| |
| |||||||
Log-Analyse und Auswertung: DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.06.2015, 22:52
| #1 |
 |  DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Hallo ich bin Sandra. Ich erhielt letzte Woche (Dienstag) das DHL Phishing Mail, da ich tatsächlich auf ein verspätetes Paket wartete, habe ich auf den Link geclickt, dieser leitete mich auch eine polnische Webseite und wollte, das ich ein zip file öffne. Ich habe den Fehler erkannt, Browser sofort geschlossen, zip file weggeclickt und das Antivirus Programm (Norton) laufen lassen. Dieses hat nichts angezeigt und mich glauben lassen, alles sei in Ordnung. Nun bin ich stutzig geworden, weil mein Firefox Browser plötzlich keine Internetverbindung hat. Deinstallieren und neu installieren halfen da nichts. Deshalb habe ich Malwarebytes installiert, aber auch dieses fand nichts. Ich habe dann versucht das Kaspersky Virus removal tool zu installieren. Der Download klappt. Clicke ich dann auf das Programm wird es automatisch gelöscht. Bei der Kapersky Antivirus Software klappt der Download, die Installation bleibt gleich zu Beginn hängen. Dann habe ich zur Vorbereitung genannten Programme geladen und beim zweiten Programm (FRST) hattee ich das gleiche Problem: Download klappt, wenn ich das Programm starten möchte, heisst es: "Das Programm wurde möglicherweise verschoben oder gelöscht." Habe ihm Norton geschaut, ob Norton etwas gelöscht hat, dort erscheint aber nichts. Den ersten Scan mit Defogger war kein Problem, den zweiten (FRST) konnte ich nicht starten und beim Dritten (GMER) konnte ich Norton nicht ausschalten (wusste nicht wo, SORRY) Das Ausmass des Befalls ist gross, da unsere Familie, ein Desktop und drei Laptops hat, diese sind alle über einen Server und über das Wifi miteinander verbunden.  Defogger log defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:26 on 08/06/2015 (Sandra) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Gmer Log: MER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-06-08 22:49:09 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000023 rev. 0,00MB Running: Gmer-19357.exe; Driver: C:\Users\Sandra\AppData\Local\Temp\kgryrpog.sys ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\svchost.exe [1812:6036] 00007ffab67d1120 Thread C:\WINDOWS\system32\svchost.exe [1812:4100] 00007ffab67b3460 Thread C:\WINDOWS\system32\csrss.exe [5548:4772] fffff960008d22d0 Thread C:\WINDOWS\System32\dwm.exe [1940:3980] 00007ffabdda37b0 Thread C:\WINDOWS\Explorer.EXE [4304:5204] 00007ffabb177090 Thread C:\WINDOWS\Explorer.EXE [4304:3512] 00007ffaad689970 Thread C:\WINDOWS\Explorer.EXE [4304:3476] 00007ffaac4f1480 Thread C:\WINDOWS\Explorer.EXE [4304:3148] 00007ffab5f3a710 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5060:6004] 0000000000033047 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5732:1824] 0000000000d1f15e Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5732:4876] 0000000065e867ce Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5732:4484] 0000000065e18104 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5732:3756] 0000000073f9c1f0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5732:7004] 0000000065e18104 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1512:4288] 00000000000b0b4d Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1512:3792] 00000000000900ae Thread C:\WINDOWS\system32\GWX\GWXConfigManager.exe [6780:3680] 00007ffabee01df0 ---- Processes - GMER 2.1 ---- Process C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\IE\IZI2PFMI\kis15.0.2.361de-de.exe (*** suspicious ***) @ C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\IE\IZI2PFMI\kis15.0.2.361de-de.exe [892] (FILE NOT FOUND) 0000000000f10000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ---- Geändert von mamarazzii (08.06.2015 um 22:57 Uhr) |
|
08.06.2015, 23:04
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  |  DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Welches Norton Produkt hast Du genau? Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
08.06.2015, 23:51
| #3 |
| | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Norton Internet Security: Firewall und Antivirus
__________________Habe herausgefunden wo ich den Antivirus und Firewall ausschalten kann Der TDSSKiller Scan läuft schon seit 15 min. Es scheint eine Art freeze zu sein. Da es heisst: Finish:00:00 Duration: 00:17:23 Processed: 0 objects, no threats found Stop scan Hier ist der Report Code:
ATTFilter 00:28:43.0963 0x1f14 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
00:28:43.0963 0x1f14 UEFI system
00:28:59.0746 0x1f14 ============================================================
00:28:59.0746 0x1f14 Current date / time: 2015/06/09 00:28:59.0746
00:28:59.0746 0x1f14 SystemInfo:
00:28:59.0746 0x1f14
00:28:59.0746 0x1f14 OS Version: 6.3.9600 ServicePack: 0.0
00:28:59.0746 0x1f14 Product type: Workstation
00:28:59.0746 0x1f14 ComputerName: SANDRA-SAMSUNG
00:28:59.0746 0x1f14 UserName: Sandra
00:28:59.0746 0x1f14 Windows directory: C:\WINDOWS
00:28:59.0746 0x1f14 System windows directory: C:\WINDOWS
00:28:59.0746 0x1f14 Running under WOW64
00:28:59.0746 0x1f14 Processor architecture: Intel x64
00:28:59.0746 0x1f14 Number of processors: 8
00:28:59.0746 0x1f14 Page size: 0x1000
00:28:59.0746 0x1f14 Boot type: Normal boot
00:28:59.0746 0x1f14 ============================================================
00:29:00.0262 0x1f14 KLMD registered as C:\WINDOWS\system32\drivers\61050948.sys
00:29:00.0934 0x1f14 System UUID: {FD33847D-8A66-90F7-0020-7787807755CD}
00:29:01.0356 0x1f14 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:29:01.0356 0x1f14 ============================================================
00:29:01.0356 0x1f14 \Device\Harddisk0\DR0:
00:29:01.0356 0x1f14 GPT partitions:
00:29:01.0356 0x1f14 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F9B03A7B-9894-49E0-A325-AFE6438DD50E}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFA000
00:29:01.0356 0x1f14 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {E3B0C2EE-AF49-48D1-906C-C5AAD747D17F}, Name: EFI system partition, StartLBA 0xFA800, BlocksNum 0x96000
00:29:01.0356 0x1f14 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {E52012D4-4F55-48DA-8888-3820A1319A44}, Name: Microsoft reserved partition, StartLBA 0x190800, BlocksNum 0x40000
00:29:01.0356 0x1f14 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C2430750-12AE-4083-963B-BFE2909A47B1}, Name: Basic data partition, StartLBA 0x1D0800, BlocksNum 0x71651800
00:29:01.0356 0x1f14 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {606A0BE0-C024-450E-BB4E-CE3549A06252}, Name: , StartLBA 0x71822000, BlocksNum 0xE2000
00:29:01.0356 0x1f14 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {88B11964-97D5-4D48-8F05-306D95A28108}, Name: Basic data partition, StartLBA 0x71904000, BlocksNum 0x2C00000
00:29:01.0356 0x1f14 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A69FF5AD-CB64-476C-4173-636C65706975}, Name: Basic data partition, StartLBA 0x74504000, BlocksNum 0x202800
00:29:01.0356 0x1f14 MBR partitions:
00:29:01.0356 0x1f14 ============================================================
00:29:01.0387 0x1f14 C: <-> \Device\Harddisk0\DR0\Partition4
00:29:01.0387 0x1f14 ============================================================
00:29:01.0387 0x1f14 Initialize success
00:29:01.0387 0x1f14 ============================================================
00:31:08.0351 0x1d9c ============================================================
00:31:08.0351 0x1d9c Scan started
00:31:08.0351 0x1d9c Mode: Manual; SigCheck; TDLFS;
00:31:08.0351 0x1d9c ============================================================
00:31:08.0351 0x1d9c KSN ping started
|
|
08.06.2015, 23:59
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Ok, dann schalte mal bitte Norton Echtzeitscanner ab und mach den FRST-Scan.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
09.06.2015, 00:14
| #5 |
| | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Bitte nicht böse sein, habe den Scan gestoppt und nochmals gestartet. Dieses Mal hat es funktioniert. 2 infizierte Objekte wurden gefunden. Alle Anweisungen befolgt. Ich suche nun nach den Logfiles. Norton wurde nach dem Scan plötzlich aktiv und hat angezeigt, dass es infizierte Objekte gefunden hat. Soll ich Norton Echzeitscanner abschalten und den FRST Scan machen? Logfile vom Scan des TDSSKillers. Code:
ATTFilter 01:01:44.0294 0x0f58 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
01:01:44.0294 0x0f58 UEFI system
01:01:49.0557 0x0f58 ============================================================
01:01:49.0557 0x0f58 Current date / time: 2015/06/09 01:01:49.0557
01:01:49.0557 0x0f58 SystemInfo:
01:01:49.0557 0x0f58
01:01:49.0557 0x0f58 OS Version: 6.3.9600 ServicePack: 0.0
01:01:49.0557 0x0f58 Product type: Workstation
01:01:49.0557 0x0f58 ComputerName: SANDRA-SAMSUNG
01:01:49.0557 0x0f58 UserName: Sandra
01:01:49.0557 0x0f58 Windows directory: C:\WINDOWS
01:01:49.0557 0x0f58 System windows directory: C:\WINDOWS
01:01:49.0557 0x0f58 Running under WOW64
01:01:49.0557 0x0f58 Processor architecture: Intel x64
01:01:49.0557 0x0f58 Number of processors: 8
01:01:49.0557 0x0f58 Page size: 0x1000
01:01:49.0557 0x0f58 Boot type: Normal boot
01:01:49.0557 0x0f58 ============================================================
01:01:53.0745 0x0f58 KLMD registered as C:\WINDOWS\system32\drivers\51815741.sys
01:01:54.0964 0x0f58 System UUID: {FD33847D-8A66-90F7-0020-7787807755CD}
01:01:55.0620 0x0f58 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:01:55.0636 0x0f58 ============================================================
01:01:55.0636 0x0f58 \Device\Harddisk0\DR0:
01:01:55.0667 0x0f58 GPT partitions:
01:01:55.0683 0x0f58 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F9B03A7B-9894-49E0-A325-AFE6438DD50E}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFA000
01:01:55.0683 0x0f58 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {E3B0C2EE-AF49-48D1-906C-C5AAD747D17F}, Name: EFI system partition, StartLBA 0xFA800, BlocksNum 0x96000
01:01:55.0683 0x0f58 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {E52012D4-4F55-48DA-8888-3820A1319A44}, Name: Microsoft reserved partition, StartLBA 0x190800, BlocksNum 0x40000
01:01:55.0683 0x0f58 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C2430750-12AE-4083-963B-BFE2909A47B1}, Name: Basic data partition, StartLBA 0x1D0800, BlocksNum 0x71651800
01:01:55.0683 0x0f58 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {606A0BE0-C024-450E-BB4E-CE3549A06252}, Name: , StartLBA 0x71822000, BlocksNum 0xE2000
01:01:55.0683 0x0f58 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {88B11964-97D5-4D48-8F05-306D95A28108}, Name: Basic data partition, StartLBA 0x71904000, BlocksNum 0x2C00000
01:01:55.0683 0x0f58 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A69FF5AD-CB64-476C-4173-636C65706975}, Name: Basic data partition, StartLBA 0x74504000, BlocksNum 0x202800
01:01:55.0683 0x0f58 MBR partitions:
01:01:55.0683 0x0f58 ============================================================
01:01:55.0808 0x0f58 C: <-> \Device\Harddisk0\DR0\Partition4
01:01:55.0808 0x0f58 ============================================================
01:01:55.0808 0x0f58 Initialize success
01:01:55.0808 0x0f58 ============================================================
01:02:11.0215 0x1390 ============================================================
01:02:11.0215 0x1390 Scan started
01:02:11.0215 0x1390 Mode: Manual; SigCheck; TDLFS;
01:02:11.0215 0x1390 ============================================================
01:02:11.0215 0x1390 KSN ping started
01:02:13.0690 0x1390 KSN ping finished: true
01:02:19.0942 0x1390 ================ Scan system memory ========================
01:02:19.0942 0x1390 System memory - ok
01:02:19.0942 0x1390 ================ Scan services =============================
01:02:21.0051 0x1390 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
01:02:21.0364 0x1390 1394ohci - ok
01:02:21.0442 0x1390 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
01:02:21.0442 0x1390 3ware - ok
01:02:21.0489 0x1390 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
01:02:21.0504 0x1390 ACPI - ok
01:02:21.0520 0x1390 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
01:02:21.0520 0x1390 acpiex - ok
01:02:21.0536 0x1390 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
01:02:21.0567 0x1390 acpipagr - ok
01:02:21.0598 0x1390 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
01:02:21.0676 0x1390 AcpiPmi - ok
01:02:21.0770 0x1390 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
01:02:21.0801 0x1390 acpitime - ok
