ok
21:17:50.0543 0x1438  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:17:50.0574 0x1438  Schedule - ok
21:17:50.0590 0x1438  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
21:17:50.0590 0x1438  SCPolicySvc - ok
21:17:50.0621 0x1438  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
21:17:50.0621 0x1438  sdbus - ok
21:17:50.0652 0x1438  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
21:17:50.0668 0x1438  sdstor - ok
21:17:50.0668 0x1438  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
21:17:50.0684 0x1438  secdrv - ok
21:17:50.0699 0x1438  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
21:17:50.0699 0x1438  seclogon - ok
21:17:50.0715 0x1438  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
21:17:50.0731 0x1438  SENS - ok
21:17:50.0746 0x1438  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
21:17:50.0762 0x1438  SensrSvc - ok
21:17:50.0777 0x1438  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
21:17:50.0777 0x1438  SerCx - ok
21:17:50.0809 0x1438  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
21:17:50.0809 0x1438  SerCx2 - ok
21:17:50.0824 0x1438  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
21:17:50.0824 0x1438  Serenum - ok
21:17:50.0840 0x1438  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
21:17:50.0840 0x1438  Serial - ok
21:17:50.0871 0x1438  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
21:17:50.0871 0x1438  sermouse - ok
21:17:50.0902 0x1438  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
21:17:50.0918 0x1438  SessionEnv - ok
21:17:50.0918 0x1438  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
21:17:50.0934 0x1438  sfloppy - ok
21:17:50.0949 0x1438  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:17:50.0965 0x1438  SharedAccess - ok
21:17:50.0981 0x1438  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:17:50.0996 0x1438  ShellHWDetection - ok
21:17:51.0027 0x1438  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
21:17:51.0027 0x1438  SiSRaid2 - ok
21:17:51.0027 0x1438  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
21:17:51.0043 0x1438  SiSRaid4 - ok
21:17:51.0074 0x1438  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
21:17:51.0074 0x1438  smphost - ok
21:17:51.0090 0x1438  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
21:17:51.0090 0x1438  SNMPTRAP - ok
21:17:51.0106 0x1438  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
21:17:51.0121 0x1438  spaceport - ok
21:17:51.0121 0x1438  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
21:17:51.0137 0x1438  SpbCx - ok
21:17:51.0168 0x1438  [ 7DE55C11E08D00D85C5D94DDDA4B2AED, 6AC4263D5776842CF258DA01FA9300CE6BCC00AB533943105C11945E01857E19 ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
21:17:51.0168 0x1438  SplashtopRemoteService - ok
21:17:51.0199 0x1438  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
21:17:51.0215 0x1438  Spooler - ok
21:17:51.0356 0x1438  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
21:17:51.0465 0x1438  sppsvc - ok
21:17:51.0543 0x1438  [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP           C:\WINDOWS\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS
21:17:51.0559 0x1438  SRTSP - ok
21:17:51.0574 0x1438  [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX          C:\WINDOWS\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS
21:17:51.0574 0x1438  SRTSPX - ok
21:17:51.0606 0x1438  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:51.0621 0x1438  srv - ok
21:17:51.0637 0x1438  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
21:17:51.0653 0x1438  srv2 - ok
21:17:51.0668 0x1438  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
21:17:51.0684 0x1438  srvnet - ok
21:17:51.0699 0x1438  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:17:51.0715 0x1438  SSDPSRV - ok
21:17:51.0731 0x1438  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
21:17:51.0746 0x1438  SstpSvc - ok
21:17:51.0793 0x1438  [ 7FCE08C739136C9C64107A8814EF854C, 820E494A401D69E3DA7A8624B2093DCF98198E6D8CCCE345BDF76952EE4ADB07 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:17:51.0824 0x1438  Stereo Service - ok
21:17:51.0840 0x1438  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
21:17:51.0856 0x1438  stexstor - ok
21:17:51.0871 0x1438  [ A10A6FC3F643F82777345ADDC182799A, 8D09A7643A0095A0077710423E7D8D7134F9197B6F73DA427333790BA3774A61 ] sthid           C:\WINDOWS\System32\drivers\sthid.sys
21:17:51.0871 0x1438  sthid - ok
21:17:51.0887 0x1438  [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam        C:\WINDOWS\System32\drivers\serscan.sys
21:17:51.0903 0x1438  StillCam - ok
21:17:51.0934 0x1438  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
21:17:51.0949 0x1438  stisvc - ok
21:17:51.0949 0x1438  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
21:17:51.0965 0x1438  storahci - ok
21:17:51.0965 0x1438  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
21:17:51.0981 0x1438  storflt - ok
21:17:52.0012 0x1438  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
21:17:52.0012 0x1438  stornvme - ok
21:17:52.0028 0x1438  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
21:17:52.0043 0x1438  StorSvc - ok
21:17:52.0043 0x1438  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
21:17:52.0043 0x1438  storvsc - ok
21:17:52.0074 0x1438  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
21:17:52.0074 0x1438  svsvc - ok
21:17:52.0090 0x1438  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
21:17:52.0090 0x1438  swenum - ok
21:17:52.0121 0x1438  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
21:17:52.0137 0x1438  swprv - ok
21:17:52.0168 0x1438  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\WINDOWS\system32\drivers\N360x64\1507000.00B\SYMDS64.SYS
21:17:52.0184 0x1438  SymDS - ok
21:17:52.0199 0x1438  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\WINDOWS\system32\drivers\N360x64\1507000.00B\SYMEFA64.SYS
21:17:52.0215 0x1438  SymEFA - ok
21:17:52.0231 0x1438  [ 20F758E6339A16F97DD83389D582E09A, 837016154B7952B645B5545AEB8E2A8878EFA8674E6B96471C3DB5E458B06960 ] SymELAM         C:\WINDOWS\system32\drivers\N360x64\1507000.00B\SymELAM.sys
21:17:52.0246 0x1438  SymELAM - ok
21:17:52.0262 0x1438  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
21:17:52.0278 0x1438  SymEvent - ok
21:17:52.0278 0x1438  [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON         C:\WINDOWS\system32\drivers\N360x64\1507000.00B\Ironx64.SYS
21:17:52.0293 0x1438  SymIRON - ok
21:17:52.0309 0x1438  [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS         C:\WINDOWS\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS
21:17:52.0324 0x1438  SymNetS - ok
