Win 7 Home x64; Internetverbindung, Norton Internet Security und andere Programme funktionieren nicht mehr

DT-Maniac · 09.08.2015, 16:52

Liebe Trojaner-Jäger,

ich hoffe, Ihr könnt mir bei meinem Problem weiterhelfen: vor kurzem hatte ich beim Herunterfahren eine Fehlermeldung von Norton Internet Security (NIS) erhalten, dass das Programm nicht mehr funktioniert. Seitdem funktionieren sowohl NIS als auch diverse andere Programme nicht mehr bzw. bleiben beim Startbild hängen. Außerdem ist eine Verbindung mit dem Internet nicht mehr möglich. Ich kann vom Problemrechner aus zwar den zweiten Rechner erfolgreich anpingen und auch umgekehrt. Auf die Fritzbox-Seite komme ich vom Problemrechner aus nicht. Ohne Internetverbindung kam ich mit den Norton-Tools leider nicht weiter.
Log-files von NIS konnte ich jetzt im Programmverzeichnis keine finden. Kann mir evtl. jemand sagen, wo ich danach suchen sollte?

Hier die Logs von defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:46 on 09/08/2015 (*******)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
durchgeführt von ******* (Administrator) auf SHARK (09-08-2015 16:46:57)
Gestartet von C:\Users\*******\Desktop
Geladene Profile: ******* (Verfügbare Profile: ******* & ****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-17] (Logitech Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH)
HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\S-1-5-21-1678810335-2756922238-3578185290-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=sb&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1678810335-2756922238-3578185290-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-11-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-11-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-11-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-11-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7D1B3D77-3D1A-4DBA-AA76-4D7162C32DF9}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1678810335-2756922238-3578185290-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\user.js [2015-06-26]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\searchplugins\duckduckgo.xml [2014-01-09]
FF Extension: YouTube Unblocker - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-06-17]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-01-09]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-01-09]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Youtube MP3 Downloader using youtube-mp3.org - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2014-05-17]
FF Extension: DuckDuckGo Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-01-09]
FF Extension: {9192c10a-ce03-4ca3-a4e6-a1531e339a49} - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{9192c10a-ce03-4ca3-a4e6-a1531e339a49}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-09]
FF Extension: HTML Plugin - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{e3560e50-30d3-4bfa-978d-36033fbee1da}.xpi [2014-11-25]
FF Extension: Adblock Edge - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-09]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-08-09]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-22]

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-1678810335-2756922238-3578185290-1001) OperaStable - "C:\Program Files (x86)\Opera\Launcher.exe"

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-01-10] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-10] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [Datei ist nicht signiert]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-04-13] (Mr. John aka japamd) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-17] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150727.001\IDSvia64.sys [692984 2015-06-20] (Symantec Corporation)
S3 L6PODHDBEAN; C:\Windows\System32\Drivers\L6PODHDBEAN64.sys [772864 2013-07-11] (Line 6)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150727.020\ENG64.SYS [138488 2015-07-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150727.020\EX64.SYS [2146040 2015-07-20] (Symantec Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R1 SMR501; C:\Windows\System32\drivers\SMR501.SYS [111288 2015-08-09] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-09] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
U3 Winsock; kein ImagePath
U3 uxldypob; \??\C:\Users\*******\AppData\Local\Temp\uxldypob.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-09 16:37 - 2015-08-09 16:47 - 00019270 _____ C:\Users\*******\Desktop\FRST.txt
2015-08-09 16:32 - 2015-08-09 16:33 - 00000020 _____ C:\Windows\system32\Drivers\SMR501.dat
2015-08-09 16:32 - 2015-08-09 16:32 - 00111288 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR501.SYS
2015-08-09 16:31 - 2015-08-08 18:24 - 10079720 _____ (Symantec Corporation) C:\Users\*******\Desktop\NPE.exe
2015-08-08 22:05 - 2015-08-08 22:05 - 00587352 _____ C:\Windows\Minidump\080815-27393-01.dmp
2015-08-08 21:29 - 2015-08-09 16:46 - 00000476 _____ C:\Users\*******\Desktop\defogger_disable.log
2015-08-08 21:29 - 2015-08-09 16:46 - 00000000 ____D C:\FRST
2015-08-08 21:29 - 2015-08-08 21:29 - 00000000 _____ C:\Users\*******\defogger_reenable
2015-08-08 21:28 - 2015-08-08 20:52 - 02169856 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2015-08-08 21:28 - 2015-08-08 20:52 - 00380416 _____ C:\Users\*******\Desktop\Gmer-19357.exe
2015-08-08 21:28 - 2015-08-08 20:51 - 00050477 _____ C:\Users\*******\Desktop\Defogger.exe
2015-08-08 20:38 - 2015-08-08 20:38 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-08 20:38 - 2015-08-08 20:17 - 05481344 _____ (Avast Software s.r.o.) C:\Users\*******\Desktop\avast_free_antivirus_setup.exe
2015-08-08 20:38 - 2015-08-08 20:15 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\*******\Desktop\avira_de_av_55c646fd14add__ws.exe
2015-08-08 19:48 - 2015-08-09 16:35 - 00000000 ____D C:\Users\*******\AppData\Local\NPE
2015-07-28 18:10 - 2015-07-28 18:10 - 00000000 ____D C:\ProgramData\PCSettings
2015-07-26 17:14 - 2015-07-28 17:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-23 18:11 - 2015-07-23 18:11 - 00001083 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-07-23 18:11 - 2015-07-23 18:11 - 00001063 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-07-23 18:11 - 2015-07-23 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-07-16 21:45 - 2015-07-16 22:00 - 00000000 ____D C:\Users\****\AppData\Roaming\Greenshot
2015-07-16 21:45 - 2015-07-16 21:45 - 00000000 ____D C:\Users\****\AppData\Local\Greenshot

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-09 16:38 - 2009-07-14 06:45 - 00025664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-09 16:38 - 2009-07-14 06:45 - 00025664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-09 16:33 - 2014-01-09 19:04 - 01621282 _____ C:\Windows\WindowsUpdate.log
2015-08-09 16:31 - 2014-05-30 07:42 - 00000000 ____D C:\Users\*******\AppData\Local\FreePDF_XP
2015-08-09 16:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 16:30 - 2009-07-14 06:51 - 00093453 _____ C:\Windows\setupact.log
2015-08-09 16:27 - 2014-01-09 19:12 - 00002501 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2015-08-09 16:27 - 2014-01-09 19:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-08-09 01:04 - 2014-01-18 15:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-08 22:05 - 2014-06-08 14:49 - 501371548 _____ C:\Windows\MEMORY.DMP
2015-08-08 22:05 - 2014-06-08 14:49 - 00000000 ____D C:\Windows\Minidump
2015-08-08 21:29 - 2014-01-09 19:09 - 00000000 ____D C:\Users\*******
2015-08-08 19:48 - 2014-01-09 19:12 - 00000000 ____D C:\ProgramData\Norton
2015-08-06 22:19 - 2014-01-10 03:59 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-08-06 22:19 - 2014-01-10 03:59 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-08-06 22:19 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-06 21:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-29 18:24 - 2010-11-21 05:47 - 00163096 _____ C:\Windows\PFRO.log
2015-07-28 18:09 - 2014-01-09 19:12 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-07-27 21:35 - 2014-01-18 22:00 - 00000000 ____D C:\Users\*******\AppData\Local\Battle.net
2015-07-26 18:18 - 2014-02-19 21:03 - 00000000 ____D C:\Users\*******\AppData\Roaming\vlc
2015-07-26 17:12 - 2014-01-10 00:11 - 00000000 ____D C:\Program Files (x86)\RadeonPro
2015-07-26 14:49 - 2015-07-03 09:14 - 00000000 ____D C:\Users\*******\AppData\Local\Greenshot
2015-07-23 18:11 - 2014-06-08 13:59 - 00000000 ____D C:\Program Files (x86)\PDF24
2015-07-16 21:45 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-16 18:05 - 2014-01-18 15:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 18:05 - 2014-01-09 21:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 18:05 - 2014-01-09 21:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-05-27 19:42 - 2014-05-27 19:57 - 0005632 _____ () C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-18 23:51 - 2015-04-18 23:51 - 0005211 _____ () C:\Users\*******\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
C:\Users\*******\AppData\Local\Temp\CTPBSeq.exe
C:\Users\*******\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*******\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\*******\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\*******\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\*******\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\*******\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\*******\AppData\Local\Temp\L6GPInst.dll
C:\Users\*******\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\*******\AppData\Local\Temp\pyl2606.tmp.exe
C:\Users\*******\AppData\Local\Temp\pyl2E8E.tmp.exe
C:\Users\*******\AppData\Local\Temp\TW_autoskip.exe
C:\Users\*******\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\*******\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\*******\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\*******\AppData\Local\Temp\wmfdist.exe
C:\Users\*******\AppData\Local\Temp\wvc1dmo.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-08 22:35

==================== Ende von log ============================

Addition von FRST:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
durchgeführt von ******* (2015-08-09 16:47:20)
Gestartet von C:\Users\*******\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1678810335-2756922238-3578185290-500 - Administrator - Disabled)
**** (S-1-5-21-1678810335-2756922238-3578185290-1003 - Administrator - Enabled) => C:\Users\****
Gast (S-1-5-21-1678810335-2756922238-3578185290-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1678810335-2756922238-3578185290-1002 - Limited - Enabled)
******* (S-1-5-21-1678810335-2756922238-3578185290-1001 - Administrator - Enabled) => C:\Users\*******

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 4.64 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AudioLabel (HKLM-x32\...\AudioLabel) (Version: 6.0 (Build 2) - CDCoverSoft)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CoCreate Modeling Personal Edition 3.0 ( x64 ) (HKLM\...\{1218162D-656E-4074-9201-B29EA22FDA4B}) (Version: 30.0.0034 - Parametric Technology GmbH)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
DiRT 3 (x32 Version: 1.0.0003.130 - Codemasters) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen)
FairStars CD Ripper 1.70 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Logitech Gaming Software 5.08 (HKLM\...\{96F1BA99-300F-4DD5-A26B-788EF63B53B1}) (Version: 5.08.146 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
Nero CoverDesigner (HKLM-x32\...\{79BB6415-00A7-413A-B278-A7EAE69F1753}) (Version: 12.0.02700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 20.0.1387.77 (HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\...\Opera 20.0.1387.77) (Version: 20.0.1387.77 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 7.0.6 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.1 - Tracker Software Products Ltd)
Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden
PTC Creo Elements/Direct Modeling Express 6.0 ( x64 ) (HKLM\...\{CAEBEDAB-0BDA-4E05-B904-7909713D079D}) (Version: 60.0.00392 - Parametric Technology GmbH)
PTC Diagnostic Tools (HKLM\...\{D8EE1206-5E41-425D-83E7-E6D9886E716D}) (Version: 3.0.0.0 - PTC)
PTC Mathcad Prime 3.1 (HKLM\...\{3A4F83E8-C604-4970-8A1F-8963B3507630}) (Version: 3.1.0 - PTC)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Sound Blaster X-Fi Xtreme Audio (HKLM-x32\...\{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}) (Version: 1.0 - )
Transcribe! 8.40 (HKLM-x32\...\Transcribe!_is1) (Version: 8.40 - Seventh String Software)
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
Unreal Tournament 2004 (HKLM-x32\...\{394DC0BC-5476-4260-B52C-BDE1BDEFA958}) (Version: 1.00.0000 - Epic Games)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VueScan x32 (HKLM-x32\...\VueScan x32) (Version:  - )
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.1.1739 - 1&1 Mail & Media GmbH)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

21-07-2015 18:13:27 Geplanter Prüfpunkt
08-08-2015 22:41:45 Geplanter Prüfpunkt

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02351716-CDE1-4A09-BCAC-C1BD3BBA96B2} - System32\Tasks\{27952182-AB59-494E-8011-66F6BCD38CEA} => pcalua.exe -a C:\Users\*******\Desktop\gfwlivesetup.exe -d C:\Users\*******\Desktop
Task: {19566E55-1052-444C-9B44-D49A6E4E601A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {24BC4479-03B3-47D9-BAEB-F1A2621DA68E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {35DFCB1E-A4AB-4CE3-A58A-F6C31D02657E} - System32\Tasks\{9C838587-F0B1-46FE-B6C8-1EA032496928} => pcalua.exe -a Z:\Installer\Viewer\irfanview_plugins_437_setup.exe -d Z:\Installer\Viewer
Task: {94E9266A-39A1-4F53-9B79-38D73A7D830E} - System32\Tasks\{C330B0C9-5C79-4BE0-A084-DAAD21044709} => pcalua.exe -a G:\setup.exe -d G:\
Task: {ABD1BF1E-7B46-49C9-BA81-9803427BF255} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {D1A7E572-1903-4191-97CD-8AAD288C0AE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-04-25 12:03 - 2012-06-21 07:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-01-16 12:58 - 2013-01-16 12:58 - 02408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2013-01-16 12:58 - 2013-01-16 12:58 - 08626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2013-01-16 12:58 - 2013-01-16 12:58 - 00212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-01-09 20:50 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-01-09 20:50 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-06-08 13:59 - 2015-07-21 11:43 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2014-06-08 13:59 - 2015-07-21 11:43 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Software\Classes\.exe:  =>  <===== ACHTUNG