01:02:21.0973 0x1390 [ 3FD8DC2C9735C2AA70155102CFB93EDA, 92C066ECF295C757EB51DC42336329950A1920865051ABF47A6CFF8CC96E152E ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
01:02:21.0989 0x1390 AdobeActiveFileMonitor7.0 - ok
01:02:22.0067 0x1390 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:02:22.0082 0x1390 AdobeARMservice - ok
01:02:22.0192 0x1390 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:02:22.0239 0x1390 AdobeFlashPlayerUpdateSvc - ok
01:02:22.0286 0x1390 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
01:02:22.0317 0x1390 ADP80XX - ok
01:02:22.0348 0x1390 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
01:02:22.0442 0x1390 AeLookupSvc - ok
01:02:22.0473 0x1390 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
01:02:22.0598 0x1390 AFD - ok
01:02:22.0614 0x1390 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
01:02:22.0614 0x1390 agp440 - ok
01:02:22.0645 0x1390 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
01:02:22.0707 0x1390 ahcache - ok
01:02:22.0739 0x1390 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
01:02:22.0801 0x1390 ALG - ok
01:02:22.0848 0x1390 [ 6CF81DD5083D7F94A7E76E50429A949C, 19240502A6406924F889D1AFA975B975A300776D8B2D0557181DF13649622E2B ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
01:02:22.0926 0x1390 AMD External Events Utility - ok
01:02:22.0942 0x1390 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
01:02:23.0004 0x1390 AmdK8 - ok
01:02:23.0505 0x1390 [ 71F8D8B977ACC5973FA042BF906E709F, 8106C5F5C8E40344CCCDB912845786DF287BDF068D7A6EF9D26B00FA1754C1BC ] amdkmdag C:\WINDOWS\system32\DRIVERS\atikmdag.sys
01:02:23.0848 0x1390 amdkmdag - ok
01:02:23.0911 0x1390 [ 4AA027F91A8093B1CDF453B5394F6715, E6D15E959637C102A34F73F66BFDC38436575A2FEFFC3976ACF399A472F126A5 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
01:02:23.0942 0x1390 amdkmdap - ok
01:02:23.0973 0x1390 [ 8A375CB3B6D1A56A2AEEE72A5F1D0926, 03D6EA77B141675B719E66DA09D1DACC7137B19F9918C303DD6870B3F36ADEBB ] amdkmpfd C:\WINDOWS\system32\drivers\amdkmpfd.sys
01:02:24.0005 0x1390 amdkmpfd - ok
01:02:24.0020 0x1390 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
01:02:24.0052 0x1390 AmdPPM - ok
01:02:24.0083 0x1390 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
01:02:24.0083 0x1390 amdsata - ok
01:02:24.0114 0x1390 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
01:02:24.0114 0x1390 amdsbs - ok
01:02:24.0130 0x1390 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
01:02:24.0145 0x1390 amdxata - ok
01:02:24.0177 0x1390 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
01:02:24.0239 0x1390 AppID - ok
01:02:24.0270 0x1390 [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
01:02:24.0286 0x1390 AppIDSvc - ok
01:02:24.0302 0x1390 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
01:02:24.0348 0x1390 Appinfo - ok
01:02:24.0505 0x1390 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:02:24.0505 0x1390 Apple Mobile Device Service - ok
01:02:24.0536 0x1390 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
01:02:24.0598 0x1390 AppReadiness - ok
01:02:24.0661 0x1390 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
01:02:24.0739 0x1390 AppXSvc - ok
01:02:24.0770 0x1390 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
01:02:24.0786 0x1390 arcsas - ok
01:02:24.0802 0x1390 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
01:02:24.0802 0x1390 atapi - ok
01:02:24.0848 0x1390 [ 025D1977A84BE0FA95505069DDCF7120, EA3C0E0AC3CA335DF61F5A778F167FCBBBBBA87622696B59DEB77D639B722332 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
01:02:24.0864 0x1390 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
01:02:27.0208 0x1390 Detect skipped due to KSN trusted
01:02:27.0208 0x1390 AtherosSvc - ok
01:02:27.0427 0x1390 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr C:\WINDOWS\system32\DRIVERS\athw8x.sys
01:02:27.0568 0x1390 athr - ok
01:02:27.0599 0x1390 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
01:02:27.0677 0x1390 AudioEndpointBuilder - ok
01:02:27.0724 0x1390 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
01:02:27.0802 0x1390 Audiosrv - ok
01:02:27.0818 0x1390 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
01:02:27.0880 0x1390 AxInstSV - ok
01:02:27.0927 0x1390 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
01:02:27.0943 0x1390 b06bdrv - ok
01:02:27.0958 0x1390 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
01:02:28.0036 0x1390 BasicDisplay - ok
01:02:28.0036 0x1390 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
01:02:28.0099 0x1390 BasicRender - ok
01:02:28.0115 0x1390 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
01:02:28.0115 0x1390 bcmfn2 - ok
01:02:28.0161 0x1390 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
01:02:28.0224 0x1390 BDESVC - ok
01:02:28.0255 0x1390 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:02:28.0302 0x1390 Beep - ok
01:02:28.0365 0x1390 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\WINDOWS\System32\bfe.dll
01:02:28.0427 0x1390 BFE - ok
01:02:28.0599 0x1390 [ DBC2EF1C27C7D65589D99596EE475145, A10BB062B2FCF1A70C3286E84F90B77F7856A79882CF89F19574E46CCBE01B18 ] BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20150601.001\BHDrvx64.sys
01:02:28.0630 0x1390 BHDrvx64 - ok
01:02:28.0724 0x1390 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
01:02:28.0833 0x1390 BITS - ok
01:02:28.0880 0x1390 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:02:28.0896 0x1390 Bonjour Service - ok
01:02:28.0927 0x1390 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
01:02:28.0990 0x1390 bowser - ok
01:02:29.0021 0x1390 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
01:02:29.0084 0x1390 BrokerInfrastructure - ok
01:02:29.0099 0x1390 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
01:02:29.0162 0x1390 Browser - ok
01:02:29.0162 0x1390 BTATH_LWFLT - ok
01:02:29.0193 0x1390 [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
01:02:29.0209 0x1390 BtFilter - ok
01:02:29.0255 0x1390 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
01:02:29.0287 0x1390 BthAvrcpTg - ok
01:02:29.0318 0x1390 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
01:02:29.0474 0x1390 BthEnum - ok
01:02:29.0505 0x1390 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
01:02:29.0630 0x1390 BthHFEnum - ok
01:02:29.0646 0x1390 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
01:02:29.0709 0x1390 bthhfhid - ok
01:02:29.0865 0x1390 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
01:02:29.0959 0x1390 BthHFSrv - ok
01:02:30.0037 0x1390 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
01:02:30.0099 0x1390 BthLEEnum - ok
01:02:30.0131 0x1390 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
01:02:30.0193 0x1390 BTHMODEM - ok
01:02:30.0193 0x1390 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
01:02:30.0287 0x1390 BthPan - ok
01:02:30.0334 0x1390 [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
01:02:30.0365 0x1390 BTHPORT - ok
01:02:30.0396 0x1390 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
01:02:30.0552 0x1390 bthserv - ok
01:02:30.0599 0x1390 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
01:02:30.0646 0x1390 BTHUSB - ok
01:02:30.0677 0x1390 [ E41F70406C34F1CB667B4B27D81AD162, 8869C7EB9CBF68B90640765D15DB5B8DACEF45025C1E580AA94D96E32560274B ] ccSet_NARA C:\WINDOWS\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys
01:02:30.0693 0x1390 ccSet_NARA - ok
01:02:30.0990 0x1390 [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS C:\WINDOWS\system32\drivers\NISx64\1507000.00B\ccSetx64.sys
01:02:31.0006 0x1390 ccSet_NIS - ok
01:02:31.0021 0x1390 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
01:02:31.0287 0x1390 cdfs - ok
01:02:31.0381 0x1390 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
01:02:31.0396 0x1390 cdrom - ok
01:02:31.0443 0x1390 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
01:02:31.0490 0x1390 CertPropSvc - ok
01:02:31.0490 0x1390 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
01:02:31.0521 0x1390 circlass - ok
01:02:31.0584 0x1390 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
01:02:31.0599 0x1390 CLFS - ok
01:02:31.0849 0x1390 [ 42C5B8010D47EF3F4BAE6D1B427E80F4, 721C24522C43D50081EA01FD521D68EB365B91561CCF2E7AD1F091FBD61E67FB ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
01:02:31.0927 0x1390 ClickToRunSvc - ok
01:02:31.0990 0x1390 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
01:02:32.0053 0x1390 CmBatt - ok
01:02:32.0100 0x1390 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
01:02:32.0115 0x1390 CNG - ok
01:02:32.0162 0x1390 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
01:02:32.0193 0x1390 CompositeBus - ok
01:02:32.0193 0x1390 COMSysApp - ok
01:02:32.0209 0x1390 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
01:02:32.0240 0x1390 condrv - ok
01:02:32.0365 0x1390 [ D8724B606616B2B75AF54096119580F5, 53E1DEF9F966FDE5898759A33FB62B5062A941E97B235D6F6EF79A5AD1283BDE ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
01:02:32.0412 0x1390 cphs - ok
01:02:32.0443 0x1390 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
01:02:32.0490 0x1390 CryptSvc - ok
01:02:32.0521 0x1390 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
01:02:32.0521 0x1390 dam - ok
01:02:32.0584 0x1390 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:02:32.0662 0x1390 DcomLaunch - ok
01:02:32.0693 0x1390 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
01:02:32.0740 0x1390 defragsvc - ok
01:02:32.0771 0x1390 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
01:02:32.0803 0x1390 DeviceAssociationService - ok
01:02:32.0834 0x1390 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
01:02:32.0881 0x1390 DeviceInstall - ok
01:02:32.0912 0x1390 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
01:02:32.0990 0x1390 Dfsc - ok
01:02:33.0037 0x1390 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
01:02:33.0100 0x1390 Dhcp - ok
01:02:33.0162 0x1390 [ 9703EC57F5BBB94F89CA80A5D0C12221, 29639F73AA86AA42401A1DB0AF4E76012E617879EC03AD7591210164BA105EBF ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
01:02:33.0225 0x1390 DiagTrack - ok
01:02:33.0240 0x1390 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
01:02:33.0256 0x1390 disk - ok
01:02:33.0287 0x1390 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
01:02:33.0350 0x1390 dmvsc - ok
01:02:33.0381 0x1390 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:02:33.0412 0x1390 Dnscache - ok
01:02:33.0443 0x1390 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
01:02:33.0490 0x1390 dot3svc - ok
01:02:33.0537 0x1390 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
01:02:33.0568 0x1390 DPS - ok
01:02:33.0584 0x1390 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:02:33.0584 0x1390 drmkaud - ok
01:02:33.0615 0x1390 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
01:02:33.0646 0x1390 DsmSvc - ok
01:02:33.0709 0x1390 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
01:02:33.0740 0x1390 DXGKrnl - ok
01:02:33.0771 0x1390 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
01:02:33.0834 0x1390 Eaphost - ok
01:02:34.0209 0x1390 [ 843E8B2127D7283845E29E6176C15887, F755EB9B8DEAE9B5E90D7729A3A9B3B74B3D1B6A2775BDC82624F4D80D0DCCD3 ] Easy Launcher C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
01:02:34.0628 0x1390 Easy Launcher - ok
01:02:35.0378 0x1390 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
01:02:35.0503 0x1390 ebdrv - ok
01:02:35.0675 0x1390 [ E5CE7CFE2E08B03E9AEC2CC3750ACBCB, 9892C142143A761072B1B4AD3ADDB738B3B26A6B4D7C4B1A97C74FBF59A9FDD3 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
01:02:35.0691 0x1390 eeCtrl - ok
01:02:35.0722 0x1390 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
01:02:35.0738 0x1390 EFS - ok
01:02:35.0769 0x1390 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
01:02:35.0769 0x1390 EhStorClass - ok
01:02:35.0800 0x1390 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
01:02:35.0800 0x1390 EhStorTcgDrv - ok
01:02:35.0832 0x1390 [ 13E3BBC4578742E80854451FA16F272A, A9B2D972B114ED2E18246CCBDEE97F6C1AFA8B143791AD5DAED70100E58CD25F ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:02:35.0847 0x1390 EraserUtilRebootDrv - ok
01:02:35.0863 0x1390 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
01:02:35.0863 0x1390 ErrDev - ok
01:02:35.0910 0x1390 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
01:02:35.0988 0x1390 EventSystem - ok
01:02:36.0003 0x1390 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
01:02:36.0050 0x1390 exfat - ok
01:02:36.0097 0x1390 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
01:02:36.0113 0x1390 fastfat - ok
01:02:36.0238 0x1390 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
01:02:36.0316 0x1390 Fax - ok
01:02:36.0363 0x1390 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