21:17:52.0356 0x1438  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
21:17:52.0371 0x1438  SysMain - ok
21:17:52.0387 0x1438  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
21:17:52.0403 0x1438  SystemEventsBroker - ok
21:17:52.0418 0x1438  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
21:17:52.0434 0x1438  TabletInputService - ok
21:17:52.0449 0x1438  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:17:52.0465 0x1438  TapiSrv - ok
21:17:52.0528 0x1438  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
21:17:52.0575 0x1438  Tcpip - ok
21:17:52.0606 0x1438  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:52.0653 0x1438  TCPIP6 - ok
21:17:52.0668 0x1438  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
21:17:52.0668 0x1438  tcpipreg - ok
21:17:52.0700 0x1438  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
21:17:52.0715 0x1438  tdx - ok
21:17:52.0747 0x1438  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
21:17:52.0747 0x1438  terminpt - ok
21:17:52.0793 0x1438  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:17:52.0825 0x1438  TermService - ok
21:17:52.0840 0x1438  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
21:17:52.0840 0x1438  Themes - ok
21:17:52.0872 0x1438  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
21:17:52.0872 0x1438  THREADORDER - ok
21:17:52.0903 0x1438  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
21:17:52.0903 0x1438  TimeBroker - ok
21:17:52.0934 0x1438  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
21:17:52.0934 0x1438  TPM - ok
21:17:52.0950 0x1438  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
21:17:52.0965 0x1438  TrkWks - ok
21:17:52.0997 0x1438  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
21:17:52.0997 0x1438  TrustedInstaller - ok
21:17:52.0997 0x1438  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
21:17:53.0012 0x1438  TsUsbFlt - ok
21:17:53.0028 0x1438  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
21:17:53.0044 0x1438  TsUsbGD - ok
21:17:53.0044 0x1438  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
21:17:53.0059 0x1438  tunnel - ok
21:17:53.0075 0x1438  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
21:17:53.0075 0x1438  uagp35 - ok
21:17:53.0090 0x1438  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
21:17:53.0090 0x1438  UASPStor - ok
21:17:53.0122 0x1438  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
21:17:53.0137 0x1438  UCX01000 - ok
21:17:53.0153 0x1438  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
21:17:53.0169 0x1438  udfs - ok
21:17:53.0184 0x1438  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
21:17:53.0184 0x1438  UEFI - ok
21:17:53.0200 0x1438  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
21:17:53.0215 0x1438  UI0Detect - ok
21:17:53.0215 0x1438  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
21:17:53.0215 0x1438  uliagpkx - ok
21:17:53.0231 0x1438  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
21:17:53.0247 0x1438  umbus - ok
21:17:53.0262 0x1438  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
21:17:53.0262 0x1438  UmPass - ok
21:17:53.0294 0x1438  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
21:17:53.0294 0x1438  UmRdpService - ok
21:17:53.0372 0x1438  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:17:53.0387 0x1438  UNS - ok
21:17:53.0403 0x1438  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:17:53.0419 0x1438  upnphost - ok
21:17:53.0450 0x1438  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
21:17:53.0450 0x1438  USBAAPL64 - ok
21:17:53.0466 0x1438  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
21:17:53.0481 0x1438  usbaudio - ok
21:17:53.0497 0x1438  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
21:17:53.0512 0x1438  usbccgp - ok
21:17:53.0512 0x1438  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
21:17:53.0528 0x1438  usbcir - ok
21:17:53.0544 0x1438  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
21:17:53.0544 0x1438  usbehci - ok
21:17:53.0559 0x1438  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
21:17:53.0575 0x1438  usbhub - ok
21:17:53.0606 0x1438  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
21:17:53.0622 0x1438  USBHUB3 - ok
21:17:53.0653 0x1438  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
21:17:53.0653 0x1438  usbohci - ok
21:17:53.0669 0x1438  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
21:17:53.0684 0x1438  usbprint - ok
21:17:53.0700 0x1438  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:17:53.0700 0x1438  usbscan - ok
21:17:53.0731 0x1438  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
21:17:53.0731 0x1438  USBSTOR - ok
21:17:53.0747 0x1438  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
21:17:53.0762 0x1438  usbuhci - ok
21:17:53.0778 0x1438  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
21:17:53.0794 0x1438  usbvideo - ok
21:17:53.0809 0x1438  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
21:17:53.0825 0x1438  USBXHCI - ok
21:17:53.0840 0x1438  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
21:17:53.0840 0x1438  VaultSvc - ok
21:17:53.0840 0x1438  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
21:17:53.0856 0x1438  vdrvroot - ok
21:17:53.0887 0x1438  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
21:17:53.0903 0x1438  vds - ok
21:17:53.0919 0x1438  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
21:17:53.0934 0x1438  VerifierExt - ok
21:17:54.0028 0x1438  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
21:17:54.0044 0x1438  vhdmp - ok
21:17:54.0059 0x1438  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
21:17:54.0059 0x1438  viaide - ok
21:17:54.0091 0x1438  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
21:17:54.0091 0x1438  vmbus - ok
21:17:54.0122 0x1438  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
21:17:54.0122 0x1438  VMBusHID - ok
21:17:54.0153 0x1438  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
21:17:54.0169 0x1438  vmicguestinterface - ok
21:17:54.0169 0x1438  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
21:17:54.0184 0x1438  vmicheartbeat - ok
21:17:54.0200 0x1438  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
21:17:54.0216 0x1438  vmickvpexchange - ok
21:17:54.0216 0x1438  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
21:17:54.0231 0x1438  vmicrdv - ok
21:17:54.0247 0x1438  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
21:17:54.0247 0x1438  vmicshutdown - ok
21:17:54.0262 0x1438  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
21:17:54.0278 0x1438  vmictimesync - ok
21:17:54.0278 0x1438  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
21:17:54.0294 0x1438  vmicvss - ok