==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*******\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
MpsSvc Firewall Dienst läuft nicht.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{4D2938FA-05C6-4E06-A37C-009319327586}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{F5B69DC8-7E8C-4427-AB16-F695453184B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1DDCD492-6C55-403D-A3A2-AECF74AB5910}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{6188121D-024C-4433-961C-4C7A179EAE53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{F57C4A07-37E6-44B4-BA75-D2ED668BED24}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AC925902-28F8-4C38-B3ED-D342711F886F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{837730FE-AD6A-4E44-9EE8-AEB894D4B83C}] => (Allow) Z:\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{9325239C-6971-4898-9E44-DF00AF713B4D}] => (Allow) Z:\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{5821C85A-88D2-4B2B-A723-A6637A6063A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{2CA6743A-2C2D-4545-9E38-4223EA971B08}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{9B18A605-15E4-4D31-B7F6-5C7E34B36DF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E03A9F00-30C2-4E56-8F68-ED405E3CA691}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{6C2A5134-3D29-447B-BECC-5E2ECCD76DFB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{92B977B4-2979-4FD2-8DBF-6F1FD7A12984}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{0749BF5F-819F-41FD-BA41-F7433DBFE3C6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{75B3E434-5B48-40ED-97AD-D0B20E99FA62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{135EA207-84C5-4E89-AD00-AC4E2E71F321}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{94A3C0F9-4500-48B2-A0F8-8659B3F3E305}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [TCP Query User{90D85595-AD82-49B2-B3D8-19EF4BA5BF65}Z:\diablo iii\diablo iii.exe] => (Allow) Z:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{470649EE-1D8F-46FB-B590-56DF653F81C4}Z:\diablo iii\diablo iii.exe] => (Allow) Z:\diablo iii\diablo iii.exe
FirewallRules: [{61873EA7-3D64-4599-BC70-995AD67C080D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{F22FD00E-D2A3-4E71-A651-B3F5A5D24DF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{608824D0-37C6-48BE-9693-8C8D8775CE84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C1A8593D-4C2A-4EE2-828B-AFCA124CBE37}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0B5B6E11-8F55-4A55-BD7F-2F0C7DD71DD9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{A4D31217-22F4-40E3-99D2-E7E7E8CC279D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{31EC6E9D-3052-45F6-9522-EBB058D82125}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{BF9EF39C-64DA-4929-BD5D-7573C85484F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{E5C872B6-CBE2-4530-93B5-C600BBDCE3E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{497A4F5A-098E-4E1C-B437-FED77E98985D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{AB00ECC6-B67C-4A2E-ADDC-9CEED7862AA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{87E2BA6B-DB40-470F-B8D9-346EFDF32DF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{2DCAB66B-0321-4881-85B2-268147E07CEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{09F9640F-B425-4D4E-AE30-763299CEF27C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{111B51C1-738C-44BE-A485-74640CCFC37B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{ADAD4EA4-FA25-47EC-A0E1-4813D8BAEB4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{97EBACB7-46B2-4458-9F58-771968629AE0}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{063B2A4D-6A8B-4CC3-B681-00E21CBF6ACD}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{D78021E2-3BA2-43B8-A9EF-9A99BFD9C360}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{C391F70C-CE43-4B7A-B08F-33F9AF1FE61E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{E8B7AB49-B251-4E34-9883-FB50FD18422E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{6D282A7E-80F0-4EE9-8D1F-9592BBCF0F2A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{BBFEA202-A5AA-4274-934E-135C95D0A779}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CAAE74B4-9A08-4BFB-864A-E178840E4ABD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{A3AB0CC2-0449-4FF1-8B86-1F5EF6486E2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{0FF0CAD8-4E2D-45AA-9709-63187D1DC5D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{94D25D98-8A3D-4E62-B56A-F668ADCD9F60}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{1678A7CE-6DB6-44E0-98F9-3D0DA5497E21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{9A1F127F-CF5E-44CB-B86E-9E319F27C035}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{BC21BCAB-083F-4FC9-AFEC-70FD5634F5C8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{33EAE1DE-B350-4912-AFA9-25464A975A93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{14DC7E46-699F-4300-8EE7-508C30839666}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{DFAE125B-5888-446F-8392-A25FD51FA932}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{40DE75BC-821C-40FE-89FA-C307D2BB8221}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{161E88F0-A455-495C-AF8E-B2B6E7FE9E10}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{F74EBFB4-965D-49A2-BF2D-7531F605DDF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{EBDA7AA1-5025-46CF-B4CA-0AD554AFE77B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{9737DA2D-95FD-4AD6-9F17-19E330613870}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{69114650-21B0-43E7-AE1C-E41031C15934}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{82F80CEE-CEA3-4E55-A7D8-8D4AC9EB3C81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{FAB6639A-7340-422B-813B-4CE3E57D68C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{7DA8E4F3-A2B9-40D9-9267-7D8DA80F8472}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{64BEA362-EA09-47B2-B943-96229B5799BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{7816D4C8-1AB7-4CBC-B16E-BD463FFE0193}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{4FB4C574-497F-4D66-AF3C-8791959651F7}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds.exe
FirewallRules: [{4BF67C30-62A2-424A-AFCA-AE9C10CA21F9}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds.exe
FirewallRules: [{D4180822-D4E9-4276-89F8-D3CEF2795072}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{97DFEF71-4C22-4B45-9479-E729D6E532D1}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{D2EC7768-9D13-4964-96AB-478ACFB542DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{878D8F14-8F53-437E-86A3-E099F6DEED21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{00CECD7E-4B01-47F9-8CF2-80BA00BD59D0}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{A9D853A7-15FB-4FD6-B561-C69877A44495}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{B7DB40CC-B189-4D23-B45A-05EB2D379E24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFC1CB38-1196-4C19-81CF-2AAE2F4E2610}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46040856-17E4-448E-89C4-F7380D2A88E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E72D416-B6D5-4FB7-85AD-783D469DD607}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{368B028D-475A-4BA8-B3C6-747A3FC77FC4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D3532889-728D-402B-976C-403C14452D79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B293E784-04B5-422F-89B0-94C2A1EBAFB8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{810DA817-B230-489D-9BF8-EB2499B68D0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{E0B46CD9-DC07-4774-8DB3-2AD4180DEBA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{60CDB7FD-51DD-4A83-8C5E-DC9520782209}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{505E959A-2C2E-4E36-8402-C2AB6D0A1D17}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{8FA9253C-7393-4B45-B919-5AFFE6C93692}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{294B1A43-A455-414C-9B0B-681749D4A637}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{A2960F91-BE15-4DBA-B955-D941BAD327B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{36352B47-C03D-4514-9582-BE3C1A82D4C3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{67F4409A-E414-44F4-8B74-8D5AE37279FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Konnte Geräte nicht auflisten. Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/09/2015 04:31:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2015 04:25:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm vuescan.exe, Version 9.4.25.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 898

Startzeit: 01d0d2aea25fa500

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\VueScan\vuescan.exe

Berichts-ID: 48e0faa1-3ea2-11e5-ad2d-0023546fbd1c

Error: (08/09/2015 04:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSCStub.exe, Version: 22.3.0.71, Zeitstempel: 0x55a47b9d
Name des fehlerhaften Moduls: WSCStub.exe, Version: 22.3.0.71, Zeitstempel: 0x55a47b9d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001bf49
ID des fehlerhaften Prozesses: 0x1298
Startzeit der fehlerhaften Anwendung: 0xWSCStub.exe0
Pfad der fehlerhaften Anwendung: WSCStub.exe1
Pfad des fehlerhaften Moduls: WSCStub.exe2
Berichtskennung: WSCStub.exe3

Error: (08/09/2015 04:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSCStub.exe, Version: 22.3.0.71, Zeitstempel: 0x55a47b9d
Name des fehlerhaften Moduls: WSCStub.exe, Version: 22.3.0.71, Zeitstempel: 0x55a47b9d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001bf49
ID des fehlerhaften Prozesses: 0x1240
Startzeit der fehlerhaften Anwendung: 0xWSCStub.exe0
Pfad der fehlerhaften Anwendung: WSCStub.exe1
Pfad des fehlerhaften Moduls: WSCStub.exe2
Berichtskennung: WSCStub.exe3

Error: (08/09/2015 04:21:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2015 10:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSCStub.exe, Version: 22.3.0.71, Zeitstempel: 0x55a47b9d
Name des fehlerhaften Moduls: WSCStub.exe, Version: 22.3.0.71, Zeitstempel: 0x55a47b9d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001bf49
ID des fehlerhaften Prozesses: 0x604
Startzeit der fehlerhaften Anwendung: 0xWSCStub.exe0
Pfad der fehlerhaften Anwendung: WSCStub.exe1
Pfad des fehlerhaften Moduls: WSCStub.exe2
Berichtskennung: WSCStub.exe3

Error: (08/08/2015 10:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSCStub.exe, Version: 22.3.0.71, Zeitstempel: 0x55a47b9d
Name des fehlerhaften Moduls: WSCStub.exe, Version: 22.3.0.71, Zeitstempel: 0x55a47b9d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001bf49
ID des fehlerhaften Prozesses: 0x6d4
Startzeit der fehlerhaften Anwendung: 0xWSCStub.exe0
Pfad der fehlerhaften Anwendung: WSCStub.exe1
Pfad des fehlerhaften Moduls: WSCStub.exe2
Berichtskennung: WSCStub.exe3

Error: (08/08/2015 10:06:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2015 09:32:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 8.8.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1340

Startzeit: 01d0d210ff45f1a0

Endzeit: 0

Anwendungspfad: C:\Users\*******\Desktop\FRST64.exe

Berichts-ID: 423f4c41-3e04-11e5-a919-0023546fbd1c

Error: (08/08/2015 09:32:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 8.8.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13f8

Startzeit: 01d0d210950ef700

Endzeit: 16

Anwendungspfad: C:\Users\*******\Desktop\FRST64.exe

Berichts-ID: 3a50d761-3e04-11e5-a919-0023546fbd1c


Systemfehler:
=============
Error: (08/09/2015 04:42:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "BHDrvx64" ist vom Dienst "Symantec Iron Driver" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1243

Error: (08/09/2015 04:42:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Symantec Iron Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (08/09/2015 04:42:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Symantec Iron Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (08/09/2015 04:31:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "BHDrvx64" ist vom Dienst "Symantec Iron Driver" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1243

Error: (08/09/2015 04:31:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Symantec Iron Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (08/09/2015 04:30:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BHDrvx64
SymIRON

Error: (08/09/2015 04:29:05 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (08/09/2015 04:27:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "BHDrvx64" ist vom Dienst "Symantec Iron Driver" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1243

Error: (08/09/2015 04:27:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Symantec Iron Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (08/09/2015 04:27:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Symantec Iron Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243


Microsoft Office:
=========================
Error: (08/09/2015 04:31:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2015 04:25:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: vuescan.exe9.4.25.089801d0d2aea25fa50060000C:\Program Files (x86)\VueScan\vuescan.exe48e0faa1-3ea2-11e5-ad2d-0023546fbd1c

Error: (08/09/2015 04:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WSCStub.exe22.3.0.7155a47b9dWSCStub.exe22.3.0.7155a47b9dc00000050001bf49129801d0d2aebd9e21c0C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exeC:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exefcfbe6e0-3ea1-11e5-ad2d-0023546fbd1c

Error: (08/09/2015 04:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WSCStub.exe22.3.0.7155a47b9dWSCStub.exe22.3.0.7155a47b9dc00000050001bf49124001d0d2aebcf9e2e0C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exeC:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exefcc2c5e0-3ea1-11e5-ad2d-0023546fbd1c

Error: (08/09/2015 04:21:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2015 10:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WSCStub.exe22.3.0.7155a47b9dWSCStub.exe22.3.0.7155a47b9dc00000050001bf4960401d0d215da88d8a0C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exeC:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe183a2640-3e09-11e5-b207-0023546fbd1c

Error: (08/08/2015 10:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WSCStub.exe22.3.0.7155a47b9dWSCStub.exe22.3.0.7155a47b9dc00000050001bf496d401d0d215d7e73380C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exeC:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe1776f580-3e09-11e5-b207-0023546fbd1c

Error: (08/08/2015 10:06:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2015 09:32:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe8.8.2015.1134001d0d210ff45f1a00C:\Users\*******\Desktop\FRST64.exe423f4c41-3e04-11e5-a919-0023546fbd1c

Error: (08/08/2015 09:32:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe8.8.2015.113f801d0d210950ef70016C:\Users\*******\Desktop\FRST64.exe3a50d761-3e04-11e5-a919-0023546fbd1c


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 33%
Total physical RAM: 4094.55 MB
Available physical RAM: 2718.61 MB
Total Virtual: 8187.32 MB
Available Virtual: 6747.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:36.58 GB) NTFS
Drive d: (Daten) (Fixed) (Total:172.79 GB) (Free:43.69 GB) NTFS
Drive g: (Disc) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
Drive h: (PHIL) (Removable) (Total:7.5 GB) (Free:3.98 GB) FAT32
Drive z: (Games) (Fixed) (Total:195.32 GB) (Free:39.85 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 50990D2B)
Partition 1: (Not Active) - (Size=270.4 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=195.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 000A5724)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== Ende von log ============================

und GMER:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-09 16:56:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 Hitachi_ rev.GM4O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*******\AppData\Local\Temp\uxldypob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                   0000000075611401 2 bytes JMP 760ab21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                     0000000075611419 2 bytes JMP 760ab346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                   0000000075611431 2 bytes JMP 76128f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                   000000007561144a 2 bytes CALL 7608489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                      00000000756114dd 2 bytes JMP 76128822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17               00000000756114f5 2 bytes JMP 761289f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                      000000007561150d 2 bytes JMP 76128718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17               0000000075611525 2 bytes JMP 76128ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                     000000007561153d 2 bytes JMP 7609fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                          0000000075611555 2 bytes JMP 760a68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                   000000007561156d 2 bytes JMP 76128fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                     0000000075611585 2 bytes JMP 76128b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                        000000007561159d 2 bytes JMP 761286dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                     00000000756115b5 2 bytes JMP 7609fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                   00000000756115cd 2 bytes JMP 760ab2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20               00000000756116b2 2 bytes JMP 76128ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31               00000000756116bd 2 bytes JMP 76128671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1524] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4   000000006eb813b0 2 bytes JMP 76775660 C:\Windows\syswow64\SHELL32.dll
.text  C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1524] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20  000000006eb813c0 2 bytes CALL 77349cee C:\Windows\syswow64\msvcrt.dll
.text  ...                                                                                                                                        * 20
.text  C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1524] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22  000000006eb8153e 2 bytes CALL 76807794 C:\Windows\syswow64\SHELL32.dll
.text  C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1524] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43  000000006eb81553 2 bytes CALL 760810ff C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\rundll32.exe[2184] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4                                               000000006eb813b0 2 bytes JMP 76775660 C:\Windows\syswow64\SHELL32.dll
.text  C:\Windows\SysWOW64\rundll32.exe[2184] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20                                              000000006eb813c0 2 bytes CALL 77349cee C:\Windows\syswow64\msvcrt.dll
.text  ...                                                                                                                                        * 20
.text  C:\Windows\SysWOW64\rundll32.exe[2184] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22                                              000000006eb8153e 2 bytes CALL 76807794 C:\Windows\syswow64\SHELL32.dll
.text  C:\Windows\SysWOW64\rundll32.exe[2184] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43                                              000000006eb81553 2 bytes CALL 760810ff C:\Windows\syswow64\kernel32.dll

---- EOF - GMER 2.1 ----

Vorab schon einmal vielen Dank!