01:02:36.0410 0x1390 fdc - ok
01:02:36.0441 0x1390 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
01:02:36.0488 0x1390 fdPHost - ok
01:02:36.0503 0x1390 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
01:02:36.0519 0x1390 FDResPub - ok
01:02:36.0535 0x1390 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
01:02:36.0597 0x1390 fhsvc - ok
01:02:36.0628 0x1390 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
01:02:36.0628 0x1390 FileInfo - ok
01:02:36.0660 0x1390 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
01:02:36.0675 0x1390 Filetrace - ok
01:02:36.0738 0x1390 [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:02:36.0769 0x1390 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
01:02:39.0270 0x1390 Detect skipped due to KSN trusted
01:02:39.0270 0x1390 FLEXnet Licensing Service - ok
01:02:39.0301 0x1390 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
01:02:39.0379 0x1390 flpydisk - ok
01:02:39.0410 0x1390 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:02:39.0426 0x1390 FltMgr - ok
01:02:39.0488 0x1390 [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache C:\WINDOWS\system32\FntCache.dll
01:02:39.0566 0x1390 FontCache - ok
01:02:39.0723 0x1390 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:02:39.0738 0x1390 FontCache3.0.0.0 - ok
01:02:40.0020 0x1390 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
01:02:40.0035 0x1390 FsDepends - ok
01:02:40.0051 0x1390 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:02:40.0051 0x1390 Fs_Rec - ok
01:02:40.0082 0x1390 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
01:02:40.0113 0x1390 fvevol - ok
01:02:40.0113 0x1390 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
01:02:40.0145 0x1390 FxPPM - ok
01:02:40.0160 0x1390 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
01:02:40.0176 0x1390 gagp30kx - ok
01:02:40.0191 0x1390 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:02:40.0191 0x1390 GEARAspiWDM - ok
01:02:40.0207 0x1390 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
01:02:40.0238 0x1390 gencounter - ok
01:02:40.0270 0x1390 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
01:02:40.0270 0x1390 GPIOClx0101 - ok
01:02:40.0332 0x1390 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
01:02:40.0395 0x1390 gpsvc - ok
01:02:40.0426 0x1390 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
01:02:40.0457 0x1390 HDAudBus - ok
01:02:40.0473 0x1390 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
01:02:40.0488 0x1390 HidBatt - ok
01:02:40.0504 0x1390 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
01:02:40.0520 0x1390 HidBth - ok
01:02:40.0535 0x1390 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
01:02:40.0551 0x1390 hidi2c - ok
01:02:40.0582 0x1390 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
01:02:40.0582 0x1390 HidIr - ok
01:02:40.0613 0x1390 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
01:02:40.0660 0x1390 hidserv - ok
01:02:40.0676 0x1390 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
01:02:40.0738 0x1390 HidUsb - ok
01:02:40.0754 0x1390 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
01:02:40.0801 0x1390 hkmsvc - ok
01:02:40.0832 0x1390 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
01:02:40.0879 0x1390 HomeGroupListener - ok
01:02:40.0910 0x1390 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
01:02:40.0942 0x1390 HomeGroupProvider - ok
01:02:40.0973 0x1390 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
01:02:40.0988 0x1390 HpSAMD - ok
01:02:41.0035 0x1390 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
01:02:41.0067 0x1390 HTTP - ok
01:02:41.0098 0x1390 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
01:02:41.0098 0x1390 hwpolicy - ok
01:02:41.0129 0x1390 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
01:02:41.0145 0x1390 hyperkbd - ok
01:02:41.0160 0x1390 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
01:02:41.0176 0x1390 HyperVideo - ok
01:02:41.0207 0x1390 [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
01:02:41.0285 0x1390 i8042prt - ok
01:02:41.0301 0x1390 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
01:02:41.0301 0x1390 iaLPSSi_GPIO - ok
01:02:41.0317 0x1390 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
01:02:41.0332 0x1390 iaLPSSi_I2C - ok
01:02:41.0410 0x1390 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
01:02:41.0426 0x1390 iaStorA - ok
01:02:41.0551 0x1390 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
01:02:41.0660 0x1390 iaStorAV - ok
01:02:41.0879 0x1390 [ 584068E03829BC5C63F54B05E6244E97, C075E8A4853C0DE09A9BF846338F9C8997FE7ACD604B4EC02AA89F0DAA1D985B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
01:02:41.0926 0x1390 IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic ( 1 )
01:02:44.0427 0x1390 Detect skipped due to KSN trusted
01:02:44.0442 0x1390 IAStorDataMgrSvc - ok
01:02:44.0598 0x1390 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
01:02:44.0630 0x1390 iaStorV - ok
01:02:44.0802 0x1390 [ 46EEACCFEEA6F4B8CB55F5141423BF76, 6F576C7020A47BFBF7477BECEB45406A10AECAE530E73661FCE75D84E013CFB8 ] IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20150605.001\IDSvia64.sys
01:02:44.0833 0x1390 IDSVia64 - ok
01:02:44.0833 0x1390 IEEtwCollectorService - ok
01:02:45.0036 0x1390 [ 076023219E918D34585B231029A44571, C2AB0DE0D80D0BC6595C9F9655A890531E7952599714DC03B4ECB46947D833A8 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
01:02:45.0130 0x1390 igfx - ok
01:02:45.0223 0x1390 [ C814D4A0B7B91E936B2DC0828C69ACAB, A19B503CB3C598474C61DA6F1AC087CCF287F7523D2F932B21EF21E7CA1809B1 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
01:02:45.0223 0x1390 igfxCUIService1.0.0.0 - ok
01:02:45.0286 0x1390 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
01:02:45.0317 0x1390 IKEEXT - ok
01:02:45.0349 0x1390 [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
01:02:45.0364 0x1390 intaud_WaveExtensible - ok
01:02:45.0895 0x1390 [ 5C20DBF6A00AF50C7CB74DB233E03AF0, 1AB043E8F08857D6A08D4EF8613C8B2ECB85364BAC0D485443D3ADDA8E6072AC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
01:02:46.0036 0x1390 IntcAzAudAddService - ok
01:02:46.0114 0x1390 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
01:02:46.0161 0x1390 IntcDAud - ok
01:02:46.0286 0x1390 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
01:02:46.0286 0x1390 Intel(R) Capability Licensing Service Interface - ok
01:02:46.0364 0x1390 [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
01:02:46.0380 0x1390 Intel(R) ME Service - ok
01:02:46.0396 0x1390 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
01:02:46.0411 0x1390 intelide - ok
01:02:46.0427 0x1390 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
01:02:46.0427 0x1390 intelpep - ok
01:02:46.0458 0x1390 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
01:02:46.0474 0x1390 intelppm - ok
01:02:46.0489 0x1390 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:02:46.0583 0x1390 IpFilterDriver - ok
01:02:46.0630 0x1390 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
01:02:46.0661 0x1390 iphlpsvc - ok
01:02:46.0677 0x1390 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
01:02:46.0817 0x1390 IPMIDRV - ok
01:02:46.0849 0x1390 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
01:02:46.0880 0x1390 IPNAT - ok
01:02:46.0927 0x1390 [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:02:46.0942 0x1390 iPod Service - ok
01:02:46.0958 0x1390 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
01:02:46.0974 0x1390 IRENUM - ok
01:02:47.0005 0x1390 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
01:02:47.0021 0x1390 isapnp - ok
01:02:47.0052 0x1390 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
01:02:47.0067 0x1390 iScsiPrt - ok
01:02:47.0099 0x1390 [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
01:02:47.0099 0x1390 iwdbus - ok
01:02:47.0114 0x1390 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
01:02:47.0130 0x1390 jhi_service - ok
01:02:47.0130 0x1390 [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
01:02:47.0146 0x1390 kbdclass - ok
01:02:47.0161 0x1390 [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
01:02:47.0177 0x1390 kbdhid - ok
01:02:47.0177 0x1390 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
01:02:47.0255 0x1390 kdnic - ok
01:02:47.0271 0x1390 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
01:02:47.0286 0x1390 KeyIso - ok
01:02:47.0302 0x1390 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
01:02:47.0302 0x1390 KSecDD - ok
01:02:47.0333 0x1390 [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
01:02:47.0333 0x1390 KSecPkg - ok
01:02:47.0349 0x1390 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
01:02:47.0364 0x1390 ksthunk - ok
01:02:47.0427 0x1390 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
01:02:47.0442 0x1390 KtmRm - ok
01:02:47.0489 0x1390 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
01:02:47.0552 0x1390 LanmanServer - ok
01:02:47.0583 0x1390 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
01:02:47.0614 0x1390 LanmanWorkstation - ok
01:02:47.0677 0x1390 [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
01:02:47.0739 0x1390 lfsvc - ok
01:02:47.0755 0x1390 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
01:02:47.0786 0x1390 lltdio - ok
01:02:47.0818 0x1390 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
01:02:47.0833 0x1390 lltdsvc - ok
01:02:47.0864 0x1390 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
01:02:47.0911 0x1390 lmhosts - ok
01:02:47.0942 0x1390 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:02:47.0958 0x1390 LMS - ok
01:02:47.0989 0x1390 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
01:02:48.0005 0x1390 LSI_SAS - ok
01:02:48.0005 0x1390 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
01:02:48.0005 0x1390 LSI_SAS2 - ok
01:02:48.0021 0x1390 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
01:02:48.0021 0x1390 LSI_SAS3 - ok
01:02:48.0021 0x1390 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
01:02:48.0036 0x1390 LSI_SSS - ok
01:02:48.0208 0x1390 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
01:02:48.0271 0x1390 LSM - ok
01:02:48.0287 0x1390 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
01:02:48.0333 0x1390 luafv - ok
01:02:48.0380 0x1390 [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
01:02:48.0380 0x1390 MBAMSwissArmy - ok
01:02:48.0396 0x1390 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
01:02:48.0411 0x1390 megasas - ok
01:02:48.0427 0x1390 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
01:02:48.0443 0x1390 megasr - ok
01:02:48.0490 0x1390 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
01:02:48.0505 0x1390 MEIx64 - ok
01:02:48.0537 0x1390 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
01:02:48.0583 0x1390 MMCSS - ok
01:02:48.0599 0x1390 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
01:02:48.0615 0x1390 Modem - ok
01:02:48.0646 0x1390 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
01:02:48.0708 0x1390 monitor - ok
01:02:48.0724 0x1390 [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
01:02:48.0724 0x1390 mouclass - ok
01:02:48.0724 0x1390 [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
01:02:48.0740 0x1390 mouhid - ok
01:02:48.0755 0x1390 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
01:02:48.0755 0x1390 mountmgr - ok
01:02:48.0802 0x1390 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:02:48.0802 0x1390 MozillaMaintenance - ok
01:02:48.0818 0x1390 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
01:02:48.0865 0x1390 mpsdrv - ok
01:02:48.0927 0x1390 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
01:02:48.0958 0x1390 MpsSvc - ok
01:02:48.0990 0x1390 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
01:02:49.0037 0x1390 MRxDAV - ok
01:02:49.0052 0x1390 [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:02:49.0115 0x1390 mrxsmb - ok
01:02:49.0130 0x1390 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
01:02:49.0193 0x1390 mrxsmb10 - ok
01:02:49.0208 0x1390 [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
01:02:49.0240 0x1390 mrxsmb20 - ok
01:02:49.0255 0x1390 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
01:02:49.0271 0x1390 MsBridge - ok
01:02:49.0302 0x1390 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
01:02:49.0302 0x1390 MSDTC - ok
01:02:49.0318 0x1390 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:02:49.0333 0x1390 Msfs - ok
01:02:49.0349 0x1390 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
01:02:49.0365 0x1390 msgpiowin32 - ok
01:02:49.0380 0x1390 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
01:02:49.0396 0x1390 mshidkmdf - ok
01:02:49.0412 0x1390 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