21:17:54.0309 0x1438  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
21:17:54.0325 0x1438  volmgr - ok
21:17:54.0341 0x1438  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
21:17:54.0356 0x1438  volmgrx - ok
21:17:54.0387 0x1438  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
21:17:54.0387 0x1438  volsnap - ok
21:17:54.0419 0x1438  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
21:17:54.0419 0x1438  vpci - ok
21:17:54.0434 0x1438  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
21:17:54.0450 0x1438  vsmraid - ok
21:17:54.0481 0x1438  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
21:17:54.0512 0x1438  VSS - ok
21:17:54.0528 0x1438  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
21:17:54.0528 0x1438  VSTXRAID - ok
21:17:54.0575 0x1438  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
21:17:54.0575 0x1438  vwifibus - ok
21:17:54.0591 0x1438  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
21:17:54.0606 0x1438  vwififlt - ok
21:17:54.0606 0x1438  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
21:17:54.0622 0x1438  vwifimp - ok
21:17:54.0637 0x1438  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
21:17:54.0653 0x1438  W32Time - ok
21:17:54.0653 0x1438  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
21:17:54.0669 0x1438  WacomPen - ok
21:17:54.0700 0x1438  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
21:17:54.0731 0x1438  wbengine - ok
21:17:54.0747 0x1438  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
21:17:54.0762 0x1438  WbioSrvc - ok
21:17:54.0794 0x1438  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
21:17:54.0809 0x1438  Wcmsvc - ok
21:17:54.0825 0x1438  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
21:17:54.0825 0x1438  wcncsvc - ok
21:17:54.0856 0x1438  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
21:17:54.0856 0x1438  WcsPlugInService - ok
21:17:54.0872 0x1438  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
21:17:54.0887 0x1438  WdBoot - ok
21:17:54.0919 0x1438  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
21:17:54.0934 0x1438  Wdf01000 - ok
21:17:54.0950 0x1438  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
21:17:54.0966 0x1438  WdFilter - ok
21:17:54.0981 0x1438  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
21:17:54.0997 0x1438  WdiServiceHost - ok
21:17:54.0997 0x1438  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
21:17:54.0997 0x1438  WdiSystemHost - ok
21:17:55.0012 0x1438  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
21:17:55.0028 0x1438  WdNisDrv - ok
21:17:55.0044 0x1438  WdNisSvc - ok
21:17:55.0059 0x1438  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:17:55.0075 0x1438  WebClient - ok
21:17:55.0091 0x1438  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
21:17:55.0106 0x1438  Wecsvc - ok
21:17:55.0122 0x1438  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
21:17:55.0137 0x1438  WEPHOSTSVC - ok
21:17:55.0153 0x1438  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
21:17:55.0169 0x1438  wercplsupport - ok
21:17:55.0184 0x1438  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
21:17:55.0184 0x1438  WerSvc - ok
21:17:55.0216 0x1438  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
21:17:55.0216 0x1438  WFPLWFS - ok
21:17:55.0231 0x1438  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
21:17:55.0247 0x1438  WiaRpc - ok
21:17:55.0262 0x1438  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
21:17:55.0262 0x1438  WIMMount - ok
21:17:55.0262 0x1438  WinDefend - ok
21:17:55.0309 0x1438  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
21:17:55.0325 0x1438  WinHttpAutoProxySvc - ok
21:17:55.0356 0x1438  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:55.0372 0x1438  Winmgmt - ok
21:17:55.0419 0x1438  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
21:17:55.0466 0x1438  WinRM - ok
21:17:55.0497 0x1438  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
21:17:55.0512 0x1438  WinUsb - ok
21:17:55.0544 0x1438  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
21:17:55.0559 0x1438  WlanSvc - ok
21:17:55.0606 0x1438  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
21:17:55.0653 0x1438  wlidsvc - ok
21:17:55.0669 0x1438  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
21:17:55.0669 0x1438  WmiAcpi - ok
21:17:55.0685 0x1438  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
21:17:55.0700 0x1438  wmiApSrv - ok
21:17:55.0731 0x1438  WMPNetworkSvc - ok
21:17:55.0747 0x1438  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
21:17:55.0747 0x1438  Wof - ok
21:17:55.0810 0x1438  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
21:17:55.0841 0x1438  workfolderssvc - ok
21:17:55.0856 0x1438  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
21:17:55.0856 0x1438  wpcfltr - ok
21:17:55.0888 0x1438  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
21:17:55.0888 0x1438  WPCSvc - ok
21:17:55.0903 0x1438  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
21:17:55.0919 0x1438  WPDBusEnum - ok
21:17:55.0919 0x1438  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
21:17:55.0935 0x1438  WpdUpFltr - ok
21:17:55.0935 0x1438  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:17:55.0950 0x1438  ws2ifsl - ok
21:17:55.0966 0x1438  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
21:17:55.0966 0x1438  wscsvc - ok
21:17:55.0981 0x1438  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
21:17:55.0981 0x1438  WSDPrintDevice - ok
21:17:56.0013 0x1438  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan         C:\WINDOWS\System32\drivers\WSDScan.sys
21:17:56.0013 0x1438  WSDScan - ok
21:17:56.0013 0x1438  WSearch - ok
21:17:56.0091 0x1438  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
21:17:56.0153 0x1438  WSService - ok
21:17:56.0216 0x1438  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
21:17:56.0263 0x1438  wuauserv - ok
21:17:56.0294 0x1438  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
21:17:56.0294 0x1438  WudfPf - ok
21:17:56.0310 0x1438  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
21:17:56.0325 0x1438  WUDFRd - ok
21:17:56.0341 0x1438  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
21:17:56.0356 0x1438  wudfsvc - ok
21:17:56.0356 0x1438  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
21:17:56.0372 0x1438  WUDFWpdFs - ok
21:17:56.0372 0x1438  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
21:17:56.0388 0x1438  WUDFWpdMtp - ok
21:17:56.0403 0x1438  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
21:17:56.0419 0x1438  WwanSvc - ok
21:17:56.0450 0x1438  [ 03CD249A16CF815FFFD347DC61EF9E6D, 3DE860B1BACF3F1D48B773FD6F4E25977F5193F01897278AED6CD276595356CE ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