Viele Grüße,
Phil

schrauber · 09.08.2015, 17:30

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

DT-Maniac · 09.08.2015, 19:33

Hallo Schrauber,

danke für die schnelle Antwort.

Hier die logs:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.08.09.04
  rootkit: v2015.08.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
******* :: SHARK [administrator]

09.08.2015 19:39:35
mbar-log-2015-08-09 (19-39-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 408406
Time elapsed: 15 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

19:59:22.0242 0x0dcc  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
19:59:52.0148 0x0dcc  ============================================================
19:59:52.0148 0x0dcc  Current date / time: 2015/08/09 19:59:52.0148
19:59:52.0148 0x0dcc  SystemInfo:
19:59:52.0148 0x0dcc  
19:59:52.0148 0x0dcc  OS Version: 6.1.7601 ServicePack: 1.0
19:59:52.0148 0x0dcc  Product type: Workstation
19:59:52.0148 0x0dcc  ComputerName: SHARK
19:59:52.0148 0x0dcc  UserName: *******
19:59:52.0148 0x0dcc  Windows directory: C:\Windows
19:59:52.0148 0x0dcc  System windows directory: C:\Windows
19:59:52.0148 0x0dcc  Running under WOW64
19:59:52.0148 0x0dcc  Processor architecture: Intel x64
19:59:52.0148 0x0dcc  Number of processors: 4
19:59:52.0148 0x0dcc  Page size: 0x1000
19:59:52.0148 0x0dcc  Boot type: Normal boot
19:59:52.0148 0x0dcc  ============================================================
19:59:54.0066 0x0dcc  KLMD registered as C:\Windows\system32\drivers\17064983.sys
19:59:54.0722 0x0dcc  System UUID: {9DCC34C1-C915-857D-25FA-16C3D15F4EF4}
19:59:55.0502 0x0dcc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:59:55.0517 0x0dcc  Drive \Device\Harddisk1\DR1 - Size: 0x1E1509000 ( 7.52 Gb ), SectorSize: 0x200, Cylinders: 0x3D5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:59:55.0517 0x0dcc  ============================================================
19:59:55.0517 0x0dcc  \Device\Harddisk0\DR0:
19:59:55.0517 0x0dcc  MBR partitions:
19:59:55.0533 0x0dcc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7E, BlocksNum 0xC34F24E
19:59:55.0564 0x0dcc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x15993CF5
19:59:55.0564 0x0dcc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21CE3000, BlocksNum 0x186A1C41
19:59:55.0564 0x0dcc  \Device\Harddisk1\DR1:
19:59:55.0564 0x0dcc  MBR partitions:
19:59:55.0564 0x0dcc  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF0A809
19:59:55.0564 0x0dcc  ============================================================
19:59:55.0611 0x0dcc  C: <-> \Device\Harddisk0\DR0\Partition1
19:59:56.0048 0x0dcc  D: <-> \Device\Harddisk0\DR0\Partition2
19:59:56.0250 0x0dcc  Z: <-> \Device\Harddisk0\DR0\Partition3
19:59:56.0250 0x0dcc  ============================================================
19:59:56.0250 0x0dcc  Initialize success
19:59:56.0250 0x0dcc  ============================================================
20:00:31.0460 0x01d0  ============================================================
20:00:31.0460 0x01d0  Scan started
20:00:31.0460 0x01d0  Mode: Manual; 
20:00:31.0460 0x01d0  ============================================================
20:00:31.0460 0x01d0  KSN ping started
20:00:31.0506 0x01d0  KSN ping finished: false
20:00:32.0240 0x01d0  ================ Scan system memory ========================
20:00:32.0240 0x01d0  System memory - ok
20:00:32.0240 0x01d0  ================ Scan services =============================
20:00:32.0396 0x01d0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:00:32.0396 0x01d0  1394ohci - ok
20:00:32.0427 0x01d0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:00:32.0442 0x01d0  ACPI - ok
20:00:32.0458 0x01d0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:00:32.0458 0x01d0  AcpiPmi - ok
20:00:32.0598 0x01d0  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:00:32.0692 0x01d0  AdobeFlashPlayerUpdateSvc - ok
20:00:32.0754 0x01d0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:00:32.0770 0x01d0  adp94xx - ok
20:00:32.0817 0x01d0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:00:32.0832 0x01d0  adpahci - ok
20:00:32.0848 0x01d0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:00:32.0848 0x01d0  adpu320 - ok
20:00:32.0895 0x01d0  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:00:32.0895 0x01d0  AeLookupSvc - ok
20:00:32.0973 0x01d0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:00:32.0973 0x01d0  AFD - ok
20:00:33.0020 0x01d0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:00:33.0035 0x01d0  agp440 - ok
20:00:33.0066 0x01d0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:00:33.0066 0x01d0  ALG - ok
20:00:33.0098 0x01d0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:00:33.0098 0x01d0  aliide - ok
20:00:33.0144 0x01d0  [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:00:33.0144 0x01d0  AMD External Events Utility - ok
20:00:33.0160 0x01d0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:00:33.0160 0x01d0  amdide - ok
20:00:33.0176 0x01d0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:00:33.0176 0x01d0  AmdK8 - ok
20:00:33.0581 0x01d0  [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:00:33.0940 0x01d0  amdkmdag - ok
20:00:34.0018 0x01d0  [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:00:34.0158 0x01d0  amdkmdap - ok
20:00:34.0174 0x01d0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:00:34.0190 0x01d0  AmdPPM - ok
20:00:34.0221 0x01d0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:00:34.0236 0x01d0  amdsata - ok
20:00:34.0268 0x01d0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:00:34.0268 0x01d0  amdsbs - ok
20:00:34.0283 0x01d0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:00:34.0299 0x01d0  amdxata - ok
20:00:34.0330 0x01d0  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
20:00:34.0346 0x01d0  AppID - ok
20:00:34.0377 0x01d0  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:00:34.0377 0x01d0  AppIDSvc - ok
20:00:34.0408 0x01d0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:00:34.0408 0x01d0  Appinfo - ok
20:00:34.0439 0x01d0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:00:34.0455 0x01d0  arc - ok
20:00:34.0470 0x01d0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:00:34.0470 0x01d0  arcsas - ok
20:00:34.0548 0x01d0  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:00:34.0595 0x01d0  aspnet_state - ok
20:00:34.0626 0x01d0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:34.0626 0x01d0  AsyncMac - ok
20:00:34.0658 0x01d0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:00:34.0658 0x01d0  atapi - ok
20:00:34.0720 0x01d0  [ 770A3B0D78232B0C1054495392A1FBA3, 733BB08BAFE42E848F3A3CDFD80A2C37DB829CAD2E18B3D6299FDEE6EF30C9CD ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:00:34.0736 0x01d0  AtiHDAudioService - ok
20:00:34.0798 0x01d0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:00:34.0829 0x01d0  AudioEndpointBuilder - ok
20:00:34.0845 0x01d0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:00:34.0860 0x01d0  AudioSrv - ok
20:00:34.0938 0x01d0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:00:34.0938 0x01d0  AxInstSV - ok
20:00:35.0001 0x01d0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:00:35.0016 0x01d0  b06bdrv - ok
20:00:35.0063 0x01d0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:00:35.0063 0x01d0  b57nd60a - ok
20:00:35.0110 0x01d0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:00:35.0110 0x01d0  BDESVC - ok
20:00:35.0126 0x01d0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:00:35.0126 0x01d0  Beep - ok
20:00:35.0188 0x01d0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:00:35.0204 0x01d0  BFE - ok
20:00:35.0469 0x01d0  [ FB0FAB0E2140FE8E17BAE727C15DBFBB, 227B7472ACE6C583AD67433080BCF57BFDC88F43BF8A56DA78BEB9D618572CA8 ] BHDrvx64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx64.sys
20:00:35.0500 0x01d0  BHDrvx64 - ok
20:00:35.0594 0x01d0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:00:35.0781 0x01d0  BITS - ok
20:00:35.0812 0x01d0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:00:35.0828 0x01d0  blbdrive - ok
20:00:35.0921 0x01d0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:00:35.0921 0x01d0  Bonjour Service - ok
20:00:35.0952 0x01d0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:00:35.0968 0x01d0  bowser - ok
20:00:36.0015 0x01d0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:00:36.0030 0x01d0  BrFiltLo - ok
20:00:36.0046 0x01d0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:00:36.0046 0x01d0  BrFiltUp - ok
20:00:36.0077 0x01d0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:00:36.0093 0x01d0  Browser - ok
20:00:36.0108 0x01d0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:00:36.0124 0x01d0  Brserid - ok
20:00:36.0140 0x01d0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:00:36.0140 0x01d0  BrSerWdm - ok
20:00:36.0155 0x01d0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:00:36.0155 0x01d0  BrUsbMdm - ok
20:00:36.0155 0x01d0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:00:36.0171 0x01d0  BrUsbSer - ok
20:00:36.0186 0x01d0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:00:36.0186 0x01d0  BTHMODEM - ok
20:00:36.0233 0x01d0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:00:36.0233 0x01d0  bthserv - ok
20:00:36.0311 0x01d0  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys
20:00:36.0311 0x01d0  ccSet_NIS - ok
20:00:36.0342 0x01d0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:00:36.0342 0x01d0  cdfs - ok
20:00:36.0358 0x01d0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:00:36.0358 0x01d0  cdrom - ok
20:00:36.0374 0x01d0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:00:36.0405 0x01d0  CertPropSvc - ok
20:00:36.0420 0x01d0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:00:36.0420 0x01d0  circlass - ok
20:00:36.0452 0x01d0  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
20:00:36.0467 0x01d0  CLFS - ok
20:00:36.0530 0x01d0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:36.0545 0x01d0  clr_optimization_v2.0.50727_32 - ok
20:00:36.0608 0x01d0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:00:36.0608 0x01d0  clr_optimization_v2.0.50727_64 - ok
20:00:36.0654 0x01d0  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:36.0654 0x01d0  clr_optimization_v4.0.30319_32 - ok
20:00:36.0670 0x01d0  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:00:36.0717 0x01d0  clr_optimization_v4.0.30319_64 - ok
20:00:36.0732 0x01d0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:00:36.0732 0x01d0  CmBatt - ok
20:00:36.0764 0x01d0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:00:36.0764 0x01d0  cmdide - ok
20:00:36.0810 0x01d0  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:00:36.0826 0x01d0  CNG - ok
20:00:36.0857 0x01d0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:00:36.0873 0x01d0  Compbatt - ok
20:00:36.0904 0x01d0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:00:36.0904 0x01d0  CompositeBus - ok
20:00:36.0920 0x01d0  COMSysApp - ok
20:00:36.0935 0x01d0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:00:36.0935 0x01d0  crcdisk - ok
20:00:36.0982 0x01d0  [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
20:00:36.0982 0x01d0  Creative ALchemy AL6 Licensing Service - ok
20:00:36.0998 0x01d0  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
20:00:36.0998 0x01d0  Creative Audio Engine Licensing Service - ok
20:00:37.0029 0x01d0  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:00:37.0029 0x01d0  CryptSvc - ok
20:00:37.0091 0x01d0  [ 69CDBA2B9C397E349A04FA70DD9170A2, 7879E58CB221063EF17A8A7677E81B47BFD600C3FC3353378690E4A2131327ED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
20:00:37.0091 0x01d0  CTAudSvcService - ok
20:00:37.0138 0x01d0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:00:37.0154 0x01d0  DcomLaunch - ok
20:00:37.0185 0x01d0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:00:37.0200 0x01d0  defragsvc - ok
20:00:37.0216 0x01d0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:00:37.0216 0x01d0  DfsC - ok
20:00:37.0278 0x01d0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:00:37.0278 0x01d0  Dhcp - ok
20:00:37.0372 0x01d0  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
20:00:37.0388 0x01d0  DiagTrack - ok
20:00:37.0403 0x01d0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:00:37.0403 0x01d0  discache - ok
20:00:37.0419 0x01d0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:00:37.0419 0x01d0  Disk - ok
20:00:37.0497 0x01d0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:00:37.0497 0x01d0  Dnscache - ok
20:00:37.0575 0x01d0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:00:37.0590 0x01d0  dot3svc - ok
20:00:37.0606 0x01d0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:00:37.0606 0x01d0  DPS - ok
20:00:37.0637 0x01d0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:00:37.0637 0x01d0  drmkaud - ok
20:00:37.0684 0x01d0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:00:37.0700 0x01d0  DXGKrnl - ok
20:00:37.0715 0x01d0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:00:37.0715 0x01d0  EapHost - ok
20:00:37.0824 0x01d0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:00:37.0887 0x01d0  ebdrv - ok
20:00:37.0996 0x01d0  [ 93EA893A8C2C561648A559E48C723412, 14F9AD8BCF423BC40F7B3D2D7BC0F795CD3C54800C854873BD170ADF2A735B64 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:00:38.0027 0x01d0  eeCtrl - ok
20:00:38.0027 0x01d0  Scan was interrupted by user!
20:00:38.0121 0x01d0  AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe ( 22.3.0.0 ), 0x51000 ( enabled : updated )
20:00:38.0121 0x01d0  FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe ( 22.3.0.0 ), 0x51010 ( enabled )
20:00:38.0136 0x01d0  ============================================================
20:00:38.0136 0x01d0  Scan finished
20:00:38.0136 0x01d0  ============================================================
20:00:38.0136 0x0420  Detected object count: 0
20:00:38.0136 0x0420  Actual detected object count: 0
20:01:06.0638 0x0fac  ============================================================
20:01:06.0638 0x0fac  Scan started
20:01:06.0638 0x0fac  Mode: Manual; SigCheck; TDLFS; 
20:01:06.0638 0x0fac  ============================================================
20:01:06.0638 0x0fac  KSN ping started
20:01:06.0653 0x0fac  KSN ping finished: false
20:01:07.0012 0x0fac  ================ Scan system memory ========================
20:01:07.0012 0x0fac  System memory - ok
20:01:07.0012 0x0fac  ================ Scan services =============================
20:01:07.0137 0x0fac  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:01:07.0199 0x0fac  1394ohci - ok
20:01:07.0215 0x0fac  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:01:07.0230 0x0fac  ACPI - ok
20:01:07.0230 0x0fac  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:01:07.0293 0x0fac  AcpiPmi - ok
20:01:07.0355 0x0fac  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:01:07.0371 0x0fac  AdobeFlashPlayerUpdateSvc - ok
20:01:07.0402 0x0fac  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:01:07.0433 0x0fac  adp94xx - ok
20:01:07.0449 0x0fac  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:01:07.0464 0x0fac  adpahci - ok
20:01:07.0496 0x0fac  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:01:07.0511 0x0fac  adpu320 - ok
20:01:07.0527 0x0fac  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:01:07.0558 0x0fac  AeLookupSvc - ok
20:01:07.0605 0x0fac  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:01:07.0652 0x0fac  AFD - ok
20:01:07.0667 0x0fac  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:01:07.0683 0x0fac  agp440 - ok
20:01:07.0698 0x0fac  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:01:07.0730 0x0fac  ALG - ok
20:01:07.0761 0x0fac  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:01:07.0761 0x0fac  aliide - ok
20:01:07.0792 0x0fac  [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:01:07.0839 0x0fac  AMD External Events Utility - ok
20:01:07.0854 0x0fac  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:01:07.0870 0x0fac  amdide - ok
20:01:07.0886 0x0fac  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:01:07.0901 0x0fac  AmdK8 - ok
20:01:08.0260 0x0fac  [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:01:08.0556 0x0fac  amdkmdag - ok
20:01:08.0619 0x0fac  [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:01:08.0634 0x0fac  amdkmdap - ok
20:01:08.0650 0x0fac  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:01:08.0666 0x0fac  AmdPPM - ok