01:02:49.0427 0x1390 mshidumdf - ok
01:02:49.0427 0x1390 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
01:02:49.0443 0x1390 msisadrv - ok
01:02:49.0458 0x1390 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
01:02:49.0490 0x1390 MSiSCSI - ok
01:02:49.0490 0x1390 msiserver - ok
01:02:49.0505 0x1390 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:02:49.0521 0x1390 MSKSSRV - ok
01:02:49.0537 0x1390 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
01:02:49.0583 0x1390 MsLldp - ok
01:02:49.0599 0x1390 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:02:49.0615 0x1390 MSPCLOCK - ok
01:02:49.0630 0x1390 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:02:49.0646 0x1390 MSPQM - ok
01:02:49.0693 0x1390 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
01:02:49.0708 0x1390 MsRPC - ok
01:02:49.0724 0x1390 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
01:02:49.0724 0x1390 mssmbios - ok
01:02:49.0740 0x1390 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
01:02:49.0755 0x1390 MSTEE - ok
01:02:49.0771 0x1390 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
01:02:49.0787 0x1390 MTConfig - ok
01:02:49.0802 0x1390 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
01:02:49.0818 0x1390 Mup - ok
01:02:49.0833 0x1390 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
01:02:49.0833 0x1390 mvumis - ok
01:02:49.0880 0x1390 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
01:02:49.0896 0x1390 napagent - ok
01:02:49.0927 0x1390 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
01:02:49.0990 0x1390 NativeWifiP - ok
01:02:50.0115 0x1390 [ 54F4B358F41C664CBDE4507D67EED1CD, CDCA0A778AF596933CD7CBF1119FCA551ECC03CBBD4F1E8213C3FD2FECA902F2 ] NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150607.020\ENG64.SYS
01:02:50.0131 0x1390 NAVENG - ok
01:02:50.0177 0x1390 [ A74D67EEEB3938FD2FA3B65B24C32C44, 4D780B70B57E23A3A155794C4DEEBD856E32D35B789BDF4673AAC8FC3AC4367B ] NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150607.020\EX64.SYS
01:02:50.0224 0x1390 NAVEX15 - ok
01:02:50.0287 0x1390 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
01:02:50.0365 0x1390 NcaSvc - ok
01:02:50.0381 0x1390 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
01:02:50.0537 0x1390 NcbService - ok
01:02:50.0568 0x1390 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
01:02:50.0631 0x1390 NcdAutoSetup - ok
01:02:51.0021 0x1390 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
01:02:51.0084 0x1390 NDIS - ok
01:02:51.0131 0x1390 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
01:02:51.0178 0x1390 NdisCap - ok
01:02:51.0240 0x1390 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
01:02:51.0349 0x1390 NdisImPlatform - ok
01:02:51.0428 0x1390 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:02:52.0115 0x1390 NdisTapi - ok
01:02:52.0225 0x1390 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:02:52.0553 0x1390 Ndisuio - ok
01:02:52.0584 0x1390 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
01:02:52.0615 0x1390 NdisVirtualBus - ok
01:02:53.0787 0x1390 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:02:53.0897 0x1390 NdisWan - ok
01:02:53.0975 0x1390 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:02:53.0990 0x1390 NdisWanLegacy - ok
01:02:54.0053 0x1390 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:02:54.0084 0x1390 NDProxy - ok
01:02:54.0115 0x1390 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
01:02:54.0365 0x1390 Ndu - ok
01:02:54.0412 0x1390 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:02:54.0490 0x1390 NetBIOS - ok
01:02:54.0647 0x1390 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:02:54.0850 0x1390 NetBT - ok
01:02:54.0912 0x1390 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
01:02:54.0912 0x1390 Netlogon - ok
01:02:55.0053 0x1390 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
01:02:55.0084 0x1390 Netman - ok
01:02:55.0334 0x1390 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
01:02:55.0459 0x1390 netprofm - ok
01:02:56.0069 0x1390 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:02:56.0303 0x1390 NetTcpPortSharing - ok
01:02:56.0459 0x1390 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
01:02:56.0600 0x1390 netvsc - ok
01:02:57.0209 0x1390 [ 0B9296AC65C6F3F32E3337490F4BEC67, 149D08436B749003E1B8307C56D46A59983E92DDD1D1348A0FEABD43D34E57BD ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
01:02:57.0319 0x1390 NIS - ok
01:02:57.0553 0x1390 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
01:02:57.0663 0x1390 NlaSvc - ok
01:02:58.0678 0x1390 [ EC6B98656770A0441C14BB86FEFC90AE, 47201FCC207F7AD212E65F4EA6BCDF74D60F6D83EB1C80EA4AAE16CCA36B9235 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
01:02:58.0835 0x1390 NOBU - ok
01:02:58.0897 0x1390 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:02:58.0913 0x1390 Npfs - ok
01:02:58.0991 0x1390 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
01:02:59.0460 0x1390 npsvctrig - ok
01:02:59.0569 0x1390 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
01:02:59.0725 0x1390 nsi - ok
01:02:59.0788 0x1390 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
01:02:59.0881 0x1390 nsiproxy - ok
01:03:00.0554 0x1390 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:03:00.0663 0x1390 Ntfs - ok
01:03:00.0679 0x1390 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
01:03:00.0725 0x1390 Null - ok
01:03:00.0835 0x1390 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
01:03:00.0850 0x1390 nvraid - ok
01:03:00.0913 0x1390 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
01:03:00.0929 0x1390 nvstor - ok
01:03:00.0960 0x1390 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
01:03:00.0975 0x1390 nv_agp - ok
01:03:01.0085 0x1390 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:03:01.0179 0x1390 ose - ok
01:03:01.0288 0x1390 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
01:03:01.0366 0x1390 p2pimsvc - ok
01:03:01.0444 0x1390 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
01:03:01.0538 0x1390 p2psvc - ok
01:03:01.0601 0x1390 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
01:03:01.0632 0x1390 Parport - ok
01:03:01.0632 0x1390 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
01:03:01.0663 0x1390 partmgr - ok
01:03:01.0726 0x1390 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
01:03:01.0741 0x1390 PcaSvc - ok
01:03:01.0851 0x1390 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
01:03:01.0882 0x1390 pci - ok
01:03:01.0897 0x1390 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
01:03:01.0897 0x1390 pciide - ok
01:03:01.0929 0x1390 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
01:03:01.0944 0x1390 pcmcia - ok
01:03:01.0960 0x1390 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
01:03:01.0976 0x1390 pcw - ok
01:03:01.0991 0x1390 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
01:03:02.0007 0x1390 pdc - ok
01:03:02.0069 0x1390 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
01:03:02.0179 0x1390 PEAUTH - ok
01:03:02.0569 0x1390 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
01:03:02.0726 0x1390 PerfHost - ok
01:03:02.0913 0x1390 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
01:03:02.0976 0x1390 pla - ok
01:03:03.0023 0x1390 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
01:03:03.0038 0x1390 PlugPlay - ok
01:03:03.0085 0x1390 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
01:03:03.0132 0x1390 PNRPAutoReg - ok
01:03:03.0241 0x1390 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
01:03:03.0257 0x1390 PNRPsvc - ok
01:03:03.0335 0x1390 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
01:03:03.0382 0x1390 PolicyAgent - ok
01:03:03.0398 0x1390 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
01:03:03.0507 0x1390 Power - ok
01:03:04.0257 0x1390 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
01:03:04.0476 0x1390 PrintNotify - ok
01:03:04.0538 0x1390 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
01:03:04.0585 0x1390 Processor - ok
01:03:04.0617 0x1390 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
01:03:04.0757 0x1390 ProfSvc - ok
01:03:04.0804 0x1390 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
01:03:04.0835 0x1390 Psched - ok
01:03:04.0882 0x1390 [ A6BF0A9B5A30D743623CA0D3BE35DF05, 0AA2DAE7ADC38F4197548DE174D551A0CF9281D2680B07E6C84914CA199C0661 ] PxHlpa64 C:\WINDOWS\system32\Drivers\PxHlpa64.sys
01:03:04.0882 0x1390 PxHlpa64 - ok
01:03:04.0929 0x1390 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
01:03:04.0992 0x1390 QWAVE - ok
01:03:05.0023 0x1390 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
01:03:05.0054 0x1390 QWAVEdrv - ok
01:03:05.0101 0x1390 [ 194ED3C117525613E701FF257882303E, F9D771B573078C6335F352812E24918CB79529BAE2262117E8E0DD4C57AA64C1 ] RadioHIDMini C:\WINDOWS\System32\drivers\RadioHIDMini.sys
01:03:05.0132 0x1390 RadioHIDMini - ok
01:03:05.0195 0x1390 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:03:05.0226 0x1390 RasAcd - ok
01:03:05.0273 0x1390 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:03:05.0304 0x1390 RasAuto - ok
01:03:05.0413 0x1390 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:03:05.0445 0x1390 RasMan - ok
01:03:05.0476 0x1390 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:03:05.0538 0x1390 RasPppoe - ok
01:03:05.0585 0x1390 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:03:05.0695 0x1390 rdbss - ok
01:03:05.0742 0x1390 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
01:03:05.0851 0x1390 rdpbus - ok
01:03:05.0882 0x1390 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
01:03:06.0007 0x1390 RDPDR - ok
01:03:06.0023 0x1390 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
01:03:06.0039 0x1390 RdpVideoMiniport - ok
01:03:06.0086 0x1390 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
01:03:06.0101 0x1390 rdyboost - ok
01:03:06.0304 0x1390 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
01:03:06.0351 0x1390 ReFS - ok
01:03:06.0429 0x1390 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:03:06.0476 0x1390 RemoteAccess - ok
01:03:06.0570 0x1390 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
01:03:06.0679 0x1390 RemoteRegistry - ok
01:03:06.0726 0x1390 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
01:03:06.0789 0x1390 RFCOMM - ok
01:03:06.0836 0x1390 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
01:03:06.0867 0x1390 RpcEptMapper - ok
01:03:06.0929 0x1390 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
01:03:06.0976 0x1390 RpcLocator - ok
01:03:07.0117 0x1390 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
01:03:07.0148 0x1390 RpcSs - ok
01:03:07.0179 0x1390 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
01:03:07.0211 0x1390 rspndr - ok
01:03:07.0273 0x1390 [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys
01:03:07.0289 0x1390 RSUSBVSTOR - ok
01:03:07.0382 0x1390 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
01:03:07.0429 0x1390 RTL8168 - ok
01:03:07.0492 0x1390 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
01:03:07.0523 0x1390 s3cap - ok
01:03:07.0570 0x1390 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
01:03:07.0570 0x1390 SamSs - ok
01:03:07.0617 0x1390 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
01:03:07.0632 0x1390 sbp2port - ok
01:03:07.0664 0x1390 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
01:03:07.0695 0x1390 SCardSvr - ok
01:03:07.0726 0x1390 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
01:03:07.0757 0x1390 ScDeviceEnum - ok
01:03:07.0820 0x1390 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
01:03:07.0836 0x1390 scfilter - ok
01:03:07.0961 0x1390 [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:03:08.0008 0x1390 Schedule - ok
01:03:08.0086 0x1390 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
01:03:08.0086 0x1390 SCPolicySvc - ok
01:03:08.0211 0x1390 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
01:03:08.0242 0x1390 sdbus - ok
01:03:08.0273 0x1390 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
01:03:08.0305 0x1390 sdstor - ok
01:03:08.0336 0x1390 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
01:03:08.0351 0x1390 secdrv - ok
01:03:08.0398 0x1390 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
01:03:08.0430 0x1390 seclogon - ok
01:03:08.0476 0x1390 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
01:03:08.0523 0x1390 SENS - ok
01:03:08.0570 0x1390 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
01:03:08.0664 0x1390 SensrSvc - ok
01:03:08.0711 0x1390 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
01:03:08.0742 0x1390 SerCx - ok
01:03:08.0758 0x1390 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
01:03:08.0773 0x1390 SerCx2 - ok