21:17:56.0450 0x1438  ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
21:17:58.0872 0x1438  Detect skipped due to KSN trusted
21:17:58.0872 0x1438  ZAtheros Bt and Wlan Coex Agent - ok
21:17:58.0872 0x1438  ================ Scan global ===============================
21:17:58.0951 0x1438  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
21:17:58.0982 0x1438  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
21:17:58.0997 0x1438  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
21:17:59.0044 0x1438  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
21:17:59.0044 0x1438  [ Global ] - ok
21:17:59.0044 0x1438  ================ Scan MBR ==================================
21:17:59.0060 0x1438  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:17:59.0122 0x1438  \Device\Harddisk0\DR0 - ok
21:17:59.0122 0x1438  ================ Scan VBR ==================================
21:17:59.0138 0x1438  [ D7222A97BA02F680E496515692E21708 ] \Device\Harddisk0\DR0\Partition1
21:17:59.0185 0x1438  \Device\Harddisk0\DR0\Partition1 - ok
21:17:59.0201 0x1438  [ 370860A86EDE45CB23289CB01440D2C1 ] \Device\Harddisk0\DR0\Partition2
21:17:59.0232 0x1438  \Device\Harddisk0\DR0\Partition2 - ok
21:17:59.0247 0x1438  [ B28F977AB0787D3937959F99DC3C344B ] \Device\Harddisk0\DR0\Partition3
21:17:59.0247 0x1438  \Device\Harddisk0\DR0\Partition3 - ok
21:17:59.0247 0x1438  [ 57AC6742B8190EBBD881C11F32740F85 ] \Device\Harddisk0\DR0\Partition4
21:17:59.0294 0x1438  \Device\Harddisk0\DR0\Partition4 - ok
21:17:59.0341 0x1438  [ AB215FC2FCC7F18EEAAF672BF6E61B64 ] \Device\Harddisk0\DR0\Partition5
21:17:59.0404 0x1438  \Device\Harddisk0\DR0\Partition5 - ok
21:17:59.0404 0x1438  [ 2018F1D4AB18A1A8251FD6EB9D2D60B2 ] \Device\Harddisk0\DR0\Partition6
21:17:59.0451 0x1438  \Device\Harddisk0\DR0\Partition6 - ok
21:17:59.0482 0x1438  [ 5170A4AE1D2EA211F8A6E6C1AD0D883E ] \Device\Harddisk0\DR0\Partition7
21:17:59.0497 0x1438  \Device\Harddisk0\DR0\Partition7 - ok
21:17:59.0497 0x1438  ================ Scan generic autorun ======================
21:17:59.0701 0x1438  [ D066F5D95B5AC708CD39AD4AB64A244C, B7817CFC3AC33B6C8C0295E0F809E3AC4E33CFDC341524B73C853A15F605D96B ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:17:59.0794 0x1438  RTHDVCPL - ok
21:17:59.0826 0x1438  [ 64F205BBD12CD0DFE5B1F44F8E61DFF3, 5D1AB5C0C9F5BCC5E0EC5C83B53879FF840D7A9DF58D6280685FCC7FAB006178 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:17:59.0857 0x1438  RtHDVBg - ok
21:17:59.0873 0x1438  [ 68EA8B92EA2462E790B995117142E6A9, CDCF084213865AF59C4823B086FFDFAEF3055A5D8A8ADCCDB868FC236F0A8796 ] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
21:17:59.0888 0x1438  BtTray - detected UnsignedFile.Multi.Generic ( 1 )
21:18:02.0295 0x1438  Detect skipped due to KSN trusted
21:18:02.0295 0x1438  BtTray - ok
21:18:02.0310 0x1438  [ 238AE7D7816B127DF1BF40FE9FCB1D61, 922A0C3094E40EAB726E01EC8CB2B479ABA16479379525F22B1C5BC3CC704B85 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
21:18:02.0326 0x1438  BtvStack - detected UnsignedFile.Multi.Generic ( 1 )
21:18:04.0717 0x1438  Detect skipped due to KSN trusted
21:18:04.0717 0x1438  BtvStack - ok
21:18:04.0764 0x1438  [ 7FC2E41E153DACFDA98D4166A5B41273, 7E38E5BB2A52FE2DF48D6CF0BC115D4E6304B48CA6B99FAC815228BDBB6651E9 ] C:\Windows\SysWOW64\UMonit.exe
21:18:04.0779 0x1438  UMonit - detected UnsignedFile.Multi.Generic ( 1 )
21:18:07.0373 0x1438  UMonit ( UnsignedFile.Multi.Generic ) - warning
21:18:09.0796 0x1438  [ E7861EAA7881E086B2DB88ADF4279D4B, D040BCEC5B7519357D4E28653FC0F9F4FEAA88D291726A0763EA5E84C8C5D840 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:18:09.0796 0x1438  IAStorIcon - ok
21:18:09.0905 0x1438  [ 2362B857693DA580E04ECE28F7D67E7E, EABF4B6502A06B94D07E25D78D8CEF8862B7FE5D117F7F145268B95688A02E62 ] C:\Program Files (x86)\ASUS\APRP\APRP.EXE
21:18:09.0952 0x1438  ASUSPRP - ok
21:18:09.0968 0x1438  [ 2D75851551D18878FADC21E166DEA3FA, 42450D509384FCC1FADABC4CC027B1BB3D5D9031EFD2B294DCA069A429AB8AD3 ] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
21:18:09.0999 0x1438  ASUS Ai Charger - ok
21:18:10.0108 0x1438  [ B15880A58755DA0FADB15923013A7957, 4090342AF93538C5F3157605164CF5EC051B6D767B1B7FCCF3265F1D426E88AA ] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe
21:18:10.0155 0x1438  ASUSWebStorage - ok
21:18:10.0171 0x1438  mcui_exe - ok
21:18:10.0218 0x1438  [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
21:18:10.0218 0x1438  RemoteControl10 - ok
21:18:10.0233 0x1438  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] D:\Programme\MSOffice\Office12\GrooveMonitor.exe
21:18:10.0233 0x1438  GrooveMonitor - ok
21:18:10.0296 0x1438  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:18:10.0327 0x1438  Adobe ARM - ok
21:18:10.0358 0x1438  [ 3237A58DC79C051004CD3A67C8FBC781, 696CF967C65EE742DC4EBECEFA4D298E4EF7D8E7FC3FE985583FAD6853639FD7 ] C:\Program Files (x86)\Java\jre6\bin\jusched.exe
21:18:10.0374 0x1438  SunJavaUpdateSched - ok
21:18:10.0405 0x1438  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] D:\Programme\itunes\iTunesHelper.exe
21:18:10.0421 0x1438  iTunesHelper - ok
21:18:10.0499 0x1438  [ 683C9DF0582D8EEFAA90CE1514019BC1, 62C875888029BF32C19656B13C5504016209E4553B0B93FAE21F3930149EE9CA ] D:\Programme\DAEMON Tools Lite\DTLite.exe
21:18:10.0561 0x1438  DAEMON Tools Lite - ok
21:18:10.0640 0x1438  [ 15D948DC30150BA79E4E299ABD171258, 45D591036ADB5FCD3D741598271A242C443A412A159E31DB7B5772E554C128FD ] C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
21:18:10.0702 0x1438  HP Officejet Pro 6830 (NET) - ok
21:18:10.0702 0x1438  Waiting for KSN requests completion. In queue: 11
21:18:11.0718 0x1438  Waiting for KSN requests completion. In queue: 11
21:18:12.0734 0x1438  Waiting for KSN requests completion. In queue: 11
21:18:13.0734 0x1438  AV detected via SS2: Norton 360 Premier Edition, C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe ( 22.3.0.0 ), 0x51000 ( enabled : updated )
21:18:13.0781 0x1438  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
21:18:13.0781 0x1438  FW detected via SS2: Norton 360 Premier Edition, C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe ( 22.3.0.0 ), 0x51010 ( enabled )
21:18:16.0172 0x1438  ============================================================
21:18:16.0172 0x1438  Scan finished
21:18:16.0172 0x1438  ============================================================
21:18:16.0172 0x0cc0  Detected object count: 1
21:18:16.0172 0x0cc0  Actual detected object count: 1
21:20:04.0453 0x0cc0  UMonit ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:04.0453 0x0cc0  UMonit ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
hoffe es hilft weiter