20:01:08.0681 0x0fac  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:01:08.0697 0x0fac  amdsata - ok
20:01:08.0728 0x0fac  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:01:08.0744 0x0fac  amdsbs - ok
20:01:08.0744 0x0fac  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:01:08.0759 0x0fac  amdxata - ok
20:01:08.0790 0x0fac  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
20:01:08.0822 0x0fac  AppID - ok
20:01:08.0837 0x0fac  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:01:08.0837 0x0fac  AppIDSvc - ok
20:01:08.0868 0x0fac  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:01:08.0900 0x0fac  Appinfo - ok
20:01:08.0931 0x0fac  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:01:08.0946 0x0fac  arc - ok
20:01:08.0962 0x0fac  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:01:08.0978 0x0fac  arcsas - ok
20:01:09.0040 0x0fac  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:01:09.0056 0x0fac  aspnet_state - ok
20:01:09.0071 0x0fac  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:01:09.0165 0x0fac  AsyncMac - ok
20:01:09.0212 0x0fac  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:01:09.0212 0x0fac  atapi - ok
20:01:09.0243 0x0fac  [ 770A3B0D78232B0C1054495392A1FBA3, 733BB08BAFE42E848F3A3CDFD80A2C37DB829CAD2E18B3D6299FDEE6EF30C9CD ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:01:09.0274 0x0fac  AtiHDAudioService - ok
20:01:09.0321 0x0fac  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:01:09.0352 0x0fac  AudioEndpointBuilder - ok
20:01:09.0368 0x0fac  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:01:09.0383 0x0fac  AudioSrv - ok
20:01:09.0414 0x0fac  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:01:09.0461 0x0fac  AxInstSV - ok
20:01:09.0492 0x0fac  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:01:09.0524 0x0fac  b06bdrv - ok
20:01:09.0539 0x0fac  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:01:09.0555 0x0fac  b57nd60a - ok
20:01:09.0570 0x0fac  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:01:09.0586 0x0fac  BDESVC - ok
20:01:09.0602 0x0fac  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:01:09.0633 0x0fac  Beep - ok
20:01:09.0664 0x0fac  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:01:09.0726 0x0fac  BFE - ok
20:01:09.0867 0x0fac  [ FB0FAB0E2140FE8E17BAE727C15DBFBB, 227B7472ACE6C583AD67433080BCF57BFDC88F43BF8A56DA78BEB9D618572CA8 ] BHDrvx64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx64.sys
20:01:09.0914 0x0fac  BHDrvx64 - ok
20:01:09.0960 0x0fac  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:01:10.0085 0x0fac  BITS - ok
20:01:10.0101 0x0fac  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:01:10.0116 0x0fac  blbdrive - ok
20:01:10.0163 0x0fac  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:01:10.0179 0x0fac  Bonjour Service - ok
20:01:10.0210 0x0fac  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:01:10.0226 0x0fac  bowser - ok
20:01:10.0241 0x0fac  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:01:10.0272 0x0fac  BrFiltLo - ok
20:01:10.0288 0x0fac  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:01:10.0304 0x0fac  BrFiltUp - ok
20:01:10.0335 0x0fac  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:01:10.0350 0x0fac  Browser - ok
20:01:10.0366 0x0fac  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:01:10.0397 0x0fac  Brserid - ok
20:01:10.0413 0x0fac  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:01:10.0428 0x0fac  BrSerWdm - ok
20:01:10.0444 0x0fac  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:01:10.0460 0x0fac  BrUsbMdm - ok
20:01:10.0475 0x0fac  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:01:10.0491 0x0fac  BrUsbSer - ok
20:01:10.0506 0x0fac  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:01:10.0522 0x0fac  BTHMODEM - ok
20:01:10.0553 0x0fac  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:01:10.0600 0x0fac  bthserv - ok
20:01:10.0647 0x0fac  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys
20:01:10.0662 0x0fac  ccSet_NIS - ok
20:01:10.0678 0x0fac  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:01:10.0709 0x0fac  cdfs - ok
20:01:10.0725 0x0fac  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:01:10.0740 0x0fac  cdrom - ok
20:01:10.0756 0x0fac  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:01:10.0803 0x0fac  CertPropSvc - ok
20:01:10.0818 0x0fac  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:01:10.0850 0x0fac  circlass - ok
20:01:10.0865 0x0fac  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
20:01:10.0881 0x0fac  CLFS - ok
20:01:10.0928 0x0fac  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:10.0928 0x0fac  clr_optimization_v2.0.50727_32 - ok
20:01:10.0959 0x0fac  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:01:10.0974 0x0fac  clr_optimization_v2.0.50727_64 - ok
20:01:11.0021 0x0fac  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:11.0021 0x0fac  clr_optimization_v4.0.30319_32 - ok
20:01:11.0037 0x0fac  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:01:11.0052 0x0fac  clr_optimization_v4.0.30319_64 - ok
20:01:11.0052 0x0fac  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:01:11.0068 0x0fac  CmBatt - ok
20:01:11.0099 0x0fac  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:01:11.0099 0x0fac  cmdide - ok
20:01:11.0130 0x0fac  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:01:11.0193 0x0fac  CNG - ok
20:01:11.0208 0x0fac  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:01:11.0224 0x0fac  Compbatt - ok
20:01:11.0240 0x0fac  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:01:11.0255 0x0fac  CompositeBus - ok
20:01:11.0255 0x0fac  COMSysApp - ok
20:01:11.0271 0x0fac  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:01:11.0271 0x0fac  crcdisk - ok
20:01:11.0318 0x0fac  [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
20:01:11.0318 0x0fac  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
20:01:11.0380 0x0fac  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:01:11.0380 0x0fac  Force sending object to P2P due to detect: Creative ALchemy AL6 Licensing Service
20:01:11.0380 0x0fac  Object send P2P result: false
20:01:11.0396 0x0fac  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
20:01:11.0411 0x0fac  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
20:01:11.0411 0x0fac  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:01:11.0442 0x0fac  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:01:11.0474 0x0fac  CryptSvc - ok
20:01:11.0536 0x0fac  [ 69CDBA2B9C397E349A04FA70DD9170A2, 7879E58CB221063EF17A8A7677E81B47BFD600C3FC3353378690E4A2131327ED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
20:01:11.0552 0x0fac  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
20:01:11.0552 0x0fac  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
20:01:11.0583 0x0fac  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:01:11.0645 0x0fac  DcomLaunch - ok
20:01:11.0676 0x0fac  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:01:11.0708 0x0fac  defragsvc - ok
20:01:11.0723 0x0fac  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:01:11.0770 0x0fac  DfsC - ok
20:01:11.0786 0x0fac  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:01:11.0817 0x0fac  Dhcp - ok
20:01:11.0879 0x0fac  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
20:01:11.0942 0x0fac  DiagTrack - ok
20:01:11.0957 0x0fac  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:01:12.0004 0x0fac  discache - ok
20:01:12.0020 0x0fac  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:01:12.0035 0x0fac  Disk - ok
20:01:12.0051 0x0fac  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:01:12.0082 0x0fac  Dnscache - ok
20:01:12.0113 0x0fac  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:01:12.0144 0x0fac  dot3svc - ok
20:01:12.0160 0x0fac  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:01:12.0191 0x0fac  DPS - ok
20:01:12.0207 0x0fac  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:01:12.0222 0x0fac  drmkaud - ok
20:01:12.0285 0x0fac  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:01:12.0300 0x0fac  DXGKrnl - ok
20:01:12.0332 0x0fac  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:01:12.0363 0x0fac  EapHost - ok
20:01:12.0472 0x0fac  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:01:12.0566 0x0fac  ebdrv - ok
20:01:12.0612 0x0fac  [ 93EA893A8C2C561648A559E48C723412, 14F9AD8BCF423BC40F7B3D2D7BC0F795CD3C54800C854873BD170ADF2A735B64 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:01:12.0628 0x0fac  eeCtrl - ok
20:01:12.0675 0x0fac  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS             C:\Windows\System32\lsass.exe
20:01:12.0706 0x0fac  EFS - ok
20:01:12.0768 0x0fac  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:01:12.0815 0x0fac  ehRecvr - ok
20:01:12.0846 0x0fac  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:01:12.0862 0x0fac  ehSched - ok
20:01:12.0893 0x0fac  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:01:12.0924 0x0fac  elxstor - ok
20:01:12.0971 0x0fac  [ 8400C9E33B68C556BF63AEF490EB145C, A840DF1A27C935DD427E53C5D2FFFE79E612D0B4074CE26AA992DA62D4925806 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:01:12.0987 0x0fac  EraserUtilRebootDrv - ok
20:01:13.0002 0x0fac  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:01:13.0018 0x0fac  ErrDev - ok
20:01:13.0034 0x0fac  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:01:13.0080 0x0fac  EventSystem - ok
20:01:13.0112 0x0fac  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:01:13.0143 0x0fac  exfat - ok
20:01:13.0158 0x0fac  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:01:13.0190 0x0fac  fastfat - ok
20:01:13.0236 0x0fac  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:01:13.0268 0x0fac  Fax - ok
20:01:13.0299 0x0fac  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:01:13.0314 0x0fac  fdc - ok
20:01:13.0330 0x0fac  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:01:13.0377 0x0fac  fdPHost - ok
20:01:13.0377 0x0fac  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:01:13.0408 0x0fac  FDResPub - ok
20:01:13.0424 0x0fac  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:01:13.0439 0x0fac  FileInfo - ok
20:01:13.0455 0x0fac  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:01:13.0486 0x0fac  Filetrace - ok
20:01:13.0502 0x0fac  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:01:13.0517 0x0fac  flpydisk - ok
20:01:13.0533 0x0fac  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:01:13.0548 0x0fac  FltMgr - ok
20:01:13.0595 0x0fac  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
20:01:13.0673 0x0fac  FontCache - ok
20:01:13.0704 0x0fac  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:01:13.0720 0x0fac  FontCache3.0.0.0 - ok
20:01:13.0720 0x0fac  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:01:13.0736 0x0fac  FsDepends - ok
20:01:13.0751 0x0fac  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:01:13.0767 0x0fac  Fs_Rec - ok
20:01:13.0798 0x0fac  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:01:13.0814 0x0fac  fvevol - ok
20:01:13.0845 0x0fac  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:01:13.0845 0x0fac  gagp30kx - ok
20:01:13.0876 0x0fac  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:01:13.0923 0x0fac  gpsvc - ok
20:01:13.0954 0x0fac  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:01:13.0985 0x0fac  hcw85cir - ok
20:01:14.0016 0x0fac  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:01:14.0032 0x0fac  HdAudAddService - ok
20:01:14.0063 0x0fac  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:01:14.0079 0x0fac  HDAudBus - ok
20:01:14.0094 0x0fac  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:01:14.0110 0x0fac  HidBatt - ok
20:01:14.0110 0x0fac  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:01:14.0126 0x0fac  HidBth - ok
20:01:14.0126 0x0fac  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:01:14.0157 0x0fac  HidIr - ok
20:01:14.0172 0x0fac  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:01:14.0204 0x0fac  hidserv - ok
20:01:14.0219 0x0fac  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:01:14.0235 0x0fac  HidUsb - ok
20:01:14.0266 0x0fac  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:01:14.0297 0x0fac  hkmsvc - ok
20:01:14.0313 0x0fac  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:01:14.0344 0x0fac  HomeGroupListener - ok
20:01:14.0375 0x0fac  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:01:14.0391 0x0fac  HomeGroupProvider - ok
20:01:14.0406 0x0fac  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:01:14.0422 0x0fac  HpSAMD - ok
20:01:14.0469 0x0fac  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:01:14.0516 0x0fac  HTTP - ok
20:01:14.0531 0x0fac  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:01:14.0531 0x0fac  hwpolicy - ok
20:01:14.0562 0x0fac  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:01:14.0578 0x0fac  i8042prt - ok
20:01:14.0609 0x0fac  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:01:14.0625 0x0fac  iaStorV - ok
20:01:14.0687 0x0fac  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:01:14.0734 0x0fac  idsvc - ok
20:01:14.0796 0x0fac  [ 19F52CF90BB4D05B5265773CA7011E4C, BA28BAEE9D64859775C6DF56E407104D1463BD1374CF3F6AA414AB85946ED1F5 ] IDSVia64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150807.001\IDSvia64.sys
20:01:14.0828 0x0fac  IDSVia64 - ok
20:01:14.0859 0x0fac  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:01:14.0859 0x0fac  iirsp - ok
20:01:14.0906 0x0fac  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:01:14.0937 0x0fac  IKEEXT - ok
20:01:14.0952 0x0fac  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:01:14.0968 0x0fac  intelide - ok
20:01:14.0984 0x0fac  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:01:14.0999 0x0fac  intelppm - ok
20:01:15.0030 0x0fac  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:01:15.0062 0x0fac  IPBusEnum - ok
20:01:15.0077 0x0fac  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:01:15.0108 0x0fac  IpFilterDriver - ok
20:01:15.0124 0x0fac  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:01:15.0171 0x0fac  iphlpsvc - ok
20:01:15.0186 0x0fac  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:01:15.0202 0x0fac  IPMIDRV - ok
20:01:15.0218 0x0fac  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:01:15.0249 0x0fac  IPNAT - ok
20:01:15.0264 0x0fac  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:01:15.0280 0x0fac  IRENUM - ok
20:01:15.0296 0x0fac  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:01:15.0311 0x0fac  isapnp - ok
20:01:15.0327 0x0fac  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:01:15.0342 0x0fac  iScsiPrt - ok
20:01:15.0374 0x0fac  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:01:15.0389 0x0fac  kbdclass - ok
20:01:15.0405 0x0fac  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:01:15.0405 0x0fac  kbdhid - ok
20:01:15.0420 0x0fac  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso          C:\Windows\system32\lsass.exe
20:01:15.0436 0x0fac  KeyIso - ok
20:01:15.0452 0x0fac  [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:01:15.0467 0x0fac  KSecDD - ok
20:01:15.0483 0x0fac  [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:01:15.0498 0x0fac  KSecPkg - ok
20:01:15.0514 0x0fac  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:01:15.0545 0x0fac  ksthunk - ok
20:01:15.0576 0x0fac  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:01:15.0623 0x0fac  KtmRm - ok
20:01:15.0686 0x0fac  [ 4891EE13FA79B9D6B856F49AD69281B2, 5A9488BA1798020443400D82BA18D5A3EA766F49C2C78CD417C1DE45F64CD7BA ] L6PODHDBEAN     C:\Windows\system32\Drivers\L6PODHDBEAN64.sys
20:01:15.0717 0x0fac  L6PODHDBEAN - ok
20:01:15.0764 0x0fac  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:01:15.0795 0x0fac  LanmanServer - ok
20:01:15.0810 0x0fac  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:01:15.0857 0x0fac  LanmanWorkstation - ok
20:01:15.0873 0x0fac  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
20:01:15.0888 0x0fac  LGBusEnum - ok
20:01:15.0904 0x0fac  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
20:01:15.0904 0x0fac  LGVirHid - ok
20:01:15.0966 0x0fac  [ ADA0C09E8AEDC17F11D8E1731986A88A, 1B25D7137E89149BB61FF52BE0259F48E374FC4F7114FAF267AF7A19F3B89BD3 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:01:15.0982 0x0fac  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
20:01:15.0982 0x0fac  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:01:15.0998 0x0fac  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:01:16.0044 0x0fac  lltdio - ok