01:03:08.0789 0x1390 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
01:03:08.0836 0x1390 Serenum - ok
01:03:08.0867 0x1390 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
01:03:08.0883 0x1390 Serial - ok
01:03:08.0898 0x1390 [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
01:03:08.0945 0x1390 sermouse - ok
01:03:09.0023 0x1390 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
01:03:09.0117 0x1390 SessionEnv - ok
01:03:09.0133 0x1390 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
01:03:09.0180 0x1390 sfloppy - ok
01:03:09.0320 0x1390 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
01:03:09.0367 0x1390 SharedAccess - ok
01:03:09.0477 0x1390 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:03:09.0570 0x1390 ShellHWDetection - ok
01:03:09.0617 0x1390 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
01:03:09.0633 0x1390 SiSRaid2 - ok
01:03:09.0664 0x1390 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
01:03:09.0680 0x1390 SiSRaid4 - ok
01:03:09.0805 0x1390 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:03:09.0820 0x1390 SkypeUpdate - ok
01:03:09.0867 0x1390 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
01:03:09.0883 0x1390 smphost - ok
01:03:09.0930 0x1390 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
01:03:09.0945 0x1390 SNMPTRAP - ok
01:03:10.0133 0x1390 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
01:03:10.0164 0x1390 spaceport - ok
01:03:10.0180 0x1390 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
01:03:10.0195 0x1390 SpbCx - ok
01:03:10.0273 0x1390 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
01:03:10.0398 0x1390 Spooler - ok
01:03:11.0227 0x1390 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
01:03:11.0414 0x1390 sppsvc - ok
01:03:11.0664 0x1390 [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP C:\WINDOWS\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS
01:03:11.0680 0x1390 SRTSP - ok
01:03:11.0696 0x1390 [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX C:\WINDOWS\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS
01:03:11.0711 0x1390 SRTSPX - ok
01:03:11.0727 0x1390 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:03:11.0961 0x1390 srv - ok
01:03:11.0977 0x1390 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
01:03:12.0024 0x1390 srv2 - ok
01:03:12.0102 0x1390 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
01:03:12.0180 0x1390 srvnet - ok
01:03:12.0258 0x1390 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:03:12.0289 0x1390 SSDPSRV - ok
01:03:12.0352 0x1390 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
01:03:12.0399 0x1390 SstpSvc - ok
01:03:12.0399 0x1390 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
01:03:12.0414 0x1390 stexstor - ok
01:03:12.0477 0x1390 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
01:03:12.0539 0x1390 stisvc - ok
01:03:12.0602 0x1390 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
01:03:12.0633 0x1390 storahci - ok
01:03:12.0680 0x1390 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
01:03:12.0680 0x1390 storflt - ok
01:03:12.0711 0x1390 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
01:03:12.0727 0x1390 stornvme - ok
01:03:12.0774 0x1390 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
01:03:12.0836 0x1390 StorSvc - ok
01:03:12.0852 0x1390 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
01:03:12.0868 0x1390 storvsc - ok
01:03:12.0899 0x1390 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
01:03:12.0977 0x1390 svsvc - ok
01:03:12.0993 0x1390 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
01:03:13.0008 0x1390 swenum - ok
01:03:13.0087 0x1390 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
01:03:13.0118 0x1390 swprv - ok
01:03:13.0180 0x1390 [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS C:\WINDOWS\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS
01:03:13.0196 0x1390 SymDS - ok
01:03:13.0524 0x1390 [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA C:\WINDOWS\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS
01:03:13.0555 0x1390 SymEFA - ok
01:03:13.0602 0x1390 [ 20F758E6339A16F97DD83389D582E09A, 837016154B7952B645B5545AEB8E2A8878EFA8674E6B96471C3DB5E458B06960 ] SymELAM C:\WINDOWS\system32\drivers\NISx64\1507000.00B\SymELAM.sys
01:03:13.0602 0x1390 SymELAM - ok
01:03:13.0696 0x1390 [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
01:03:13.0712 0x1390 SymEvent - ok
01:03:13.0821 0x1390 [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON C:\WINDOWS\system32\drivers\NISx64\1507000.00B\Ironx64.SYS
01:03:13.0852 0x1390 SymIRON - ok
01:03:14.0055 0x1390 [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS C:\WINDOWS\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS
01:03:14.0087 0x1390 SymNetS - ok
01:03:14.0258 0x1390 [ B9337BA722226E765AE00E9EE6D72DEB, E8B24C33B9284CA9DED80469553D6550347946210BB60CF1B0692BDDE6FB6D17 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
01:03:14.0274 0x1390 SynTP - ok
01:03:14.0415 0x1390 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\WINDOWS\system32\sysmain.dll
01:03:14.0540 0x1390 SysMain - ok
01:03:14.0727 0x1390 [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
01:03:14.0805 0x1390 SystemEventsBroker - ok
01:03:14.0946 0x1390 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
01:03:14.0993 0x1390 TabletInputService - ok
01:03:15.0165 0x1390 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:03:15.0259 0x1390 TapiSrv - ok
01:03:15.0852 0x1390 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
01:03:15.0962 0x1390 Tcpip - ok
01:03:16.0212 0x1390 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:03:16.0259 0x1390 TCPIP6 - ok
01:03:16.0321 0x1390 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
01:03:16.0431 0x1390 tcpipreg - ok
01:03:16.0509 0x1390 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
01:03:16.0540 0x1390 tdx - ok
01:03:16.0587 0x1390 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
01:03:16.0618 0x1390 terminpt - ok
01:03:17.0087 0x1390 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
01:03:17.0165 0x1390 TermService - ok
01:03:17.0212 0x1390 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
01:03:17.0259 0x1390 Themes - ok
01:03:17.0322 0x1390 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
01:03:17.0322 0x1390 THREADORDER - ok
01:03:17.0447 0x1390 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
01:03:17.0509 0x1390 TimeBroker - ok
01:03:17.0634 0x1390 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
01:03:17.0697 0x1390 TPM - ok
01:03:17.0790 0x1390 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
01:03:17.0853 0x1390 TrkWks - ok
01:03:17.0915 0x1390 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
01:03:17.0993 0x1390 TrustedInstaller - ok
01:03:18.0009 0x1390 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
01:03:18.0118 0x1390 TsUsbFlt - ok
01:03:18.0165 0x1390 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
01:03:18.0212 0x1390 TsUsbGD - ok
01:03:18.0243 0x1390 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
01:03:18.0275 0x1390 tunnel - ok
01:03:18.0306 0x1390 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
01:03:18.0337 0x1390 uagp35 - ok
01:03:18.0368 0x1390 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
01:03:18.0400 0x1390 UASPStor - ok
01:03:18.0431 0x1390 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
01:03:18.0462 0x1390 UCX01000 - ok
01:03:18.0509 0x1390 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
01:03:18.0618 0x1390 udfs - ok
01:03:18.0634 0x1390 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
01:03:18.0650 0x1390 UEFI - ok
01:03:18.0681 0x1390 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
01:03:18.0697 0x1390 UI0Detect - ok
01:03:18.0712 0x1390 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
01:03:18.0712 0x1390 uliagpkx - ok
01:03:18.0728 0x1390 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
01:03:18.0728 0x1390 umbus - ok
01:03:18.0759 0x1390 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
01:03:18.0759 0x1390 UmPass - ok
01:03:18.0806 0x1390 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
01:03:18.0853 0x1390 UmRdpService - ok
01:03:19.0056 0x1390 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:03:19.0087 0x1390 UNS - ok
01:03:19.0103 0x1390 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
01:03:19.0134 0x1390 upnphost - ok
01:03:19.0197 0x1390 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
01:03:19.0228 0x1390 usbccgp - ok
01:03:19.0291 0x1390 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
01:03:19.0369 0x1390 usbcir - ok
01:03:19.0431 0x1390 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
01:03:19.0447 0x1390 usbehci - ok
01:03:19.0587 0x1390 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
01:03:19.0634 0x1390 usbhub - ok
01:03:19.0744 0x1390 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
01:03:19.0759 0x1390 USBHUB3 - ok
01:03:19.0791 0x1390 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
01:03:20.0213 0x1390 usbohci - ok
01:03:20.0228 0x1390 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
01:03:20.0384 0x1390 usbprint - ok
01:03:20.0416 0x1390 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:03:20.0494 0x1390 usbscan - ok
01:03:20.0572 0x1390 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
01:03:20.0619 0x1390 USBSTOR - ok
01:03:20.0634 0x1390 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
01:03:20.0681 0x1390 usbuhci - ok
01:03:20.0759 0x1390 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
01:03:20.0791 0x1390 usbvideo - ok
01:03:20.0806 0x1390 [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
01:03:20.0838 0x1390 USBXHCI - ok
01:03:20.0853 0x1390 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
01:03:20.0869 0x1390 VaultSvc - ok
01:03:20.0885 0x1390 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
01:03:20.0885 0x1390 vdrvroot - ok
01:03:21.0072 0x1390 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
01:03:21.0103 0x1390 vds - ok
01:03:21.0166 0x1390 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
01:03:21.0166 0x1390 VerifierExt - ok
01:03:21.0385 0x1390 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
01:03:21.0431 0x1390 vhdmp - ok
01:03:21.0478 0x1390 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
01:03:21.0494 0x1390 viaide - ok
01:03:21.0510 0x1390 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
01:03:21.0525 0x1390 vmbus - ok
01:03:21.0541 0x1390 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
01:03:21.0572 0x1390 VMBusHID - ok
01:03:21.0681 0x1390 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
01:03:21.0728 0x1390 vmicguestinterface - ok
01:03:21.0744 0x1390 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
01:03:21.0744 0x1390 vmicheartbeat - ok
01:03:21.0775 0x1390 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
01:03:21.0791 0x1390 vmickvpexchange - ok
01:03:21.0822 0x1390 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
01:03:21.0838 0x1390 vmicrdv - ok
01:03:21.0869 0x1390 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
01:03:21.0885 0x1390 vmicshutdown - ok
01:03:21.0931 0x1390 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
01:03:21.0947 0x1390 vmictimesync - ok
01:03:21.0963 0x1390 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
01:03:21.0978 0x1390 vmicvss - ok
01:03:21.0994 0x1390 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
01:03:21.0994 0x1390 volmgr - ok
01:03:22.0010 0x1390 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
01:03:22.0025 0x1390 volmgrx - ok
01:03:22.0104 0x1390 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
01:03:22.0135 0x1390 volsnap - ok
01:03:22.0197 0x1390 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
01:03:22.0213 0x1390 vpci - ok
01:03:22.0244 0x1390 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
01:03:22.0260 0x1390 vsmraid - ok
01:03:22.0557 0x1390 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
01:03:22.0635 0x1390 VSS - ok
01:03:22.0697 0x1390 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
01:03:22.0729 0x1390 VSTXRAID - ok
01:03:22.0807 0x1390 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
01:03:23.0010 0x1390 vwifibus - ok
01:03:23.0057 0x1390 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
01:03:23.0119 0x1390 vwififlt - ok
01:03:23.0166 0x1390 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
01:03:23.0197 0x1390 vwifimp - ok
01:03:23.0275 0x1390 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
01:03:23.0385 0x1390 W32Time - ok
01:03:23.0400 0x1390 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
01:03:23.0432 0x1390 WacomPen - ok
01:03:23.0682 0x1390 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