Alt 10.06.2015, 20:36   #5
M-K-D-B
/// TB-Ausbilder
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Servus,


das ist keine Bedrohung, nur eine Fehlmeldung.

Wir beginnen so:


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Alt 11.06.2015, 09:36   #6
esmoped
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Servus,

habe ein Problem mit dem Malwarebytes Programm.

habe alles gemacht wie in der Anwendung beschrieben allerdings ist bei mir der Button "next" "ausgegraut".
Um zu scanen muss ich den Button "scan" drücken. Allerdings hängt er sich scheinbar nach einigen Minuten auf.



oben steht noch was von der UMonit.exe

der "Next" Butten bleibt weiterhin ausgegraut

Habe das 2 mal jetzt versucht und immer das gleiche.

Wie machen wir weiter?

Alt 11.06.2015, 13:36   #7
M-K-D-B
/// TB-Ausbilder
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste mir den Inhalt mit deiner nächsten Antwort.





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die Logdatei von Shortcut-Cleaner,
  • die beiden neuen Logdateien von FRST.

Alt 11.06.2015, 18:39   #8
esmoped
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Schritt 1.

Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 11/06/2015 um 18:53:47
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-09.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Nicole - Karl
# Gestarted von : C:\Users\Nicole\Desktop\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 0141411388428713mcinstcleanup

***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [928 Bytes] - [11/06/2015 18:52:50]
AdwCleaner[S0].txt - [853 Bytes] - [11/06/2015 18:53:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [911  Bytes] ##########
         
Schritt 2: hier gibt es wohl einen Trojaner

Code:
ATTFilter
alwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11.06.2015
Suchlauf-Zeit: 19:01:33
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.11.03
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Nicole

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 373364
Verstrichene Zeit: 7 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
Trojan.Agent.AI, C:\Users\Nicole\AppData\Local\Temp\Quarantine.exe, In Quarantäne, [70ff506938523df9823c521bbb47cd33], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

Schritt 3:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 8.1 x64
Ran by Nicole on 11.06.2015 at 19:22:34,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.06.2015 at 19:24:28,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Schritt 4:

Code:
ATTFilter
Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1 
Program started at: 06/11/2015 07:30:22 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Nicole\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Nicole\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 06/11/2015 07:30:22 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
         

Schritt 5:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Nicole (administrator) on Karl on 11-06-2015 19:33:50
Running from C:\Users\Nicole\Desktop
Loaded Profiles: Nicole (Available Profiles: Nicole)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6844560 2012-11-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Atheros Communications)
HKLM\...\Run: [UMonit] => C:\Windows\SysWOW64\UMonit.exe [40960 2013-01-31] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-06-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => D:\Programme\MSOffice\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2014-02-28] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\Programme\itunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\Run: [DAEMON Tools Lite] => D:\Programme\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3494920 2014-01-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\MountPoints2: {375500e3-7178-11e3-824f-6c71d97d4814} - "H:\SETUP.EXE" 
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-30] (Qualcomm Atheros Commnucations)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\MSOffice\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-02-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\MSOffice\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s77l0dnw.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\itunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s77l0dnw.default\Extensions\de_DE@dicts.j3e.de [2015-03-01]
FF Extension: Adblock Plus - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s77l0dnw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-06-11]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D:\Programme\MSOffice\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2011-04-12] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150602.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-30] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-31] (Symantec Corporation)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150610.003\IDSvia64.sys [684248 2015-05-31] (Symantec Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150610.034\ENG64.SYS [129752 2015-05-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150610.034\EX64.SYS [2137304 2015-05-01] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-04-01] (Splashtop Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 19:30 - 2015-06-11 19:30 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Nicole\Desktop\sc-cleaner.exe
2015-06-11 19:30 - 2015-06-11 19:30 - 00001830 _____ C:\Users\Nicole\Desktop\sc-cleaner.txt
2015-06-11 19:24 - 2015-06-11 19:24 - 00000611 _____ C:\Users\Nicole\Desktop\JRT.txt
2015-06-11 19:22 - 2015-06-11 19:22 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-WALTERNIC-Windows-8.1-(64-bit).dat
2015-06-11 19:22 - 2015-06-11 19:22 - 00000000 ____D C:\RegBackup
2015-06-11 19:19 - 2015-06-11 19:19 - 02943663 _____ (Thisisu) C:\Users\Nicole\Desktop\JRT.exe
2015-06-11 19:17 - 2015-06-11 19:17 - 00001281 _____ C:\Users\Nicole\Desktop\mbam.txt
2015-06-11 19:00 - 2015-06-11 19:00 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-11 19:00 - 2015-06-11 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-11 19:00 - 2015-06-11 19:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-11 19:00 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-11 19:00 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-11 18:58 - 2015-06-11 18:58 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nicole\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-11 18:52 - 2015-06-11 18:53 - 00000000 ____D C:\AdwCleaner
2015-06-11 18:50 - 2015-06-11 18:50 - 02231296 _____ C:\Users\Nicole\Desktop\AdwCleaner_4.206.exe
2015-06-11 08:35 - 2015-06-11 19:14 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-11 08:35 - 2015-06-11 19:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-11 08:35 - 2015-06-11 19:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-11 08:32 - 2015-06-11 08:32 - 00000000 ____D C:\Users\Nicole\Desktop\mbar
2015-06-11 08:32 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-11 08:30 - 2015-06-11 08:30 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nicole\Desktop\mbar-1.09.1.1004.exe
2015-06-10 21:11 - 2015-06-10 21:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nicole\Desktop\tdsskiller.exe
2015-06-10 21:08 - 2015-06-10 21:08 - 00029827 _____ C:\Users\Nicole\Desktop\Addition.txt
2015-06-10 21:07 - 2015-06-11 19:33 - 00017681 _____ C:\Users\Nicole\Desktop\FRST.txt
2015-06-10 21:07 - 2015-06-11 19:33 - 00000000 ____D C:\FRST
2015-06-10 21:05 - 2015-06-10 21:05 - 02108928 _____ (Farbar) C:\Users\Nicole\Desktop\frst64.exe
2015-06-10 19:55 - 2015-06-10 19:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-10 17:27 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 17:27 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 17:27 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 17:27 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 17:27 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 17:27 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 17:27 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 17:27 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 17:27 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 17:27 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 17:27 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 17:27 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 17:27 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 17:27 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 17:27 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 17:27 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 17:27 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 17:26 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 17:26 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 17:26 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 17:26 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 17:26 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 17:26 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 17:26 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 17:26 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 17:26 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 17:26 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 17:26 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 17:26 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 17:26 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 17:26 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 17:26 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 