20:01:16.0076 0x0fac  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:01:16.0107 0x0fac  lltdsvc - ok
20:01:16.0122 0x0fac  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:01:16.0154 0x0fac  lmhosts - ok
20:01:16.0169 0x0fac  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:01:16.0185 0x0fac  LSI_FC - ok
20:01:16.0200 0x0fac  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:01:16.0216 0x0fac  LSI_SAS - ok
20:01:16.0216 0x0fac  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:01:16.0232 0x0fac  LSI_SAS2 - ok
20:01:16.0247 0x0fac  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:01:16.0247 0x0fac  LSI_SCSI - ok
20:01:16.0278 0x0fac  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:01:16.0310 0x0fac  luafv - ok
20:01:16.0341 0x0fac  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:01:16.0356 0x0fac  Mcx2Svc - ok
20:01:16.0356 0x0fac  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:01:16.0372 0x0fac  megasas - ok
20:01:16.0403 0x0fac  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:01:16.0434 0x0fac  MegaSR - ok
20:01:16.0450 0x0fac  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:01:16.0481 0x0fac  MMCSS - ok
20:01:16.0497 0x0fac  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:01:16.0528 0x0fac  Modem - ok
20:01:16.0544 0x0fac  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:01:16.0559 0x0fac  monitor - ok
20:01:16.0590 0x0fac  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:01:16.0590 0x0fac  mouclass - ok
20:01:16.0606 0x0fac  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:01:16.0622 0x0fac  mouhid - ok
20:01:16.0653 0x0fac  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:01:16.0653 0x0fac  mountmgr - ok
20:01:16.0700 0x0fac  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:01:16.0715 0x0fac  MozillaMaintenance - ok
20:01:16.0731 0x0fac  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:01:16.0746 0x0fac  mpio - ok
20:01:16.0762 0x0fac  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:01:16.0793 0x0fac  mpsdrv - ok
20:01:16.0824 0x0fac  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:01:16.0887 0x0fac  MpsSvc - ok
20:01:16.0918 0x0fac  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:01:16.0934 0x0fac  MRxDAV - ok
20:01:16.0965 0x0fac  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:01:16.0980 0x0fac  mrxsmb - ok
20:01:17.0012 0x0fac  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:01:17.0027 0x0fac  mrxsmb10 - ok
20:01:17.0043 0x0fac  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:01:17.0074 0x0fac  mrxsmb20 - ok
20:01:17.0090 0x0fac  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:01:17.0105 0x0fac  msahci - ok
20:01:17.0121 0x0fac  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:01:17.0136 0x0fac  msdsm - ok
20:01:17.0152 0x0fac  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:01:17.0168 0x0fac  MSDTC - ok
20:01:17.0183 0x0fac  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:01:17.0214 0x0fac  Msfs - ok
20:01:17.0230 0x0fac  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:01:17.0261 0x0fac  mshidkmdf - ok
20:01:17.0261 0x0fac  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:01:17.0277 0x0fac  msisadrv - ok
20:01:17.0308 0x0fac  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:01:17.0339 0x0fac  MSiSCSI - ok
20:01:17.0355 0x0fac  msiserver - ok
20:01:17.0370 0x0fac  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:01:17.0386 0x0fac  MSKSSRV - ok
20:01:17.0402 0x0fac  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:01:17.0433 0x0fac  MSPCLOCK - ok
20:01:17.0448 0x0fac  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:01:17.0480 0x0fac  MSPQM - ok
20:01:17.0495 0x0fac  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:01:17.0511 0x0fac  MsRPC - ok
20:01:17.0526 0x0fac  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:01:17.0542 0x0fac  mssmbios - ok
20:01:17.0558 0x0fac  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:01:17.0573 0x0fac  MSTEE - ok
20:01:17.0589 0x0fac  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:01:17.0604 0x0fac  MTConfig - ok
20:01:17.0651 0x0fac  [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:01:17.0682 0x0fac  MTsensor - ok
20:01:17.0682 0x0fac  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:01:17.0698 0x0fac  Mup - ok
20:01:17.0729 0x0fac  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:01:17.0760 0x0fac  napagent - ok
20:01:17.0792 0x0fac  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:01:17.0823 0x0fac  NativeWifiP - ok
20:01:17.0901 0x0fac  [ E59AFB64C2F6E0C99350E1C944C75088, 10A9044192D0A83857A57286EABB05037922860483DA2B05AFCC485A8311E4EF ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
20:01:17.0916 0x0fac  NAUpdate - ok
20:01:17.0994 0x0fac  [ 5A4EC58A5F2E63DB2092B343CF1B2834, 33F957565E38A3A2842DDB16D7C969F93A4FB888DB5AFBBF5431A712FADE4E13 ] NAVENG          C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150808.001\ENG64.SYS
20:01:18.0010 0x0fac  NAVENG - ok
20:01:18.0072 0x0fac  [ 526EA496D7F06B3746775046B33027C1, FEC0B860F49C28ED6ED721A09D19239BB1E20CE3A29697B24B2FE604AE0EB808 ] NAVEX15         C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150808.001\EX64.SYS
20:01:18.0135 0x0fac  NAVEX15 - ok
20:01:18.0197 0x0fac  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:01:18.0228 0x0fac  NDIS - ok
20:01:18.0260 0x0fac  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:01:18.0291 0x0fac  NdisCap - ok
20:01:18.0306 0x0fac  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:01:18.0338 0x0fac  NdisTapi - ok
20:01:18.0353 0x0fac  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:01:18.0384 0x0fac  Ndisuio - ok
20:01:18.0400 0x0fac  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:01:18.0431 0x0fac  NdisWan - ok
20:01:18.0447 0x0fac  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:01:18.0478 0x0fac  NDProxy - ok
20:01:18.0478 0x0fac  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:01:18.0525 0x0fac  NetBIOS - ok
20:01:18.0540 0x0fac  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:01:18.0572 0x0fac  NetBT - ok
20:01:18.0587 0x0fac  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon        C:\Windows\system32\lsass.exe
20:01:18.0603 0x0fac  Netlogon - ok
20:01:18.0634 0x0fac  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:01:18.0665 0x0fac  Netman - ok
20:01:18.0681 0x0fac  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:01:18.0712 0x0fac  NetMsmqActivator - ok
20:01:18.0712 0x0fac  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:01:18.0728 0x0fac  NetPipeActivator - ok
20:01:18.0759 0x0fac  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:01:18.0806 0x0fac  netprofm - ok
20:01:18.0806 0x0fac  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:01:18.0821 0x0fac  NetTcpActivator - ok
20:01:18.0821 0x0fac  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:01:18.0837 0x0fac  NetTcpPortSharing - ok
20:01:18.0868 0x0fac  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:01:18.0868 0x0fac  nfrd960 - ok
20:01:18.0930 0x0fac  [ 0B9296AC65C6F3F32E3337490F4BEC67, 149D08436B749003E1B8307C56D46A59983E92DDD1D1348A0FEABD43D34E57BD ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
20:01:18.0946 0x0fac  NIS - ok
20:01:18.0977 0x0fac  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:01:19.0008 0x0fac  NlaSvc - ok
20:01:19.0024 0x0fac  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:01:19.0055 0x0fac  Npfs - ok
20:01:19.0071 0x0fac  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:01:19.0118 0x0fac  nsi - ok
20:01:19.0133 0x0fac  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:01:19.0164 0x0fac  nsiproxy - ok
20:01:19.0242 0x0fac  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:01:19.0289 0x0fac  Ntfs - ok
20:01:19.0305 0x0fac  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:01:19.0336 0x0fac  Null - ok
20:01:19.0352 0x0fac  [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
20:01:19.0367 0x0fac  nusb3hub - ok
20:01:19.0383 0x0fac  [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
20:01:19.0398 0x0fac  nusb3xhc - ok
20:01:19.0461 0x0fac  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
20:01:19.0492 0x0fac  NVENETFD - ok
20:01:19.0508 0x0fac  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:01:19.0523 0x0fac  nvraid - ok
20:01:19.0539 0x0fac  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:01:19.0554 0x0fac  nvstor - ok
20:01:19.0570 0x0fac  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:01:19.0586 0x0fac  nv_agp - ok
20:01:19.0601 0x0fac  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:01:19.0617 0x0fac  ohci1394 - ok
20:01:19.0664 0x0fac  [ 634347ADEBC790B8F07654A3EA8034FD, 1A7E0C145F80E598E96F75CFF3C97B4CD1E2DF492DF89BC398228AECE1F1AA1C ] P17             C:\Windows\system32\drivers\P17.sys
20:01:19.0710 0x0fac  P17 - ok
20:01:19.0757 0x0fac  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:01:19.0788 0x0fac  p2pimsvc - ok
20:01:19.0820 0x0fac  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:01:19.0835 0x0fac  p2psvc - ok
20:01:19.0866 0x0fac  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:01:19.0882 0x0fac  Parport - ok
20:01:19.0898 0x0fac  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:01:19.0913 0x0fac  partmgr - ok
20:01:19.0944 0x0fac  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:01:19.0976 0x0fac  PcaSvc - ok
20:01:19.0991 0x0fac  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:01:20.0007 0x0fac  pci - ok
20:01:20.0022 0x0fac  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:01:20.0038 0x0fac  pciide - ok
20:01:20.0054 0x0fac  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:01:20.0069 0x0fac  pcmcia - ok
20:01:20.0085 0x0fac  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:01:20.0085 0x0fac  pcw - ok
20:01:20.0147 0x0fac  [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
20:01:20.0194 0x0fac  PDF Architect Helper Service - ok
20:01:20.0241 0x0fac  [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
20:01:20.0256 0x0fac  PDF Architect Service - ok
20:01:20.0303 0x0fac  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:01:20.0334 0x0fac  PEAUTH - ok
20:01:20.0412 0x0fac  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:01:20.0412 0x0fac  PerfHost - ok
20:01:20.0475 0x0fac  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:01:20.0537 0x0fac  pla - ok
20:01:20.0600 0x0fac  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:01:20.0646 0x0fac  PlugPlay - ok
20:01:20.0662 0x0fac  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:01:20.0693 0x0fac  PNRPAutoReg - ok
20:01:20.0724 0x0fac  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:01:20.0740 0x0fac  PNRPsvc - ok
20:01:20.0771 0x0fac  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:01:20.0818 0x0fac  PolicyAgent - ok
20:01:20.0834 0x0fac  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:01:20.0880 0x0fac  Power - ok
20:01:20.0912 0x0fac  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:01:20.0943 0x0fac  PptpMiniport - ok
20:01:20.0958 0x0fac  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:01:20.0958 0x0fac  Processor - ok
20:01:21.0005 0x0fac  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:01:21.0036 0x0fac  ProfSvc - ok
20:01:21.0052 0x0fac  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe
20:01:21.0068 0x0fac  ProtectedStorage - ok
20:01:21.0083 0x0fac  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:01:21.0114 0x0fac  Psched - ok
20:01:21.0161 0x0fac  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:01:21.0208 0x0fac  ql2300 - ok
20:01:21.0224 0x0fac  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:01:21.0239 0x0fac  ql40xx - ok
20:01:21.0270 0x0fac  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:01:21.0286 0x0fac  QWAVE - ok
20:01:21.0302 0x0fac  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:01:21.0317 0x0fac  QWAVEdrv - ok
20:01:21.0348 0x0fac  [ 0CAA9F394453F7BBEEE2124017B1B842, 2DC64564FAF8CB00842260368CA9CF58EC0312471603FD18E812DC3971E9A3DD ] RadeonPro Support Service C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
20:01:21.0364 0x0fac  RadeonPro Support Service - detected UnsignedFile.Multi.Generic ( 1 )
20:01:21.0364 0x0fac  RadeonPro Support Service ( UnsignedFile.Multi.Generic ) - warning
20:01:21.0364 0x0fac  Force sending object to P2P due to detect: RadeonPro Support Service
20:01:21.0364 0x0fac  Object send P2P result: false
20:01:21.0380 0x0fac  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:01:21.0411 0x0fac  RasAcd - ok
20:01:21.0426 0x0fac  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:01:21.0458 0x0fac  RasAgileVpn - ok
20:01:21.0473 0x0fac  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:01:21.0504 0x0fac  RasAuto - ok
20:01:21.0520 0x0fac  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:21.0551 0x0fac  Rasl2tp - ok
20:01:21.0582 0x0fac  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:01:21.0629 0x0fac  RasMan - ok
20:01:21.0629 0x0fac  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:21.0660 0x0fac  RasPppoe - ok
20:01:21.0676 0x0fac  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:01:21.0707 0x0fac  RasSstp - ok
20:01:21.0723 0x0fac  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:01:21.0770 0x0fac  rdbss - ok
20:01:21.0785 0x0fac  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:01:21.0801 0x0fac  rdpbus - ok
20:01:21.0832 0x0fac  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:21.0863 0x0fac  RDPCDD - ok
20:01:21.0879 0x0fac  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:01:21.0910 0x0fac  RDPENCDD - ok
20:01:21.0926 0x0fac  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:01:21.0941 0x0fac  RDPREFMP - ok
20:01:22.0004 0x0fac  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:01:22.0035 0x0fac  RdpVideoMiniport - ok
20:01:22.0050 0x0fac  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:01:22.0082 0x0fac  RDPWD - ok
20:01:22.0128 0x0fac  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:01:22.0144 0x0fac  rdyboost - ok
20:01:22.0160 0x0fac  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:01:22.0206 0x0fac  RemoteAccess - ok
20:01:22.0238 0x0fac  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:01:22.0269 0x0fac  RemoteRegistry - ok
20:01:22.0284 0x0fac  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:01:22.0331 0x0fac  RpcEptMapper - ok
20:01:22.0347 0x0fac  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:01:22.0347 0x0fac  RpcLocator - ok
20:01:22.0378 0x0fac  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:01:22.0409 0x0fac  RpcSs - ok
20:01:22.0440 0x0fac  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:01:22.0472 0x0fac  rspndr - ok
20:01:22.0534 0x0fac  [ 6FA271B6816AFFAEF640808FC51AC8AF, 696679114F6A106EC94C21E2A33FE17AF86368BCF9A796AAEA37EA6E8748AD6A ] RTCore64        C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
20:01:22.0550 0x0fac  RTCore64 - ok
20:01:22.0550 0x0fac  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs           C:\Windows\system32\lsass.exe
20:01:22.0565 0x0fac  SamSs - ok
20:01:22.0612 0x0fac  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:01:22.0612 0x0fac  sbp2port - ok
20:01:22.0643 0x0fac  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:01:22.0690 0x0fac  SCardSvr - ok
20:01:22.0690 0x0fac  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:01:22.0737 0x0fac  scfilter - ok
20:01:22.0768 0x0fac  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:01:22.0830 0x0fac  Schedule - ok
20:01:22.0862 0x0fac  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:01:22.0893 0x0fac  SCPolicySvc - ok
20:01:22.0908 0x0fac  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:01:22.0924 0x0fac  SDRSVC - ok
20:01:22.0955 0x0fac  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:01:22.0986 0x0fac  secdrv - ok
20:01:23.0002 0x0fac  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:01:23.0049 0x0fac  seclogon - ok
20:01:23.0064 0x0fac  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:01:23.0096 0x0fac  SENS - ok
20:01:23.0127 0x0fac  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:01:23.0142 0x0fac  SensrSvc - ok
20:01:23.0174 0x0fac  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:01:23.0189 0x0fac  Serenum - ok
20:01:23.0205 0x0fac  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:01:23.0220 0x0fac  Serial - ok
20:01:23.0236 0x0fac  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ]