01:03:23.0791 0x1390 wbengine - ok
01:03:23.0869 0x1390 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
01:03:23.0932 0x1390 WbioSrvc - ok
01:03:23.0994 0x1390 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
01:03:24.0010 0x1390 Wcmsvc - ok
01:03:24.0025 0x1390 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
01:03:24.0041 0x1390 wcncsvc - ok
01:03:24.0073 0x1390 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
01:03:24.0135 0x1390 WcsPlugInService - ok
01:03:24.0151 0x1390 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
01:03:24.0166 0x1390 WdBoot - ok
01:03:24.0213 0x1390 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
01:03:24.0244 0x1390 Wdf01000 - ok
01:03:24.0291 0x1390 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
01:03:24.0307 0x1390 WdFilter - ok
01:03:24.0323 0x1390 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
01:03:24.0338 0x1390 WdiServiceHost - ok
01:03:24.0354 0x1390 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
01:03:24.0354 0x1390 WdiSystemHost - ok
01:03:24.0369 0x1390 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
01:03:24.0385 0x1390 WdNisDrv - ok
01:03:24.0416 0x1390 WdNisSvc - ok
01:03:24.0432 0x1390 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\WINDOWS\System32\webclnt.dll
01:03:24.0463 0x1390 WebClient - ok
01:03:24.0541 0x1390 [ 6F02EC5D4F00671879F1672C107219C0, F3B1C8F9DC6059FB9BBA50197D5338BEB860714B1F2AFC1187F2FC609C8D06DA ] WebUpdate4 C:\WINDOWS\SysWOW64\WebUpdateSvc4.exe
01:03:24.0573 0x1390 WebUpdate4 - ok
01:03:24.0604 0x1390 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
01:03:24.0619 0x1390 Wecsvc - ok
01:03:24.0635 0x1390 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
01:03:24.0651 0x1390 WEPHOSTSVC - ok
01:03:24.0666 0x1390 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
01:03:24.0713 0x1390 wercplsupport - ok
01:03:24.0729 0x1390 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
01:03:24.0744 0x1390 WerSvc - ok
01:03:24.0776 0x1390 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
01:03:24.0776 0x1390 WFPLWFS - ok
01:03:24.0791 0x1390 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
01:03:24.0823 0x1390 WiaRpc - ok
01:03:24.0838 0x1390 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
01:03:24.0854 0x1390 WIMMount - ok
01:03:24.0854 0x1390 WinDefend - ok
01:03:24.0901 0x1390 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
01:03:24.0932 0x1390 WinHttpAutoProxySvc - ok
01:03:24.0979 0x1390 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:03:25.0026 0x1390 Winmgmt - ok
01:03:25.0104 0x1390 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
01:03:25.0244 0x1390 WinRM - ok
01:03:25.0323 0x1390 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys
01:03:25.0323 0x1390 WinUsb - ok
01:03:25.0385 0x1390 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
01:03:25.0448 0x1390 WlanSvc - ok
01:03:25.0494 0x1390 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
01:03:25.0541 0x1390 wlidsvc - ok
01:03:25.0573 0x1390 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
01:03:25.0573 0x1390 WmiAcpi - ok
01:03:25.0619 0x1390 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
01:03:25.0635 0x1390 wmiApSrv - ok
01:03:25.0651 0x1390 WMPNetworkSvc - ok
01:03:25.0682 0x1390 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
01:03:25.0682 0x1390 Wof - ok
01:03:25.0744 0x1390 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
01:03:25.0823 0x1390 workfolderssvc - ok
01:03:25.0838 0x1390 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
01:03:25.0854 0x1390 wpcfltr - ok
01:03:25.0869 0x1390 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
01:03:25.0916 0x1390 WPCSvc - ok
01:03:25.0916 0x1390 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
01:03:25.0979 0x1390 WPDBusEnum - ok
01:03:25.0979 0x1390 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
01:03:25.0995 0x1390 WpdUpFltr - ok
01:03:26.0010 0x1390 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
01:03:26.0010 0x1390 ws2ifsl - ok
01:03:26.0026 0x1390 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
01:03:26.0088 0x1390 wscsvc - ok
01:03:26.0088 0x1390 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
01:03:26.0104 0x1390 WSDPrintDevice - ok
01:03:26.0104 0x1390 WSearch - ok
01:03:26.0370 0x1390 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
01:03:26.0448 0x1390 WSService - ok
01:03:26.0620 0x1390 [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
01:03:26.0776 0x1390 wuauserv - ok
01:03:26.0854 0x1390 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
01:03:26.0932 0x1390 WudfPf - ok
01:03:27.0010 0x1390 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
01:03:27.0057 0x1390 WUDFRd - ok
01:03:27.0120 0x1390 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
01:03:27.0120 0x1390 WUDFSensorLP - ok
01:03:27.0198 0x1390 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
01:03:27.0245 0x1390 wudfsvc - ok
01:03:27.0338 0x1390 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
01:03:27.0338 0x1390 WUDFWpdFs - ok
01:03:27.0354 0x1390 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
01:03:27.0354 0x1390 WUDFWpdMtp - ok
01:03:27.0401 0x1390 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
01:03:27.0432 0x1390 WwanSvc - ok
01:03:27.0526 0x1390 [ 03CD249A16CF815FFFD347DC61EF9E6D, 3DE860B1BACF3F1D48B773FD6F4E25977F5193F01897278AED6CD276595356CE ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
01:03:27.0557 0x1390 ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
01:03:29.0886 0x1390 Detect skipped due to KSN trusted
01:03:29.0886 0x1390 ZAtheros Bt and Wlan Coex Agent - ok
01:03:29.0901 0x1390 ================ Scan global ===============================
01:03:29.0933 0x1390 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
01:03:30.0573 0x1390 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
01:03:30.0683 0x1390 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
01:03:32.0167 0x1390 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
01:03:32.0183 0x1390 [ Global ] - ok
01:03:32.0183 0x1390 ================ Scan MBR ==================================
01:03:32.0183 0x1390 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
01:03:32.0370 0x1390 \Device\Harddisk0\DR0 - ok
01:03:32.0370 0x1390 ================ Scan VBR ==================================
01:03:32.0370 0x1390 [ 464F3F2F5A2B37A14FA12CDA62AA55E0 ] \Device\Harddisk0\DR0\Partition1
01:03:32.0449 0x1390 \Device\Harddisk0\DR0\Partition1 - ok
01:03:32.0464 0x1390 [ 9E37BD9A7AA40F272F3961C045595AA0 ] \Device\Harddisk0\DR0\Partition2
01:03:32.0527 0x1390 \Device\Harddisk0\DR0\Partition2 - ok
01:03:32.0542 0x1390 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
01:03:32.0558 0x1390 \Device\Harddisk0\DR0\Partition3 - ok
01:03:32.0589 0x1390 [ 1C2B378C8658F2237CE4632BCAF60BC7 ] \Device\Harddisk0\DR0\Partition4
01:03:32.0745 0x1390 \Device\Harddisk0\DR0\Partition4 - ok
01:03:32.0777 0x1390 [ 0B21C0E483D0651A13C1404858C328BE ] \Device\Harddisk0\DR0\Partition5
01:03:32.0870 0x1390 \Device\Harddisk0\DR0\Partition5 - ok
01:03:32.0902 0x1390 [ 0678CB4C3281CB776118F51EC9757032 ] \Device\Harddisk0\DR0\Partition6
01:03:33.0011 0x1390 \Device\Harddisk0\DR0\Partition6 - ok
01:03:33.0042 0x1390 [ 01C1AFD2DF7DAABDC7470BAE9747FE42 ] \Device\Harddisk0\DR0\Partition7
01:03:33.0042 0x1390 \Device\Harddisk0\DR0\Partition7 - ok
01:03:33.0042 0x1390 ================ Scan generic autorun ======================
01:03:33.0871 0x1390 [ 6947FF3D8868225600913BE99A653A59, 7FDC4A4BFE7473D8EE281A362C37DCFB6E3DB7E5136E225117ECB7F60580CD77 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
01:03:34.0230 0x1390 RtHDVCpl - ok
01:03:34.0668 0x1390 [ DFAA0106B486D5173B39D6DC6A6B521C, BC5D15943FA267CD65BC661FD7C8DF2AF731DC60B46FDFF2D1EEB62427DF8979 ] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
01:03:34.0699 0x1390 BtTray - detected UnsignedFile.Multi.Generic ( 1 )
01:03:44.0732 0x1390 BtTray ( UnsignedFile.Multi.Generic ) - warning
01:04:04.0876 0x1390 [ DB0EE7C5B810F68615D0EBCDAF56B97D, 8EF9A1F168F98E00CCA088C8E2843F6671EFC5BD573CB6C1462746C6DC0960A6 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
01:04:04.0923 0x1390 BtvStack - detected UnsignedFile.Multi.Generic ( 1 )
01:04:14.0924 0x1390 BtvStack ( UnsignedFile.Multi.Generic ) - warning
01:04:35.0036 0x1390 [ 8EC9EF60E24E88DC5DC74D305925E2CF, 37719AAD02B4EA851F899AB4A3464EA381B96BA2E386A52BF9FDAA8C9257FDBE ] C:\windows\system32\igfxtray.exe
01:04:35.0489 0x1390 IgfxTray - ok
01:04:35.0489 0x1390 HotKeysCmds - ok
01:04:35.0489 0x1390 Persistence - ok
01:04:35.0489 0x1390 SynTPEnh - ok
01:04:35.0505 0x1390 [ 076B3EE149E01ADBAC2DC529554A3FD9, 4F65D9D2EE44829AA2264210112851E899165C2346489BEBE679C41420CF7D07 ] C:\Program Files\iTunes\iTunesHelper.exe
01:04:35.0520 0x1390 iTunesHelper - ok
01:04:35.0598 0x1390 [ 28BBBFCC1AD839D1EED3AB392353590F, 9273EF234AC64DBC50EC25DE2DB5B99AAB42F340D9F7327F2AD88CAAC887EDDC ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
01:04:35.0614 0x1390 IAStorIcon - ok
01:04:35.0708 0x1390 [ 4D8D8B6D046BAA8A0D92B50366ADFC7D, A23751F5FE14A84D9ABD020756B5A7E9E4831611065B7CE60BD4F7B761F8EF0B ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
01:04:35.0755 0x1390 Norton Online Backup - ok
01:04:35.0786 0x1390 Adobe Reader Speed Launcher - ok
01:04:35.0958 0x1390 [ 43E946AAD268FEAFB1E286677E70CB5D, 7798926B3CF11D1CF7DFF9B3D67AD3DC67010A62F3132CAEA273EB299A61B176 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
01:04:35.0973 0x1390 Intel AppUp(SM) center - ok
01:04:36.0099 0x1390 [ 73F1B07CF82235B25BCC3E9A7522ACCB, 47221B8DFF5A44050AFB0AB5A249FEECE36BE2E000D6529E099128EEDFA647DA ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
01:04:36.0114 0x1390 StartCCC - ok
01:04:36.0224 0x1390 [ ED70821F65B120FDBD76FCFF746FE219, D038CC5198099B2FE02F2789E6817E96E210E27CF6C0E8FF39E6746B31653DDE ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
01:04:36.0255 0x1390 SunJavaUpdateSched - ok
01:04:36.0474 0x1390 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
01:04:36.0505 0x1390 Adobe ARM - ok
01:04:36.0755 0x1390 [ 50E999CDFBCFEBC7B14452E35D1E4C83, 007EBBC78603F4C691FD65B60B93A0E4C0CDB5EB7D9555212E1C36B268C981D2 ] C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\OneDrive.exe
01:04:36.0771 0x1390 OneDrive - ok
01:04:36.0771 0x1390 Web Companion - ok
01:04:36.0771 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:37.0786 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:38.0786 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:39.0787 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:40.0787 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:41.0787 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:42.0803 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:43.0803 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:44.0819 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:45.0819 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:46.0819 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:47.0835 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:48.0835 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:49.0850 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:50.0851 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:51.0851 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:52.0851 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:53.0851 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:54.0851 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:55.0852 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:56.0852 0x1390 Waiting for KSN requests completion. In queue: 9
01:04:57.0852 0x1390 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe ( 21.7.0.0 ), 0x51000 ( enabled : updated )
01:04:57.0914 0x1390 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
01:04:57.0914 0x1390 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe ( 21.7.0.0 ), 0x51010 ( enabled )
01:05:17.0919 0x1390 ============================================================
01:05:17.0919 0x1390 Scan finished
01:05:17.0919 0x1390 ============================================================
01:05:17.0919 0x02f8 Detected object count: 2
01:05:17.0919 0x02f8 Actual detected object count: 2
01:05:41.0619 0x02f8 BtTray ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:41.0619 0x02f8 BtTray ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:05:41.0619 0x02f8 BtvStack ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:41.0619 0x02f8 BtvStack ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.06.2015, 00:17
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Ja, bitte mach mal die FRST-Scans.