17:26 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 17:26 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 17:26 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 17:26 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 17:26 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 17:26 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 17:26 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 17:26 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 17:26 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 17:26 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 17:26 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 17:26 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 17:26 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 17:26 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 17:26 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 17:26 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 17:26 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 17:26 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 17:26 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 17:26 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 17:26 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 17:26 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 17:26 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 17:26 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 17:26 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 17:26 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 17:26 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 17:26 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 17:26 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 17:26 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 17:26 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 17:26 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 17:26 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 17:26 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 17:26 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 17:26 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 17:26 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 17:26 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 17:26 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 17:26 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 17:26 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-07 15:43 - 2015-06-07 15:43 - 00000000 ____D C:\Users\Nicole\AppData\Local\GWX
2015-06-05 07:50 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-05 07:50 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-05 07:50 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-02 17:46 - 2015-06-05 07:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-23 13:42 - 2015-05-23 13:42 - 01972544 _____ (Audible, Inc.) C:\Users\Nicole\Downloads\AudibleDM_iTunesSetup.exe
2015-05-19 09:47 - 2015-05-23 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-05-19 09:47 - 2015-05-23 13:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\Audible
2015-05-19 09:47 - 2015-05-19 09:47 - 00255352 _____ (Audible, Inc.) C:\WINDOWS\SysWOW64\awrdscdc.ax
2015-05-19 09:47 - 2015-05-19 09:47 - 00001992 _____ C:\Users\Nicole\Desktop\Audible Manager.lnk
2015-05-19 09:47 - 2015-05-19 09:47 - 00000000 ____D C:\Users\Public\Documents\Audible
2015-05-19 09:47 - 2015-05-19 09:47 - 00000000 ____D C:\Users\Nicole\Documents\Audible
2015-05-19 09:47 - 2015-05-19 09:47 - 00000000 ____D C:\Program Files (x86)\Audible
2015-05-19 09:47 - 2003-03-18 21:20 - 01060864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-05-19 09:42 - 2015-05-19 09:42 - 01730272 _____ (Audible Inc.) C:\Users\Nicole\Downloads\ActiveSetupN.exe
2015-05-13 09:31 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:31 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:43 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 08:43 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 08:43 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 08:43 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 08:43 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 08:43 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 08:43 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 08:43 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 08:43 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 08:43 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 08:43 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 08:43 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 08:43 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 08:43 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 08:43 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 08:43 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 08:43 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 08:43 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 08:43 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 08:43 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 08:43 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 08:43 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 08:43 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 08:43 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 08:43 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 08:43 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 08:43 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 08:43 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 08:43 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 08:43 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 08:43 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 08:43 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 08:43 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 08:43 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 08:43 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 08:43 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 08:43 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 08:43 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 08:43 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 19:17 - 2013-12-30 15:44 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1520285763-1857122015-4067979159-1001
2015-06-11 19:16 - 2013-11-14 09:27 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-11 19:16 - 2013-11-14 09:11 - 00765378 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-11 19:16 - 2013-11-14 09:11 - 00159696 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-11 19:12 - 2013-12-30 20:11 - 00000000 __RDO C:\Users\Nicole\SkyDrive
2015-06-11 19:12 - 2013-12-30 19:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-11 19:12 - 2013-12-30 15:35 - 00000062 _____ C:\Users\Nicole\AppData\Roaming\sp_data.sys
2015-06-11 19:12 - 2013-11-14 00:18 - 00064054 _____ C:\WINDOWS\PFRO.log
2015-06-11 19:12 - 2013-10-25 18:20 - 00000000 ____D C:\WINDOWS\Options
2015-06-11 19:12 - 2013-08-22 16:46 - 00323644 _____ C:\WINDOWS\setupact.log
2015-06-11 19:12 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-11 19:09 - 2013-12-30 19:21 - 01740890 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-11 19:03 - 2013-12-30 22:08 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-11 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-11 18:54 - 2013-12-30 19:25 - 00000000 ____D C:\Users\Nicole
2015-06-11 18:54 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-11 10:23 - 2014-08-18 19:37 - 00000000 ____D C:\Users\Nicole\AppData\Local\Windows Live
2015-06-11 09:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-11 08:55 - 2013-12-31 11:43 - 00000000 ____D C:\Users\Nicole\AppData\Local\CrashDumps
2015-06-10 19:53 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-10 19:52 - 2013-08-22 16:44 - 00557496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 19:50 - 2013-12-30 16:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 19:50 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 19:49 - 2013-12-30 16:42 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 19:48 - 2013-12-30 21:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 17:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-08 08:30 - 2014-08-18 20:22 - 00000000 ____D C:\Users\Nicole\AppData\Local\Adobe
2015-06-08 08:29 - 2013-12-30 22:08 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-07 09:56 - 2015-04-18 09:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-07 09:56 - 2015-03-08 12:03 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-05 07:46 - 2013-12-30 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 18:18 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-20 09:00 - 2015-04-07 15:08 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-20 09:00 - 2015-04-07 15:08 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-15 20:56 - 2014-01-08 15:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 11:00 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-13 11:00 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 09:29 - 2013-11-14 09:13 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2013-12-30 15:35 - 2015-06-11 19:12 - 0000062 _____ () C:\Users\Nicole\AppData\Roaming\sp_data.sys
2014-01-07 13:11 - 2014-01-07 13:11 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Nicole\AppData\Local\Temp\ose00000.exe
C:\Users\Nicole\AppData\Local\Temp\sqlite3.dll
C:\Users\Nicole\AppData\Local\Temp\_is4C8E.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 21:12