DT-Maniac · 09.08.2015, 19:35

Code:

ATTFilter

sermouse        C:\Windows\system32\drivers\sermouse.sys
20:01:23.0252 0x0fac  sermouse - ok
20:01:23.0283 0x0fac  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:01:23.0314 0x0fac  SessionEnv - ok
20:01:23.0330 0x0fac  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:01:23.0330 0x0fac  sffdisk - ok
20:01:23.0345 0x0fac  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:01:23.0361 0x0fac  sffp_mmc - ok
20:01:23.0376 0x0fac  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:01:23.0376 0x0fac  sffp_sd - ok
20:01:23.0392 0x0fac  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:01:23.0408 0x0fac  sfloppy - ok
20:01:23.0439 0x0fac  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:01:23.0486 0x0fac  SharedAccess - ok
20:01:23.0501 0x0fac  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:01:23.0548 0x0fac  ShellHWDetection - ok
20:01:23.0579 0x0fac  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:01:23.0579 0x0fac  SiSRaid2 - ok
20:01:23.0610 0x0fac  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:01:23.0626 0x0fac  SiSRaid4 - ok
20:01:23.0642 0x0fac  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:01:23.0673 0x0fac  Smb - ok
20:01:23.0704 0x0fac  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:01:23.0735 0x0fac  SNMPTRAP - ok
20:01:23.0751 0x0fac  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:01:23.0751 0x0fac  spldr - ok
20:01:23.0782 0x0fac  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:01:23.0813 0x0fac  Spooler - ok
20:01:23.0922 0x0fac  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:01:24.0032 0x0fac  sppsvc - ok
20:01:24.0063 0x0fac  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:01:24.0094 0x0fac  sppuinotify - ok
20:01:24.0188 0x0fac  [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS
20:01:24.0219 0x0fac  SRTSP - ok
20:01:24.0219 0x0fac  [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX          C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS
20:01:24.0234 0x0fac  SRTSPX - ok
20:01:24.0266 0x0fac  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:01:24.0297 0x0fac  srv - ok
20:01:24.0328 0x0fac  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:01:24.0344 0x0fac  srv2 - ok
20:01:24.0359 0x0fac  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:01:24.0375 0x0fac  srvnet - ok
20:01:24.0406 0x0fac  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:01:24.0437 0x0fac  SSDPSRV - ok
20:01:24.0453 0x0fac  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:01:24.0484 0x0fac  SstpSvc - ok
20:01:24.0500 0x0fac  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:01:24.0515 0x0fac  stexstor - ok
20:01:24.0593 0x0fac  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:01:24.0624 0x0fac  stisvc - ok
20:01:24.0640 0x0fac  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:01:24.0640 0x0fac  swenum - ok
20:01:24.0671 0x0fac  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:01:24.0702 0x0fac  swprv - ok
20:01:24.0734 0x0fac  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS
20:01:24.0749 0x0fac  SymDS - ok
20:01:24.0796 0x0fac  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS
20:01:24.0827 0x0fac  SymEFA - ok
20:01:24.0874 0x0fac  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:01:24.0874 0x0fac  SymEvent - ok
20:01:24.0905 0x0fac  [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON         C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS
20:01:24.0921 0x0fac  SymIRON - ok
20:01:24.0968 0x0fac  [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS         C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS
20:01:24.0983 0x0fac  SymNetS - ok
20:01:25.0046 0x0fac  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:01:25.0108 0x0fac  SysMain - ok
20:01:25.0124 0x0fac  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:01:25.0139 0x0fac  TabletInputService - ok
20:01:25.0170 0x0fac  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:01:25.0202 0x0fac  TapiSrv - ok
20:01:25.0217 0x0fac  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:01:25.0248 0x0fac  TBS - ok
20:01:25.0326 0x0fac  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:01:25.0373 0x0fac  Tcpip - ok
20:01:25.0420 0x0fac  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:01:25.0467 0x0fac  TCPIP6 - ok
20:01:25.0498 0x0fac  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:01:25.0514 0x0fac  tcpipreg - ok
20:01:25.0576 0x0fac  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:01:25.0592 0x0fac  TDPIPE - ok
20:01:25.0623 0x0fac  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:01:25.0623 0x0fac  TDTCP - ok
20:01:25.0685 0x0fac  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:01:25.0701 0x0fac  tdx - ok
20:01:25.0716 0x0fac  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:01:25.0732 0x0fac  TermDD - ok
20:01:25.0779 0x0fac  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:01:25.0826 0x0fac  TermService - ok
20:01:25.0841 0x0fac  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:01:25.0872 0x0fac  Themes - ok
20:01:25.0888 0x0fac  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:01:25.0919 0x0fac  THREADORDER - ok
20:01:25.0919 0x0fac  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:01:25.0966 0x0fac  TrkWks - ok
20:01:26.0013 0x0fac  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:01:26.0060 0x0fac  TrustedInstaller - ok
20:01:26.0075 0x0fac  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:26.0091 0x0fac  tssecsrv - ok
20:01:26.0122 0x0fac  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:01:26.0169 0x0fac  TsUsbFlt - ok
20:01:26.0184 0x0fac  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:01:26.0216 0x0fac  TsUsbGD - ok
20:01:26.0231 0x0fac  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:01:26.0262 0x0fac  tunnel - ok
20:01:26.0278 0x0fac  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:01:26.0294 0x0fac  uagp35 - ok
20:01:26.0309 0x0fac  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:01:26.0356 0x0fac  udfs - ok
20:01:26.0387 0x0fac  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:01:26.0403 0x0fac  UI0Detect - ok
20:01:26.0418 0x0fac  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:01:26.0434 0x0fac  uliagpkx - ok
20:01:26.0450 0x0fac  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:01:26.0481 0x0fac  umbus - ok
20:01:26.0496 0x0fac  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:01:26.0496 0x0fac  UmPass - ok
20:01:26.0528 0x0fac  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:01:26.0559 0x0fac  upnphost - ok
20:01:26.0606 0x0fac  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:01:26.0637 0x0fac  usbaudio - ok
20:01:26.0668 0x0fac  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:26.0684 0x0fac  usbccgp - ok
20:01:26.0715 0x0fac  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:01:26.0730 0x0fac  usbcir - ok
20:01:26.0746 0x0fac  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:01:26.0762 0x0fac  usbehci - ok
20:01:26.0777 0x0fac  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:01:26.0808 0x0fac  usbhub - ok
20:01:26.0824 0x0fac  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:01:26.0840 0x0fac  usbohci - ok
20:01:26.0855 0x0fac  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:01:26.0871 0x0fac  usbprint - ok
20:01:26.0902 0x0fac  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:01:26.0918 0x0fac  usbscan - ok
20:01:26.0933 0x0fac  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:26.0964 0x0fac  USBSTOR - ok
20:01:26.0980 0x0fac  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:01:26.0996 0x0fac  usbuhci - ok
20:01:27.0011 0x0fac  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:01:27.0042 0x0fac  UxSms - ok
20:01:27.0058 0x0fac  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc        C:\Windows\system32\lsass.exe
20:01:27.0058 0x0fac  VaultSvc - ok
20:01:27.0089 0x0fac  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:01:27.0089 0x0fac  vdrvroot - ok
20:01:27.0120 0x0fac  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:01:27.0167 0x0fac  vds - ok
20:01:27.0198 0x0fac  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:27.0214 0x0fac  vga - ok
20:01:27.0230 0x0fac  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:01:27.0245 0x0fac  VgaSave - ok
20:01:27.0261 0x0fac  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:01:27.0276 0x0fac  vhdmp - ok
20:01:27.0308 0x0fac  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:01:27.0308 0x0fac  viaide - ok
20:01:27.0323 0x0fac  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:01:27.0339 0x0fac  volmgr - ok
20:01:27.0354 0x0fac  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:01:27.0370 0x0fac  volmgrx - ok
20:01:27.0386 0x0fac  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:01:27.0401 0x0fac  volsnap - ok
20:01:27.0432 0x0fac  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:01:27.0448 0x0fac  vsmraid - ok
20:01:27.0510 0x0fac  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:01:27.0573 0x0fac  VSS - ok
20:01:27.0588 0x0fac  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:01:27.0620 0x0fac  vwifibus - ok
20:01:27.0635 0x0fac  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:01:27.0682 0x0fac  W32Time - ok
20:01:27.0698 0x0fac  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:01:27.0713 0x0fac  WacomPen - ok
20:01:27.0744 0x0fac  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:01:27.0776 0x0fac  WANARP - ok
20:01:27.0776 0x0fac  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:01:27.0807 0x0fac  Wanarpv6 - ok
20:01:27.0869 0x0fac  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:01:27.0932 0x0fac  wbengine - ok
20:01:27.0963 0x0fac  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:01:27.0994 0x0fac  WbioSrvc - ok
20:01:28.0010 0x0fac  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:01:28.0041 0x0fac  wcncsvc - ok
20:01:28.0041 0x0fac  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:01:28.0056 0x0fac  WcsPlugInService - ok
20:01:28.0088 0x0fac  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:01:28.0103 0x0fac  Wd - ok
20:01:28.0134 0x0fac  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:01:28.0166 0x0fac  Wdf01000 - ok
20:01:28.0181 0x0fac  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:01:28.0212 0x0fac  WdiServiceHost - ok
20:01:28.0212 0x0fac  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:01:28.0228 0x0fac  WdiSystemHost - ok
20:01:28.0259 0x0fac  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:01:28.0290 0x0fac  WebClient - ok
20:01:28.0337 0x0fac  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:01:28.0368 0x0fac  Wecsvc - ok
20:01:28.0384 0x0fac  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:01:28.0431 0x0fac  wercplsupport - ok
20:01:28.0446 0x0fac  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:01:28.0478 0x0fac  WerSvc - ok
20:01:28.0493 0x0fac  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:01:28.0524 0x0fac  WfpLwf - ok
20:01:28.0571 0x0fac  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:01:28.0587 0x0fac  WIMMount - ok
20:01:28.0602 0x0fac  WinDefend - ok
20:01:28.0618 0x0fac  WinHttpAutoProxySvc - ok
20:01:28.0649 0x0fac  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:01:28.0696 0x0fac  Winmgmt - ok
20:01:28.0758 0x0fac  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:01:28.0852 0x0fac  WinRM - ok
20:01:28.0899 0x0fac  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
20:01:28.0914 0x0fac  WinUsb - ok
20:01:28.0961 0x0fac  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:01:29.0008 0x0fac  Wlansvc - ok
20:01:29.0148 0x0fac  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:01:29.0195 0x0fac  wlidsvc - ok
20:01:29.0226 0x0fac  [ E7F4937B613B1E4294100C9D4EFC36A9, E8C7EE623E5BEA179F0FC01AB90C129BD7F930A2ACC48D68D88534108BE0AF43 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
20:01:29.0226 0x0fac  WmBEnum - ok
20:01:29.0258 0x0fac  [ 6F6F2B263002B243D3501C7E6C8FC11D, EBC1C9936D35D9FD68E1A17A399759ACFB8B8BF57C179F8926D60CD11CEB8106 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
20:01:29.0273 0x0fac  WmFilter - ok
20:01:29.0273 0x0fac  [ 1584F8D5FDFE44C03DBA85A2106B937F, AABF84DD39E9F5547DD9721B37364EFB7FAB8EA14FA23688929ED649266FA86C ] WmHidLo         C:\Windows\system32\drivers\WmHidLo.sys
20:01:29.0289 0x0fac  WmHidLo - ok
20:01:29.0304 0x0fac  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:01:29.0320 0x0fac  WmiAcpi - ok
20:01:29.0336 0x0fac  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:01:29.0351 0x0fac  wmiApSrv - ok
20:01:29.0382 0x0fac  WMPNetworkSvc - ok
20:01:29.0398 0x0fac  [ 52B4FCC6AFAEC0FFD80BDA63F9B140CD, 5C1BF49D78EFF9E642694255A08E951E7D25B27792CA9E4C06BD619986B55588 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
20:01:29.0414 0x0fac  WmVirHid - ok
20:01:29.0429 0x0fac  [ 395B3E7FBA81BDC4501641B3B2CF2E20, 8DED5B304111F6A21C1C2AFC50228B2A0BB0C20D737EE6F7E955C8CCF36FD702 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