__________________ --> DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren |
|
09.06.2015, 00:56
| #7 |
| | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Norton ausgeschaltet. FRST aufs Desktop geladen. Wenn ich das Programm starten möchte kommt folgende Fehlermeldung: Von Windows Smart Screen wurde der Start einer unbekannten App verhindert. Die Ausführung dieser App stellt unter Umständen ein Risiko für den PC dar. Wo kann ich Windows Smart Screen ausschalten? Dumme Frage von mir vorhin. Sorry. Müdigkeit.  Ich geh jetzt schlafen. hier sind die Log files vom FRST Scan FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Sandra (administrator) on SANDRA-SAMSUNG on 09-06-2015 01:52:28
Running from C:\Users\Sandra\Desktop
Loaded Profiles: Sandra (Available Profiles: Sandra)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [OneDrive] => C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.be/
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://be.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150323__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL =
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://be.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150323__yaie&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-14] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-24] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373
FF NewTab: about:blank
FF DefaultSearchEngine: Google.de
FF SelectedSearchEngine: Yahoo
FF Homepage: www.google.be
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373\searchplugins\duckduckgo.xml [2015-03-23]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373\searchplugins\googlede.xml [2015-03-23]
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373\searchplugins\googlemaps.xml [2015-03-23]
FF Extension: Click&Clean - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373\Extensions\clickclean@hotcleaner.com [2015-06-02]
FF Extension: Print pages to PDF - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373\Extensions\printPages2Pdf@reinhold.ripper [2015-05-31]
FF Extension: LastPass - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373\Extensions\support@lastpass.com [2015-05-31]
FF Extension: FireShot - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-05-31]
FF Extension: Self-Destructing Cookies - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-03-22]
FF Extension: Capture & Print - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\o7hczc4d.default-1426679780373\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2015-06-09]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-02-02] (Macrovision Europe Ltd.) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S4 WebUpdate4; C:\WINDOWS\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20150601.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20150605.001\IDSvia64.sys [684248 2015-05-31] (Symantec Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-08] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150607.020\ENG64.SYS [129752 2015-04-29] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150607.020\EX64.SYS [2137304 2015-04-29] (Symantec Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2014-08-26] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2014-08-26] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-01] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 01:52 - 2015-06-09 01:52 - 00019741 _____ C:\Users\Sandra\Desktop\FRST.txt
2015-06-09 01:47 - 2015-06-09 01:47 - 02108928 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2015-06-09 01:44 - 2015-06-09 01:52 - 00000000 ____D C:\FRST
2015-06-09 00:27 - 2015-06-09 00:27 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sandra\Desktop\tdsskiller.exe
2015-06-08 22:49 - 2015-06-08 22:49 - 00005584 _____ C:\Users\Sandra\Desktop\gmer.txt
2015-06-08 22:36 - 2015-06-08 22:36 - 00380416 _____ C:\Users\Sandra\Desktop\Gmer-19357.exe
2015-06-08 22:26 - 2015-06-08 22:26 - 00000474 _____ C:\Users\Sandra\Desktop\defogger_disable.log
2015-06-08 22:26 - 2015-06-08 22:26 - 00000000 _____ C:\Users\Sandra\defogger_reenable
2015-06-08 22:23 - 2015-06-08 22:23 - 00050477 _____ C:\Users\Sandra\Desktop\Defogger.exe
2015-06-08 21:48 - 2015-06-08 21:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-06-08 17:35 - 2015-06-08 18:06 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-08 17:28 - 2015-06-08 17:28 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-08 17:28 - 2015-06-08 17:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-08 17:28 - 2015-06-08 17:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-08 17:28 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-08 17:28 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-08 17:28 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-08 17:26 - 2015-06-08 17:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Sandra\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-08 16:22 - 2015-06-08 16:22 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-08 16:22 - 2015-06-08 16:22 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-08 16:22 - 2015-06-08 16:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-08 16:19 - 2015-06-08 16:19 - 00243480 _____ C:\Users\Sandra\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-08 15:55 - 2015-06-08 15:55 - 03077776 ____N (Symantec Corporation) C:\Users\Sandra\Desktop\NPE.exe
2015-06-08 11:41 - 2015-06-08 11:41 - 00047633 _____ C:\WINDOWS\SysWOW64\wuwuninst.exe
2015-06-08 11:41 - 2015-06-08 11:41 - 00001232 _____ C:\Users\Public\Desktop\SplashID Safe.lnk
2015-06-08 11:41 - 2015-06-08 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SplashData
2015-06-08 11:41 - 2015-06-08 11:41 - 00000000 ____D C:\Program Files (x86)\SplashData
2015-06-08 09:07 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-08 09:07 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-08 09:07 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-08 09:07 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-08 09:07 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-08 09:07 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-08 09:07 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-08 09:07 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-01 10:30 - 2015-06-01 10:30 - 00000000 ____D C:\Users\Sandra\AppData\Local\GWX
2015-05-28 13:53 - 2015-05-28 13:53 - 00286960 _____ C:\WINDOWS\Minidump\052815-34953-01.dmp
2015-05-27 11:14 - 2015-05-28 09:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-05-25 12:07 - 2015-05-25 12:07 - 00000000 ___RD C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-25 12:06 - 2015-06-08 16:01 - 00000000 ____D C:\NPE
2015-05-25 12:03 - 2015-06-08 16:19 - 00000000 ____D C:\Users\Sandra\AppData\Local\NPE
2015-05-24 11:59 - 2015-05-24 11:59 - 00000000 ____D C:\Users\Sandra\AppData\Local\TempTaskUpdateDetection2EFBB341-B780-4795-BBA6-DFCB4B868E17
2015-05-19 18:15 - 2015-05-28 13:53 - 888972677 _____ C:\WINDOWS\MEMORY.DMP
2015-05-19 18:15 - 2015-05-28 13:53 - 00000000 ____D C:\WINDOWS\Minidump
2015-05-19 18:15 - 2015-05-19 18:16 - 00286960 _____ C:\WINDOWS\Minidump\051915-42078-01.dmp
2015-05-19 12:36 - 2015-05-19 12:37 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Sandra\Downloads\flashplayer17au_ha_install.exe
2015-05-18 14:50 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 14:50 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 14:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-18 14:17 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-18 14:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-18 14:17 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-18 14:17 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-18 14:17 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-18 14:17 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-18 14:17 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-18 14:17 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-18 14:17 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-18 14:17 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-18 14:17 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-18 14:17 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-18 14:17 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-18 14:17 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-18 14:17 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-18 14:17 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-18 14:17 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-18 14:17 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-18 14:17 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-18 14:17 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-18 14:17 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-18 14:17 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-18 14:17 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-18 14:17 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-18 14:17 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-18 14:17 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-18 14:17 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-18 14:17 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-18 14:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-18 14:17 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-18 14:17 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-18 14:17 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-18 14:17 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-18 14:17 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-18 14:17 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-18 14:17 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-18 14:17 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-18 14:17 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-17 13:36 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-17 13:36 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-17 13:36 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-17 13:36 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-17 13:36 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-17 13:36 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-17 13:36 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-17 13:36 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-17 13:36 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-17 13:36 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-17 13:36 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-17 13:36 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-17 13:36 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-17 13:36 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-17 13:36 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-17 13:36 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-17 13:36 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-17 13:36 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-17 13:36 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-17 13:36 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-17 13:36 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-17 13:36 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-17 13:36 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-17 13:36 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-17 13:36 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-17 13:36 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-17 13:36 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-17 13:36 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-17 13:35 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-17 13:35 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-17 13:35 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-17 13:35 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-17 13:35 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-17 13:35 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-17 13:35 - 2015-03-13 02:29 - 00410017 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-05-17 13:35 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-17 13:35 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-17 12:57 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-17 12:57 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 01:52 - 2015-01-13 12:37 - 00000000 __RDO C:\Users\Sandra\OneDrive
2015-06-09 01:51 - 2013-08-22 16:46 - 00294119 _____ C:\WINDOWS\setupact.log
2015-06-09 01:51 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-09 01:51 - 2012-09-18 12:55 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-06-09 01:50 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-09 01:43 - 2012-09-18 13:15 - 00000360 _____ C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-06-09 01:25 - 2015-04-20 16:57 - 00005000 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SANDRA-SAMSUNG-Sandra Sandra-Samsung
2015-06-09 01:14 - 2015-01-27 14:47 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-09 00:55 - 2015-02-01 15:58 - 01583455 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-09 00:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-08 22:26 - 2015-02-01 16:06 - 00000000 ____D C:\Users\Sandra
2015-06-08 21:19 - 2015-02-02 13:16 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3DD71822-C8CC-4BAE-A1E4-04A2FA4DD8E7}
2015-06-08 18:57 - 2014-12-30 16:45 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001
2015-06-08 18:32 - 2012-09-18 13:06 - 00000000 ____D C:\ProgramData\WinClon
2015-06-08 18:02 - 2014-11-20 20:24 - 00048914 _____ C:\WINDOWS\PFRO.log
2015-06-08 17:49 - 2014-12-30 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-08 17:49 - 2013-08-22 16:45 - 00000000 ____D C:\WINDOWS\Setup
2015-06-08 14:09 - 2015-01-01 22:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-08 14:09 - 2014-11-21 12:51 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-08 13:36 - 2015-03-10 10:01 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-06-08 13:04 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-08 10:50 - 2012-09-18 12:55 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-06-08 10:13 - 2014-12-30 17:22 - 00000000 ____D C:\Users\Sandra\AppData\Local\CrashDumps
2015-06-07 11:20 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-03 13:15 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-06-02 13:40 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-05-28 21:02 - 2015-01-13 13:44 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Skype
2015-05-28 12:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-05-27 22:19 - 2014-12-25 13:09 - 00000000 ____D C:\Users\Sandra\AppData\Local\Packages
2015-05-25 12:03 - 2012-09-18 13:03 - 00000000 ____D C:\ProgramData\Norton
2015-05-23 16:05 - 2015-04-06 18:58 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-23 16:05 - 2015-04-06 18:58 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-22 14:30 - 2015-02-01 16:50 - 00003110 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2678595623-4148133582-4009595467-1001
2015-05-21 09:58 - 2015-02-01 15:49 - 00802432 _____ C:\WINDOWS\system32\perfh00C.dat
2015-05-21 09:58 - 2015-02-01 15:49 - 00159382 _____ C:\WINDOWS\system32\perfc00C.dat
2015-05-21 09:58 - 2014-11-21 05:35 - 02742364 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-21 09:58 - 2014-11-21 04:45 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2015-05-21 09:58 - 2014-11-21 04:45 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2015-05-19 21:41 - 2015-01-13 12:28 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-19 18:15 - 2013-08-22 16:44 - 00372280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-19 16:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-05-19 13:26 - 2015-01-13 12:58 - 00000000 ____D C:\Users\Sandra\AppData\Local\Adobe
2015-05-19 12:08 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-19 12:08 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-19 11:53 - 2014-12-25 13:12 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Adobe
2015-05-17 22:14 - 2014-12-30 18:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-17 13:53 - 2014-12-30 18:45 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-17 13:49 - 2014-11-21 05:13 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-17 13:01 - 2015-02-25 12:06 - 01055744 ____H C:\Users\Sandra\Desktop\~WRL0003.tmp
2015-05-17 12:35 - 2015-01-13 13:06 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2012-09-18 13:15 - 2012-08-08 06:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-09-18 13:15 - 2012-08-07 12:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-08 22:59
==================== End of log ============================
und [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Sandra at 2015-06-09 01:53:51
Running from C:\Users\Sandra\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2678595623-4148133582-4009595467-500 - Administrator - Disabled)
Gast (S-1-5-21-2678595623-4148133582-4009595467-501 - Limited - Disabled)
Sandra (S-1-5-21-2678595623-4148133582-4009595467-1001 - Administrator - Enabled) => C:\Users\Sandra
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Amazon Music (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Amazon Amazon Music) (Version: 3.9.3.797 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7141A3BC-9EBD-A6AB-CCAE-FBD4E4BFC870}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{D93F0B49-12AA-4AE6-8349-0ECB13B9532F}) (Version: 1.0.5 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-GB)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Update Wizard (Redistributable) 4.5 (HKLM-x32\...\Software Update Wizard (Redistributable)) (Version: 4.5 - PowerProgrammer)
SplashID Safe 7.2.4 (HKLM-x32\...\SplashID Safe) (Version: 7.2.4 - SplashData)
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{391A07F0-748F-474F-986C-F03934F98F6E}) (Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
23-05-2015 16:05:20 Windows Modules Installer
31-05-2015 12:41:12 Geplanter Prüfpunkt
08-06-2015 13:03:40 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {064DF168-8F45-4715-B27F-D12A9FCA8ECD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {13064CAF-89C6-49E3-9FAD-F5EBC675D860} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2678595623-4148133582-4009595467-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {182EB722-D3FB-4F28-BDA5-9EEAA5728A8B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1C271AA8-A79E-4357-92C2-51CC784D1CDF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2E04800F-D8FF-492F-AC45-38F482C3A29E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {384BE781-5910-4849-8492-38CBD0AF0425} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {3B817D30-94B8-457E-A302-1DDA92A7F577} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {40DFB88D-9E02-43F7-820C-082F450387AC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {48F2142D-FAD6-42FD-B1CF-8B84D40BAEE0} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {49E3F0BF-4950-46B7-8C57-55D61EFDB7DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {55A71CE9-A563-4500-8F9D-991DBB074751} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {6D92E9BA-BF43-4EBB-AF8E-2F5DF966119B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SANDRA-SAMSUNG-Sandra Sandra-Samsung => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {76C4DC21-3582-449E-BA2D-E514E6432085} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
Task: {789305D1-A5DB-43A8-807C-0B0A8373272F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {89D423D2-5F17-49A6-823E-6C55E76481DE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {9178B62B-3314-4B94-99A8-9A40D35A3921} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-14] (Samsung Electronics CO., LTD.)