==================== End of log ============================
         
--- --- ---



[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Nicole at 2015-06-11 19:34:19
Running from C:\Users\Nicole\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1520285763-1857122015-4067979159-500 - Administrator - Disabled)
Gast (S-1-5-21-1520285763-1857122015-4067979159-501 - Limited - Disabled)
Nicole (S-1-5-21-1520285763-1857122015-4067979159-1001 - Administrator - Enabled) => C:\Users\Nicole
UpdatusUser (S-1-5-21-1520285763-1857122015-4067979159-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier Edition (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier Edition (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.05 - ASUSTeK Computer Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS Key Suite (HKLM-x32\...\{71E2F4D6-191A-4A36-8A5C-8AFEA92729C9}) (Version: 1.02.01 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Transformer AiO (HKLM-x32\...\{27511FFF-5E1F-491C-8128-152DF1437EC2}) (Version: 1.04.00 - ASUSTeK Computer Inc.)
ASUS Video easy (HKLM-x32\...\MAGIX_{E3185090-8796-46FB-A27F-6C844F106DAC}) (Version: 4.0.1.90 - MAGIX AG)
ASUS Video easy (Version: 4.0.1.90 - MAGIX AG) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.28 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.18 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 36962992.1637756.4759644.48 - Audible, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chameleon Gems (HKLM-x32\...\Chameleon Gems) (Version:  - GameHouse, Inc.)
Connection Builder (HKLM-x32\...\{BFD3F8C8-370C-472A-9817-546A2587E42C}) (Version: 1.02.17 - ASUSTeK Computer Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
ENE CIR Receiver Driver (HKLM\...\418374E8BD1F08FCA12E6AEC5F8FD985D836DC4B) (Version: 4.0.0.0 - ENE)
Fingertapps Instruments (HKLM-x32\...\{A9D04D4D-D330-4402-854E-E4EF8AD26E8B}) (Version: 2.0.143.0 - Fingertapps)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.2 - Genesys Logic)
HP Officejet Pro 6830 - Grundlegende Software für das Gerät (HKLM\...\{E16679B8-4224-4EDE-AE8C-590C07F42A1C}) (Version: 33.0.63.47385 - Hewlett-Packard Co.)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.0.01.09151 - Sony Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java(TM) 6 Update 12 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.120 - Sun Microsystems, Inc.)
KODAK Create@Home Software (für dm) (HKLM-x32\...\{43B8BDF6-13EC-44BE-9EDA-F284C4CA19A6}) (Version: 7.8.1392 - Eastman Kodak Company)
Luxor: Amun Rising (HKLM-x32\...\Luxor: Amun Rising) (Version:  - GameHouse, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 311.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 311.03 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
P1801 System Behavior (HKLM-x32\...\{FAD76E43-5857-4915-A10F-D02616A5C6E6}) (Version: 1.00.04 - ASUSTeK Computer Inc.)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.10.12161 - Sony Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Splashtop Streamer (HKLM-x32\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 1.5.0.1 - Splashtop Inc.)
Splashtop Streamer (x32 Version: 1.5.0.1 - Splashtop Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-05-2015 13:49:56 Windows Update
31-05-2015 08:15:14 Geplanter Prüfpunkt
05-06-2015 08:00:42 Windows Update
10-06-2015 19:46:47 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E5EE76E-9D36-4D5F-AC0F-0538A48372F2} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2773A504-7951-4B7B-BA5C-27B4D6F95D0E} - System32\Tasks\ASUS\ASUS Key Suite Helper => C:\Program Files (x86)\ASUS\ASUS Key Suite\AsRunKeySuite.exe [2012-11-23] (ASUSTeK Computer Inc.)
Task: {37F40C7A-2467-4B83-837C-09C2A89CEDC4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3D36E2F8-57CC-4C11-8233-3F8D903EABB1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-06-02] (Symantec Corporation)
Task: {43BEE9DB-BB31-4640-8352-1FFF8297AFA1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4DB66915-643B-4E8E-B0C4-739E65800B6F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-27] (ASUS)
Task: {5477F820-9B1E-48AE-A407-73FBD0E6C85F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {549D4CA1-B812-4658-BED7-2C5350739AB9} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {5B224D05-9E95-4978-B630-555EEE01DDA3} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {60742EBA-EB7F-4509-9716-2AD942747FDC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {6706EEF8-052D-426C-AFBF-219C78A19E2F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {69F4EF44-66CF-402F-A8EA-9DB9D829CDD3} - System32\Tasks\ASUS\P1801 Connection Builder => C:\Program Files (x86)\ASUS\Connection Builder\ConBuilder.exe [2013-10-11] (ASUSTeK Computer Inc.)
Task: {A2156072-8469-45CA-B67C-C9DA2403414F} - System32\Tasks\ASUS\ASUS Trans AiO => C:\Program Files (x86)\ASUS\ASUS Trans AiO\TaichiHome.exe [2013-03-12] (ASUSTeK Computer Inc.)
Task: {B7A911EF-0FB6-4307-9F07-6183DFE9E823} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-27] ()
Task: {D751FD02-A111-4DEB-967E-52620031E70F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {DA9F3688-2B45-4B36-961F-808690A36847} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-08] (Adobe Systems Incorporated)
Task: {E3430FCF-8B8F-456F-BC70-BF9D2D879318} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {E89FF20F-70EF-4590-82E8-B520B62018A8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {F14A06F4-EB97-43B8-A231-07CA664FC820} - System32\Tasks\ASUS\P1801 System Behavior => C:\Program Files\ASUS\P1801 System Behavior\P1801Ctrl.exe [2013-03-30] (ASUSTeK Computer Inc.)
Task: {FCDF6863-B2BB-4E75-912B-189CA8873149} - System32\Tasks\ASUS\ASUS Trans AiO Helper => C:\Program Files (x86)\ASUS\ASUS Trans AiO\AsRunASUSTransAiO.exe [2013-03-12] (ASUSTeK Computer Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Nicole\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5DD1C950-D944-4B0B-AF82-F235007DC949}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{6BF18C1E-7EF2-496C-A626-1A2750985878}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{DF2CF1EB-3EC3-41C4-8568-E161B70D9F91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{1F459F51-4C32-4C71-A51C-97A21957A5F0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{FF911294-156E-454F-86DB-2333F36B4707}] => (Allow) LPort=1900
FirewallRules: [{F5BB157D-DAC5-4FB1-9E6E-73DEF9E26321}] => (Allow) LPort=2869
FirewallRules: [{3CFC8ABA-4A13-4616-AB8B-92C33B54B649}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A8CB0072-62E5-48F3-A157-93AD7B6774B0}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{60CA7487-7222-48AB-9C1B-3933BF22AF09}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{830F01C3-FE1D-48FB-A536-81242B3DE001}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{3CE4B84B-263A-4524-9E04-2467B95CBB51}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{ED98D831-AA21-4FC2-AD33-B7A02FB51BF5}] => (Allow) D:\Programme\MSOffice\Office12\outlook.exe
FirewallRules: [{47B11092-F366-453C-A086-0535626A427D}] => (Allow) D:\Programme\MSOffice\Office12\GROOVE.EXE
FirewallRules: [{59CED28C-0BF3-4E76-9BD7-2CEEC7A83985}] => (Allow) D:\Programme\MSOffice\Office12\GROOVE.EXE
FirewallRules: [{152F3054-D2FC-43AA-AC8F-53C3DFDC4091}] => (Allow) D:\Programme\MSOffice\Office12\ONENOTE.EXE
FirewallRules: [{7FF6A6C8-B877-48A8-B961-9FD8422F5368}] => (Allow) D:\Programme\MSOffice\Office12\ONENOTE.EXE
FirewallRules: [{2DA37F2C-9B1A-4C95-9693-F4012CEE5FD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFCAC1AC-3EFD-4E18-893A-C3CF95F3E4AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0922EF9-5E53-4A01-AFCE-90FAEC1B7C0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6CF19376-B996-416F-8FC3-BC4369CFDB97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B304C1B9-18F6-4948-9E0E-67CF811F8070}] => (Allow) D:\Programme\itunes\iTunes.exe
FirewallRules: [{DBEF36D1-BAA0-4425-8DD5-8A698884DED8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{104A0A32-0A77-437E-BD44-D27337074413}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{347DAF94-AA71-4930-9E40-FC9285E93E47}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{8C7DA66D-36B3-4A81-8F14-6E56D9EF4547}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{A1C9B032-DD49-4FA3-803E-FE2F81BB61DE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{A9E6060D-90C0-4622-9D19-E4434BE79162}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{4E581567-F328-48FC-93FF-C693C2777288}] => (Allow) LPort=5357
FirewallRules: [{41D5DC26-1893-4F39-872F-B9A9D640ADC2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4B054356-9092-45F5-8173-39FB018EEF70}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{F90A26E6-C827-4BFC-8124-FDE4C1B811CB}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{53D99B39-96BF-4E93-9205-3C9AB811A3C4}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
FirewallRules: [{4DCEDFA2-EA33-4D3C-9A9F-8677DD2DF943}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\inputserv.exe
FirewallRules: [{DE39DEDB-1261-4A56-9A6C-8FE51550ABB7}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRLogin.exe

==================== Faulty Device Manager Devices =============

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2015 08:55:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbar.exe, Version: 1.9.1.1004, Zeitstempel: 0x54d5665f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2
Ausnahmecode: 0xc0000008
Fehleroffset: 0x0007d315
ID des fehlerhaften Prozesses: 0xcec
Startzeit der fehlerhaften Anwendung: 0xmbar.exe0
Pfad der fehlerhaften Anwendung: mbar.exe1
Pfad des fehlerhaften Moduls: mbar.exe2
Berichtskennung: mbar.exe3
Vollständiger Name des fehlerhaften Pakets: mbar.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbar.exe5