20:01:29.0445 0x0fac  WmXlCore - ok
20:01:29.0460 0x0fac  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:01:29.0476 0x0fac  WPCSvc - ok
20:01:29.0492 0x0fac  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:01:29.0507 0x0fac  WPDBusEnum - ok
20:01:29.0538 0x0fac  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:01:29.0570 0x0fac  ws2ifsl - ok
20:01:29.0585 0x0fac  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:01:29.0601 0x0fac  wscsvc - ok
20:01:29.0616 0x0fac  WSearch - ok
20:01:29.0710 0x0fac  [ 14882A15F5CE7B8EADC8E7F54FD5B53B, 75CE9845C6EE66B070EA3D11F5B49935B9D0A607DCC93D3105130F3987E39443 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:01:29.0804 0x0fac  wuauserv - ok
20:01:29.0819 0x0fac  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:01:29.0850 0x0fac  WudfPf - ok
20:01:29.0882 0x0fac  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
20:01:29.0897 0x0fac  WUDFRd - ok
20:01:29.0913 0x0fac  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:01:29.0913 0x0fac  wudfsvc - ok
20:01:29.0944 0x0fac  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:01:29.0975 0x0fac  WwanSvc - ok
20:01:29.0991 0x0fac  ================ Scan global ===============================
20:01:30.0006 0x0fac  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:01:30.0038 0x0fac  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
20:01:30.0053 0x0fac  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
20:01:30.0084 0x0fac  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:01:30.0100 0x0fac  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
20:01:30.0116 0x0fac  [ Global ] - ok
20:01:30.0116 0x0fac  ================ Scan MBR ==================================
20:01:30.0131 0x0fac  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:01:30.0365 0x0fac  \Device\Harddisk0\DR0 - ok
20:01:30.0365 0x0fac  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
20:01:30.0615 0x0fac  \Device\Harddisk1\DR1 - ok
20:01:30.0615 0x0fac  ================ Scan VBR ==================================
20:01:30.0615 0x0fac  [ E37234AFCD8C9A734E3AB252F6A930B3 ] \Device\Harddisk0\DR0\Partition1
20:01:30.0615 0x0fac  \Device\Harddisk0\DR0\Partition1 - ok
20:01:30.0630 0x0fac  [ 8C3E3A6662ACC98C3D031DAA369495BF ] \Device\Harddisk0\DR0\Partition2
20:01:30.0630 0x0fac  \Device\Harddisk0\DR0\Partition2 - ok
20:01:30.0630 0x0fac  [ 1C217497A5DCD0AFF6726F01B6790394 ] \Device\Harddisk0\DR0\Partition3
20:01:30.0630 0x0fac  \Device\Harddisk0\DR0\Partition3 - ok
20:01:30.0630 0x0fac  [ 3F3F6EA88443D53BEBFCC23D63EBDE36 ] \Device\Harddisk1\DR1\Partition1
20:01:30.0630 0x0fac  \Device\Harddisk1\DR1\Partition1 - ok
20:01:30.0630 0x0fac  ================ Scan generic autorun ======================
20:01:30.0677 0x0fac  [ FFF4ACD342AE202E9E5D9D51BC7FF0E1, 87ABDE33047DB65E619CD2392890C90A3F6C06C4D2A9CBC2824C27287D772C2C ] C:\Program Files\Logitech\Gaming Software\LWEMon.exe
20:01:30.0693 0x0fac  Start WingMan Profiler - ok
20:01:31.0052 0x0fac  [ 19ECAAEA3CC248489FE987C10B688C0D, 967CB23A8176B3181EE2A55DFBB04A69988AB22105D4C450C5B5E729B91FAD5A ] C:\Program Files\Logitech Gaming Software\LCore.exe
20:01:31.0301 0x0fac  Launch LCore - ok
20:01:31.0379 0x0fac  [ DE91AA01B01FF8F5837C46EF0B51B57F, C896865F9C0613286C01AA3183D37B25C324D64963A2B1EE0CFA91100822D086 ] C:\Program Files\Greenshot\Greenshot.exe
20:01:31.0395 0x0fac  Greenshot - detected UnsignedFile.Multi.Generic ( 1 )
20:01:31.0395 0x0fac  Greenshot ( UnsignedFile.Multi.Generic ) - warning
20:01:31.0442 0x0fac  [ ED191C327A6695B35F614BD420E9EB5D, 7F4CC0EFA3F624C966E8AD78C1AC049C2CAB99D6C667D15F89A54AFC8CF0D4AA ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
20:01:31.0457 0x0fac  VolPanel - detected UnsignedFile.Multi.Generic ( 1 )
20:01:31.0457 0x0fac  VolPanel ( UnsignedFile.Multi.Generic ) - warning
20:01:31.0473 0x0fac  P17RunE - ok
20:01:31.0551 0x0fac  [ 16598A9758F386F82D2C447C70C95D10, 0A698135EFC195C359702AA76897B9C67712FDE0A54B51587134B65510B154ED ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:01:31.0582 0x0fac  StartCCC - ok
20:01:31.0613 0x0fac  [ 2B282A4050FE3B4B70EF9E3070BBFF78, 019B667781F5CE411AEB569EAA4095FA2B9942E43A6A1DFC6EEBB2DA214131FE ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
20:01:31.0644 0x0fac  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
20:01:31.0644 0x0fac  FreePDF Assistant ( UnsignedFile.Multi.Generic ) - warning
20:01:31.0644 0x0fac  Force sending object to P2P due to detect: C:\Program Files (x86)\FreePDF_XP\fpassist.exe
20:01:31.0644 0x0fac  Object send P2P result: false
20:01:31.0707 0x0fac  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:01:31.0769 0x0fac  Sidebar - ok
20:01:31.0785 0x0fac  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:01:31.0816 0x0fac  mctadmin - ok
20:01:31.0832 0x0fac  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:01:31.0863 0x0fac  Sidebar - ok
20:01:31.0878 0x0fac  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:01:31.0894 0x0fac  mctadmin - ok
20:01:32.0019 0x0fac  [ 4AEE8446E8A922EC25C9300A766AC38A, C7E8A5A49811C0D1164043C490C9C4EDD554E348C88851ABDF5B13E27A86C8DB ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
20:01:32.0097 0x0fac  LightScribe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
20:01:32.0097 0x0fac  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - warning
20:01:32.0159 0x0fac  [ 4AEE8446E8A922EC25C9300A766AC38A, C7E8A5A49811C0D1164043C490C9C4EDD554E348C88851ABDF5B13E27A86C8DB ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
20:01:32.0222 0x0fac  LightScribe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
20:01:32.0222 0x0fac  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - warning
20:01:32.0222 0x0fac  Force sending object to P2P due to detect: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
20:01:32.0237 0x0fac  Object send P2P result: false
20:01:32.0237 0x0fac  AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe ( 22.3.0.0 ), 0x51000 ( enabled : updated )
20:01:32.0237 0x0fac  FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe ( 22.3.0.0 ), 0x51010 ( enabled )
20:01:32.0237 0x0fac  ============================================================
20:01:32.0237 0x0fac  Scan finished
20:01:32.0237 0x0fac  ============================================================
20:01:32.0253 0x0b7c  Detected object count: 10
20:01:32.0253 0x0b7c  Actual detected object count: 10
20:02:52.0546 0x0b7c  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:52.0546 0x0b7c  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:52.0546 0x0b7c  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:52.0546 0x0b7c  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:52.0546 0x0b7c  RadeonPro Support Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  RadeonPro Support Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:52.0546 0x0b7c  Greenshot ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  Greenshot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:52.0546 0x0b7c  VolPanel ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  VolPanel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:52.0546 0x0b7c  FreePDF Assistant ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  FreePDF Assistant ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:52.0546 0x0b7c  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:52.0546 0x0b7c  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:52.0546 0x0b7c  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:13.0222 0x0c74  ============================================================
20:07:13.0222 0x0c74  Scan started
20:07:13.0222 0x0c74  Mode: Manual; SigCheck; TDLFS; 
20:07:13.0222 0x0c74  ============================================================
20:07:13.0222 0x0c74  KSN ping started
20:07:13.0238 0x0c74  KSN ping finished: false
20:07:13.0643 0x0c74  ================ Scan system memory ========================
20:07:13.0643 0x0c74  System memory - ok
20:07:13.0643 0x0c74  ================ Scan services =============================
20:07:13.0752 0x0c74  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:07:13.0768 0x0c74  1394ohci - ok
20:07:13.0784 0x0c74  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:07:13.0799 0x0c74  ACPI - ok
20:07:13.0815 0x0c74  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:07:13.0830 0x0c74  AcpiPmi - ok
20:07:13.0893 0x0c74  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:07:13.0908 0x0c74  AdobeFlashPlayerUpdateSvc - ok
20:07:13.0940 0x0c74  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:07:13.0955 0x0c74  adp94xx - ok
20:07:13.0971 0x0c74  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:07:13.0986 0x0c74  adpahci - ok
20:07:14.0002 0x0c74  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:07:14.0018 0x0c74  adpu320 - ok
20:07:14.0033 0x0c74  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:07:14.0049 0x0c74  AeLookupSvc - ok
20:07:14.0096 0x0c74  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:07:14.0111 0x0c74  AFD - ok
20:07:14.0142 0x0c74  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:07:14.0142 0x0c74  agp440 - ok
20:07:14.0174 0x0c74  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:07:14.0189 0x0c74  ALG - ok
20:07:14.0205 0x0c74  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:07:14.0220 0x0c74  aliide - ok
20:07:14.0236 0x0c74  [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:07:14.0252 0x0c74  AMD External Events Utility - ok
20:07:14.0267 0x0c74  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:07:14.0283 0x0c74  amdide - ok
20:07:14.0298 0x0c74  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:07:14.0298 0x0c74  AmdK8 - ok
20:07:14.0673 0x0c74  [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:07:14.0954 0x0c74  amdkmdag - ok
20:07:15.0016 0x0c74  [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:07:15.0047 0x0c74  amdkmdap - ok
20:07:15.0047 0x0c74  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:07:15.0063 0x0c74  AmdPPM - ok
20:07:15.0094 0x0c74  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:07:15.0094 0x0c74  amdsata - ok
20:07:15.0125 0x0c74  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:07:15.0141 0x0c74  amdsbs - ok
20:07:15.0156 0x0c74  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:07:15.0156 0x0c74  amdxata - ok
20:07:15.0188 0x0c74  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
20:07:15.0188 0x0c74  AppID - ok
20:07:15.0203 0x0c74  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:07:15.0219 0x0c74  AppIDSvc - ok
20:07:15.0250 0x0c74  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:07:15.0250 0x0c74  Appinfo - ok
20:07:15.0266 0x0c74  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:07:15.0281 0x0c74  arc - ok
20:07:15.0297 0x0c74  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:07:15.0312 0x0c74  arcsas - ok
20:07:15.0375 0x0c74  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:07:15.0390 0x0c74  aspnet_state - ok
20:07:15.0406 0x0c74  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:07:15.0437 0x0c74  AsyncMac - ok
20:07:15.0453 0x0c74  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:07:15.0468 0x0c74  atapi - ok
20:07:15.0484 0x0c74  [ 770A3B0D78232B0C1054495392A1FBA3, 733BB08BAFE42E848F3A3CDFD80A2C37DB829CAD2E18B3D6299FDEE6EF30C9CD ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:07:15.0500 0x0c74  AtiHDAudioService - ok
20:07:15.0531 0x0c74  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:07:15.0562 0x0c74  AudioEndpointBuilder - ok
20:07:15.0578 0x0c74  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:07:15.0593 0x0c74  AudioSrv - ok
20:07:15.0624 0x0c74  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:07:15.0640 0x0c74  AxInstSV - ok
20:07:15.0656 0x0c74  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:07:15.0687 0x0c74  b06bdrv - ok
20:07:15.0702 0x0c74  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:07:15.0718 0x0c74  b57nd60a - ok
20:07:15.0734 0x0c74  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:07:15.0749 0x0c74  BDESVC - ok
20:07:15.0765 0x0c74  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:07:15.0796 0x0c74  Beep - ok
20:07:15.0827 0x0c74  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:07:15.0843 0x0c74  BFE - ok
20:07:15.0983 0x0c74  [ FB0FAB0E2140FE8E17BAE727C15DBFBB, 227B7472ACE6C583AD67433080BCF57BFDC88F43BF8A56DA78BEB9D618572CA8 ] BHDrvx64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx64.sys
20:07:16.0030 0x0c74  BHDrvx64 - ok
20:07:16.0077 0x0c74  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:07:16.0108 0x0c74  BITS - ok
20:07:16.0124 0x0c74  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:07:16.0139 0x0c74  blbdrive - ok
20:07:16.0186 0x0c74  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:07:16.0202 0x0c74  Bonjour Service - ok
20:07:16.0233 0x0c74  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:07:16.0248 0x0c74  bowser - ok