Task: {9400C22A-06D2-4218-9CDA-07CB2CE4BE3E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19] (Adobe Systems Incorporated)
Task: {97A0C558-A2CE-4189-8590-0865C30B9786} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {9DCAE56A-934A-4476-8952-E3B213C0E1F2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {ACFDD4B9-12CE-44B8-9EE9-9B6D96203BB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {B56D87E0-F945-4986-A560-009353E1CC88} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {BB57ABE5-FFD1-4250-A33A-D022241DB93C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {BD96D871-BC8F-4751-B260-9BC01C0984DF} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CCAA43C7-A484-4D97-8B40-495CB3711C68} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {DEA29841-AB2F-4820-8B10-EF442E36BFB6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
==================== Loaded Modules (Whitelisted) ==============
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-13 12:28 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2015-03-18 14:11 - 2015-01-27 17:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2015-01-13 12:28 - 2015-01-13 12:28 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-02-08 18:56 - 2015-02-08 18:56 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Sandra\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandra\Desktop\WP_20150212_15_16_12_Pro.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: WebUpdate4 => 2
MSCONFIG\Services: ZAtheros Bt and Wlan Coex Agent => 2
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\StartupApproved\Run: => "Web Companion"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2EEECA77-799A-4D37-BE7E-34AF97D53CC3}] => (Allow) C:\Users\Sandra\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{67B9CDA9-6611-4902-929E-FB071C8FC6AF}] => (Allow) LPort=1900
FirewallRules: [{1C1C1C9E-B5B4-4252-8B39-9916B47268A9}] => (Allow) LPort=2869
FirewallRules: [{AA11861E-9DF7-4AAE-AA72-AD2C5491E5DC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{DE6A8967-FE87-4007-A1B6-36A2AFEA03F8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8796951C-2AFC-433D-BEAB-52B8C75BFFB0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{AA608118-F9CE-435A-8ACA-C7CB4C358CA2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B92BD701-FBA7-4BEE-B257-AABE3DE76070}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{82F0E33A-F344-4099-AF2B-D734F3483CA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42E4CD4D-E310-4ADA-AD29-9C6534FA0FE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{631FC482-9461-44E5-BDC4-E024F4C2810A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA2A2A11-103A-4DB0-B66A-F757C2070D04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80FD8CFE-2AB5-4557-AD0C-7A28CC4BD766}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A9756002-FDD3-4603-9552-2CE6E217EBD9}] => (Allow) C:\Program Files (x86)\SplashData\SplashID Safe\SplashID Safe.exe
FirewallRules: [{4E2D2285-AABF-46A4-98CA-8DDC01BA0BE9}] => (Allow) C:\Program Files (x86)\SplashData\SplashID Safe\SplashID Safe.exe
FirewallRules: [{BE0F9F66-25E5-48B5-B0E7-05A393C3ECD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{835E6101-6D41-48ED-9F73-82C636156B6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/09/2015 01:50:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 8.6.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b40
Startzeit: 01d0a245a39060bf
Endzeit: 10126
Anwendungspfad: C:\Users\Sandra\Desktop\FRST64.exe
Berichts-ID: 0ae43bc3-0e39-11e5-bea9-50b7c325edc0
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/09/2015 01:48:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 8.6.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5d0
Startzeit: 01d0a2450e44e536
Endzeit: 60000
Anwendungspfad: C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\IE\IZI2PFMI\FRST64.exe
Berichts-ID: a8157bb6-0e38-11e5-bea9-50b7c325edc0
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/09/2015 01:30:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PhotosApp.exe, Version 6.3.9600.17418 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a9c
Startzeit: 01d0a242fda8aca2
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\FileManager\PhotosApp.exe
Berichts-ID: 47f4369e-0e36-11e5-bea9-50b7c325edc0
Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager
Error: (06/09/2015 01:30:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SANDRA-SAMSUNG)
Description: Das Paket „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (06/08/2015 06:07:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14516
Error: (06/08/2015 06:07:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14516
Error: (06/08/2015 06:07:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/08/2015 04:42:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14297
Error: (06/08/2015 04:42:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14297
Error: (06/08/2015 04:42:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (06/09/2015 01:00:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FontCache3.0.0.0 erreicht.
Error: (06/09/2015 01:00:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ClickToRunSvc erreicht.
Error: (06/08/2015 06:01:56 PM) (Source: DCOM) (EventID: 10010) (User: SANDRA-SAMSUNG)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (06/08/2015 04:18:28 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/08/2015 04:18:26 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/08/2015 04:18:23 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (06/08/2015 04:01:15 PM) (Source: DCOM) (EventID: 10016) (User: SANDRA-SAMSUNG)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Sandra-SamsungSandraS-1-5-21-2678595623-4148133582-4009595467-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/08/2015 04:01:14 PM) (Source: DCOM) (EventID: 10016) (User: SANDRA-SAMSUNG)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Sandra-SamsungSandraS-1-5-21-2678595623-4148133582-4009595467-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/08/2015 04:01:14 PM) (Source: DCOM) (EventID: 10016) (User: SANDRA-SAMSUNG)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Sandra-SamsungSandraS-1-5-21-2678595623-4148133582-4009595467-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/08/2015 04:01:14 PM) (Source: DCOM) (EventID: 10016) (User: SANDRA-SAMSUNG)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Sandra-SamsungSandraS-1-5-21-2678595623-4148133582-4009595467-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office:
=========================
Error: (06/09/2015 01:50:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe8.6.2015.01b4001d0a245a39060bf10126C:\Users\Sandra\Desktop\FRST64.exe0ae43bc3-0e39-11e5-bea9-50b7c325edc0
Error: (06/09/2015 01:48:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe8.6.2015.05d001d0a2450e44e53660000C:\Users\Sandra\AppData\Local\Microsoft\Windows\INetCache\IE\IZI2PFMI\FRST64.exea8157bb6-0e38-11e5-bea9-50b7c325edc0
Error: (06/09/2015 01:30:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PhotosApp.exe6.3.9600.174181a9c01d0a242fda8aca24294967295C:\WINDOWS\FileManager\PhotosApp.exe47f4369e-0e36-11e5-bea9-50b7c325edc0FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
Error: (06/09/2015 01:30:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SANDRA-SAMSUNG)
Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager
Error: (06/08/2015 06:07:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14516
Error: (06/08/2015 06:07:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14516
Error: (06/08/2015 06:07:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/08/2015 04:42:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14297
Error: (06/08/2015 04:42:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14297
Error: (06/08/2015 04:42:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 16%
Total physical RAM: 8083.48 MB
Available physical RAM: 6780.88 MB
Total Pagefile: 18835.48 MB
Available Pagefile: 17235.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:907.16 GB) (Free:810.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FCB1BE73)
Partition: GPT Partition Type.
==================== End of log ============================
Geändert von mamarazzii (09.06.2015 um 01:02 Uhr) |
|
09.06.2015, 08:39
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Hi, Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2  
Schritt 3 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
09.06.2015, 11:54
| #9 |
| | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Adw cleaner Problem mit einem restart gelöst hier ist das log file Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 09/06/2015 um 10:27:17
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-08.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Sandra - SANDRA-SAMSUNG
# Gestarted von : C:\Users\Sandra\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\RHEng
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v38.0.5 (x86 en-GB)
*************************
AdwCleaner[R0].txt - [1937 Bytes] - [09/06/2015 10:24:27]
AdwCleaner[S0].txt - [1821 Bytes] - [09/06/2015 10:27:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1880 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.06.2015 Suchlauf-Zeit: 10:40:20 Logdatei: malware log.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.03.09.05 Rootkit Datenbank: v2015.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Sandra Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 378728 Verstrichene Zeit: 18 Min, 20 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=eb3fc7b7a344224a9d701cd8695d155c
# end=init
# utc_time=2015-06-09 09:23:20
# local_time=2015-06-09 11:23:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24242
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=eb3fc7b7a344224a9d701cd8695d155c
# end=updated
# utc_time=2015-06-09 09:32:12
# local_time=2015-06-09 11:32:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=eb3fc7b7a344224a9d701cd8695d155c
# engine=24242
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-09 10:43:14
# local_time=2015-06-09 12:43:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 79604 196443179 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7353227 58727887 0 0
# scanned=246163
# found=1
# cleaned=0
# scan_time=4261
sh=DEDD8F0F9D5A4010092A2F3638C2E8AFB12BDD41 ft=1 fh=a2211db89c5209d0 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\Windows\SysWOW64\LavasoftTcpService.dll"
 Alle Anweisungen befolgt.Ich habe ein paar Fragen: Falscher Alarm oder war tatsächlich ein Trojaner auf meinem Laptop? (ich habe den Link angeclickt, aber nicht das zip file geöffnet. Den Server habe ich gestern ausgeschaltet. Mein Laptop ist über diesen Server mit zwei anderen Laptops und einem Desktop verbunden. Der Server ist am Desktop angehängt. Sind Sever, Laptops und Desktops auch infisziert? Wie kann feststellen, dass sie befallen sind? Muss ich das gleiche Prozedere auf allen Geräten machen? Sorry für die vielen Fragen.  Geändert von mamarazzii (09.06.2015 um 09:35 Uhr) |
|
09.06.2015, 17:50
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Hi, wenn Du die zip-Datei nicht geöffnet hast, ist es sehr unwahrscheinlich dass Du Dich in diesem Fall infiziert hast. Die Logdateien bestätigen die Annahme. Wenn dieser PC sauber ist, dann sind es die anderen auch. 
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
09.06.2015, 17:55
| #11 |
| | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren uff, da bin ich aber mega froh. Ist mein Laptop schon clean oder müssen wir noch weiter putzen? Nochmals vielen Dank für Deine Hilfe |
|
09.06.2015, 18:06
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Nö, können wir so lassen. >>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst... und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung:  ESET Smart Security Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
09.06.2015, 19:27
| #13 |
| | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installierenVIELEN HERZLICHEN DANK für den super Service das schnelle Reagieren für die Hilfe und die gut verständlichen Erklärungen Ich hoffe auch, dass wir uns nicht bald wiedersehen.  |
|
09.06.2015, 19:31
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren Gerne. 
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu DHL Mail auf den Link geclickt - Trojaner lässt mich kein removal tool installieren |
| antivirus, browser, desktop, dhl trojaner, download, fehler, file, firefox, harddisk, installation, kaspersky, kis, microsoft, neu, phishing, problem, programm, programme, scan, server, software, starten, svchost.exe, system, temp, trojaner |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