Error: (06/10/2015 08:12:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname walternic.local already in use; will try walternic-2.local instead

Error: (06/10/2015 08:12:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 walternic.local. Addr 192.168.2.113

Error: (06/10/2015 08:12:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 walternic.local. AAAA 0000:0000:0000:004A:003F:9AB2:255E:A623

Error: (06/10/2015 08:11:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname walternic.local already in use; will try walternic-2.local instead

Error: (06/10/2015 08:11:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 walternic.local. Addr 192.168.2.113

Error: (06/10/2015 08:11:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 walternic.local. AAAA 0000:0000:0000:004A:003F:9AB2:255E:A623

Error: (06/09/2015 06:04:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46687

Error: (06/09/2015 06:04:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46687

Error: (06/09/2015 06:04:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/11/2015 07:22:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/11/2015 07:22:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/11/2015 07:22:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/11/2015 07:22:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/11/2015 07:22:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ZAtheros Bt and Wlan Coex Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/11/2015 07:22:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/11/2015 07:22:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/11/2015 07:22:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/11/2015 07:22:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AtherosSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/11/2015 07:22:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Asus WebStorage Windows Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 19%
Total physical RAM: 8142.69 MB
Available physical RAM: 6594.43 MB
Total Pagefile: 9422.69 MB
Available Pagefile: 7689.47 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.66 GB) (Free:105.18 GB) NTFS
Drive d: (Data) (Fixed) (Total:1693.49 GB) (Free:1628.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: DC5B318A)

Partition: GPT Partition Type.

==================== End of log ============================
         
--- --- ---



So denke ich habe alles gemacht wie angesagt, aufgefallen ist mir die eine Trojaner Meldung bei Schitt 2.

Alt 11.06.2015, 20:59   #9
M-K-D-B
/// TB-Ausbilder
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Servus,



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
RemoveProxy:
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 12.06.2015, 08:31   #10
esmoped
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Schritt 1:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Nicole at 2015-06-12 08:32:42 Run:1
Running from C:\Users\Nicole\Desktop
Loaded Profiles: Nicole (Available Profiles: Nicole)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
RemoveProxy:
EmptyTemp:
end
*****************

Processes closed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1520285763-1857122015-4067979159-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 363.1 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 08:32:52 ====
         

Schritt 2:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=93d74e5541a16c4596f994f3f310e9a9
# end=init
# utc_time=2015-06-12 06:37:59
# local_time=2015-06-12 08:37:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24293
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=93d74e5541a16c4596f994f3f310e9a9
# end=updated
# utc_time=2015-06-12 06:39:40
# local_time=2015-06-12 08:39:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=93d74e5541a16c4596f994f3f310e9a9
# engine=24293
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-12 07:14:20
# local_time=2015-06-12 09:14:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 52006 184755756 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7925097 58974553 0 0
# scanned=232986
# found=1
# cleaned=0
# scan_time=2079
sh=8A72F448F17C026A1B2A59686DE720079CCBA08F ft=1 fh=4d4a711952b3453e vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\DTLite4481-0347.exe"
         
Schritt 3:

Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton 360 Premier Edition   
Windows Defender             
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 12  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 12.06.2015, 14:24   #11
M-K-D-B
/// TB-Ausbilder
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
D:\Downloads\DTLite4481-0347.exe
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!








Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 
 


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 12.06.2015, 15:41   #12
esmoped
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



FRST
Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Nicole at 2015-06-12 16:16:35 Run:2
Running from C:\Users\Nicole\Desktop
Loaded Profiles: Nicole (Available Profiles: Nicole)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
D:\Downloads\DTLite4481-0347.exe
end
       
*****************

Processes closed successfully.
D:\Downloads\DTLite4481-0347.exe => moved successfully.


The system needed a reboot.. 

==== End of Fixlog 16:16:36 ====
         
Hallo Matthias,

erst einmal vielen Dank für deine super Hilfe!!!!

Ich habe alle Programme und Logs entfernt. Meine Frau hat parallel hierzu an meinen Rechner Ihrer wichtigen Passwörter (E-Mail, Postbank,...) geändert.
Kann man sagen das dieser Rechner wieder sauber ist, bzw. welche Schadsoftware auf dem Rechner war?

Vielen Dank noch einmal und beste Grüße

Alt 12.06.2015, 22:51   #13
M-K-D-B
/// TB-Ausbilder
 
DHL Link angeklickt, aber nicht sicher ob er echt war - Standard

DHL Link angeklickt, aber nicht sicher ob er echt war



Servus,


Rechner ist sauber.

Anscheinend hattet ihr Glück, wir konnten keine Malware entdecken.

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu DHL Link angeklickt, aber nicht sicher ob er echt war
allgemein, benutzer, checken, code, datei, deaktivieren, desktop, dhl-virus-trojaner, fake, fehlermeldung, internet, laden, link, mail, nichts, norton, norton 360, ordner, programm, recovery, runter, scan, seite, tool, unbekanntes, zeichen



Ähnliche Themen: DHL Link angeklickt, aber nicht sicher ob er echt war


  1. Phishing SMS iPhone Link angeklickt
    Alles rund um Mac OSX & Linux - 04.11.2015 (1)
  2. DHL Mail Link angeklickt
    Log-Analyse und Auswertung - 27.05.2015 (18)
  3. DHL Phishing Mail - Link angeklickt - ZIP-Datei NICHT geöffnet / gelöscht
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (8)
  4. DHL E-mail geöffnet und link angeklickt
    Log-Analyse und Auswertung - 08.05.2015 (14)
  5. Phishing Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (13)
  6. Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (9)
  7. Link angeklickt DHL
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (18)
  8. DHL Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (7)
  9. Spam angeklickt. Nicht sicher über die Folgen
    Plagegeister aller Art und deren Bekämpfung - 29.08.2014 (17)
  10. Link in E-mail angeklickt
    Log-Analyse und Auswertung - 15.04.2014 (8)
  11. PayPal Phishingmail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (13)
  12. Phishing-Link von Paypal angeklickt
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (11)
  13. Schädlichen Link angeklickt.
    Log-Analyse und Auswertung - 26.04.2013 (25)
  14. Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (1)
  15. Link in eMail angeklickt: PC infiziert?
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (5)
  16. Glaub hab mir was eingefangen, bin mir aber nicht sicher...
    Log-Analyse und Auswertung - 22.04.2008 (1)
  17. Bin mir nicht sicher aber könnte sein
    Log-Analyse und Auswertung - 12.12.2007 (1)

Zum Thema DHL Link angeklickt, aber nicht sicher ob er echt war - Hallo Trojaner-Board Team, meine Frau hat eine Mail von "DHL" bekommen, dass ihr Paket bei den Nachbarn abgegeben wurde. Wie meine Frau so ist, hat Sie nicht erst mal bei - DHL Link angeklickt, aber nicht sicher ob er echt war...
Archiv
Du betrachtest: DHL Link angeklickt, aber nicht sicher ob er echt war auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.