20:07:16.0264 0x0c74  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:07:16.0280 0x0c74  BrFiltLo - ok
20:07:16.0280 0x0c74  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:07:16.0295 0x0c74  BrFiltUp - ok
20:07:16.0326 0x0c74  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:07:16.0326 0x0c74  Browser - ok
20:07:16.0358 0x0c74  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:07:16.0373 0x0c74  Brserid - ok
20:07:16.0389 0x0c74  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:07:16.0404 0x0c74  BrSerWdm - ok
20:07:16.0420 0x0c74  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:07:16.0420 0x0c74  BrUsbMdm - ok
20:07:16.0436 0x0c74  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:07:16.0451 0x0c74  BrUsbSer - ok
20:07:16.0467 0x0c74  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:07:16.0482 0x0c74  BTHMODEM - ok
20:07:16.0498 0x0c74  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:07:16.0529 0x0c74  bthserv - ok
20:07:16.0592 0x0c74  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys
20:07:16.0607 0x0c74  ccSet_NIS - ok
20:07:16.0623 0x0c74  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:07:16.0654 0x0c74  cdfs - ok
20:07:16.0670 0x0c74  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:07:16.0685 0x0c74  cdrom - ok
20:07:16.0701 0x0c74  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:07:16.0716 0x0c74  CertPropSvc - ok
20:07:16.0732 0x0c74  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:07:16.0748 0x0c74  circlass - ok
20:07:16.0779 0x0c74  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
20:07:16.0794 0x0c74  CLFS - ok
20:07:16.0841 0x0c74  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:07:16.0857 0x0c74  clr_optimization_v2.0.50727_32 - ok
20:07:16.0888 0x0c74  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:07:16.0904 0x0c74  clr_optimization_v2.0.50727_64 - ok
20:07:16.0935 0x0c74  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:07:16.0950 0x0c74  clr_optimization_v4.0.30319_32 - ok
20:07:16.0966 0x0c74  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:07:16.0982 0x0c74  clr_optimization_v4.0.30319_64 - ok
20:07:16.0997 0x0c74  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:07:16.0997 0x0c74  CmBatt - ok
20:07:17.0028 0x0c74  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:07:17.0028 0x0c74  cmdide - ok
20:07:17.0060 0x0c74  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:07:17.0091 0x0c74  CNG - ok
20:07:17.0106 0x0c74  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:07:17.0122 0x0c74  Compbatt - ok
20:07:17.0122 0x0c74  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:07:17.0138 0x0c74  CompositeBus - ok
20:07:17.0138 0x0c74  COMSysApp - ok
20:07:17.0153 0x0c74  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:07:17.0169 0x0c74  crcdisk - ok
20:07:17.0200 0x0c74  [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
20:07:17.0200 0x0c74  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
20:07:17.0200 0x0c74  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:07:17.0200 0x0c74  Force sending object to P2P due to detect: Creative ALchemy AL6 Licensing Service
20:07:17.0200 0x0c74  Object send P2P result: false
20:07:17.0231 0x0c74  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
20:07:17.0231 0x0c74  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
20:07:17.0231 0x0c74  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:07:17.0231 0x0c74  Force sending object to P2P due to detect: Creative Audio Engine Licensing Service
20:07:17.0231 0x0c74  Object send P2P result: false
20:07:17.0262 0x0c74  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:07:17.0278 0x0c74  CryptSvc - ok
20:07:17.0325 0x0c74  [ 69CDBA2B9C397E349A04FA70DD9170A2, 7879E58CB221063EF17A8A7677E81B47BFD600C3FC3353378690E4A2131327ED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
20:07:17.0340 0x0c74  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
20:07:17.0340 0x0c74  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
20:07:17.0372 0x0c74  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:07:17.0403 0x0c74  DcomLaunch - ok
20:07:17.0434 0x0c74  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:07:17.0465 0x0c74  defragsvc - ok
20:07:17.0496 0x0c74  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:07:17.0512 0x0c74  DfsC - ok
20:07:17.0543 0x0c74  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:07:17.0559 0x0c74  Dhcp - ok
20:07:17.0621 0x0c74  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
20:07:17.0652 0x0c74  DiagTrack - ok
20:07:17.0652 0x0c74  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:07:17.0684 0x0c74  discache - ok
20:07:17.0699 0x0c74  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:07:17.0699 0x0c74  Disk - ok
20:07:17.0730 0x0c74  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:07:17.0746 0x0c74  Dnscache - ok
20:07:17.0762 0x0c74  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:07:17.0793 0x0c74  dot3svc - ok
20:07:17.0808 0x0c74  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:07:17.0840 0x0c74  DPS - ok
20:07:17.0855 0x0c74  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:07:17.0871 0x0c74  drmkaud - ok
20:07:17.0902 0x0c74  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:07:17.0933 0x0c74  DXGKrnl - ok
20:07:17.0964 0x0c74  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:07:17.0996 0x0c74  EapHost - ok
20:07:18.0105 0x0c74  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:07:18.0183 0x0c74  ebdrv - ok
20:07:18.0230 0x0c74  [ 93EA893A8C2C561648A559E48C723412, 14F9AD8BCF423BC40F7B3D2D7BC0F795CD3C54800C854873BD170ADF2A735B64 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:07:18.0245 0x0c74  eeCtrl - ok
20:07:18.0292 0x0c74  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS             C:\Windows\System32\lsass.exe
20:07:18.0292 0x0c74  EFS - ok
20:07:18.0370 0x0c74  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:07:18.0386 0x0c74  ehRecvr - ok
20:07:18.0401 0x0c74  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:07:18.0417 0x0c74  ehSched - ok
20:07:18.0448 0x0c74  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:07:18.0464 0x0c74  elxstor - ok
20:07:18.0495 0x0c74  [ 8400C9E33B68C556BF63AEF490EB145C, A840DF1A27C935DD427E53C5D2FFFE79E612D0B4074CE26AA992DA62D4925806 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:07:18.0510 0x0c74  EraserUtilRebootDrv - ok
20:07:18.0526 0x0c74  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:07:18.0542 0x0c74  ErrDev - ok
20:07:18.0573 0x0c74  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:07:18.0604 0x0c74  EventSystem - ok
20:07:18.0620 0x0c74  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:07:18.0651 0x0c74  exfat - ok
20:07:18.0666 0x0c74  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:07:18.0698 0x0c74  fastfat - ok
20:07:18.0729 0x0c74  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:07:18.0760 0x0c74  Fax - ok
20:07:18.0760 0x0c74  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:07:18.0776 0x0c74  fdc - ok
20:07:18.0776 0x0c74  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:07:18.0807 0x0c74  fdPHost - ok
20:07:18.0822 0x0c74  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:07:18.0838 0x0c74  FDResPub - ok
20:07:18.0854 0x0c74  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:07:18.0869 0x0c74  FileInfo - ok
20:07:18.0885 0x0c74  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:07:18.0916 0x0c74  Filetrace - ok
20:07:18.0932 0x0c74  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:07:18.0932 0x0c74  flpydisk - ok
20:07:18.0963 0x0c74  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:07:18.0963 0x0c74  FltMgr - ok
20:07:19.0025 0x0c74  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
20:07:19.0056 0x0c74  FontCache - ok
20:07:19.0088 0x0c74  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:07:19.0103 0x0c74  FontCache3.0.0.0 - ok
20:07:19.0103 0x0c74  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:07:19.0119 0x0c74  FsDepends - ok
20:07:19.0134 0x0c74  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:07:19.0150 0x0c74  Fs_Rec - ok
20:07:19.0181 0x0c74  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:07:19.0197 0x0c74  fvevol - ok
20:07:19.0212 0x0c74  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:07:19.0228 0x0c74  gagp30kx - ok
20:07:19.0259 0x0c74  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:07:19.0306 0x0c74  gpsvc - ok
20:07:19.0322 0x0c74  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:07:19.0322 0x0c74  hcw85cir - ok
20:07:19.0353 0x0c74  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:07:19.0368 0x0c74  HdAudAddService - ok
20:07:19.0384 0x0c74  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:07:19.0400 0x0c74  HDAudBus - ok
20:07:19.0415 0x0c74  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:07:19.0431 0x0c74  HidBatt - ok
20:07:19.0431 0x0c74  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:07:19.0446 0x0c74  HidBth - ok
20:07:19.0446 0x0c74  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:07:19.0462 0x0c74  HidIr - ok
20:07:19.0478 0x0c74  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:07:19.0509 0x0c74  hidserv - ok
20:07:19.0524 0x0c74  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:07:19.0540 0x0c74  HidUsb - ok
20:07:19.0571 0x0c74  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:07:19.0587 0x0c74  hkmsvc - ok
20:07:19.0618 0x0c74  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:07:19.0634 0x0c74  HomeGroupListener - ok
20:07:19.0665 0x0c74  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:07:19.0665 0x0c74  HomeGroupProvider - ok
20:07:19.0696 0x0c74  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:07:19.0712 0x0c74  HpSAMD - ok
20:07:19.0743 0x0c74  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:07:19.0774 0x0c74  HTTP - ok
20:07:19.0774 0x0c74  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:07:19.0790 0x0c74  hwpolicy - ok
20:07:19.0805 0x0c74  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:07:19.0821 0x0c74  i8042prt - ok
20:07:19.0852 0x0c74  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:07:19.0868 0x0c74  iaStorV - ok
20:07:19.0930 0x0c74  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:07:19.0946 0x0c74  idsvc - ok
20:07:20.0024 0x0c74  [ 19F52CF90BB4D05B5265773CA7011E4C, BA28BAEE9D64859775C6DF56E407104D1463BD1374CF3F6AA414AB85946ED1F5 ] IDSVia64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150807.001\IDSvia64.sys
20:07:20.0039 0x0c74  IDSVia64 - ok
20:07:20.0070 0x0c74  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:07:20.0086 0x0c74  iirsp - ok
20:07:20.0133 0x0c74  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:07:20.0148 0x0c74  IKEEXT - ok
20:07:20.0164 0x0c74  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:07:20.0180 0x0c74  intelide - ok
20:07:20.0195 0x0c74  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:07:20.0195 0x0c74  intelppm - ok
20:07:20.0211 0x0c74  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:07:20.0242 0x0c74  IPBusEnum - ok
20:07:20.0258 0x0c74  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:07:20.0289 0x0c74  IpFilterDriver - ok
20:07:20.0320 0x0c74  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:07:20.0336 0x0c74  iphlpsvc - ok
20:07:20.0351 0x0c74  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:07:20.0367 0x0c74  IPMIDRV - ok
20:07:20.0382 0x0c74  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:07:20.0398 0x0c74  IPNAT - ok
20:07:20.0414 0x0c74  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:07:20.0429 0x0c74  IRENUM - ok
20:07:20.0460 0x0c74  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:07:20.0476 0x0c74  isapnp - ok
20:07:20.0538 0x0c74  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:07:20.0554 0x0c74  iScsiPrt - ok
20:07:20.0570 0x0c74  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:07:20.0570 0x0c74  kbdclass - ok
20:07:20.0601 0x0c74  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:07:20.0616 0x0c74  kbdhid - ok
20:07:20.0632 0x0c74  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso          C:\Windows\system32\lsass.exe
20:07:20.0648 0x0c74  KeyIso - ok
20:07:20.0694 0x0c74  [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:07:20.0710 0x0c74  KSecDD - ok
20:07:20.0741 0x0c74  [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:07:20.0741 0x0c74  KSecPkg - ok
20:07:20.0757 0x0c74  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:07:20.0788 0x0c74  ksthunk - ok
20:07:20.0819 0x0c74  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:07:20.0850 0x0c74  KtmRm - ok
20:07:20.0897 0x0c74  [ 4891EE13FA79B9D6B856F49AD69281B2, 5A9488BA1798020443400D82BA18D5A3EA766F49C2C78CD417C1DE45F64CD7BA ] L6PODHDBEAN     C:\Windows\system32\Drivers\L6PODHDBEAN64.sys
20:07:20.0913 0x0c74  L6PODHDBEAN - ok
20:07:20.0960 0x0c74  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:07:20.0991 0x0c74  LanmanServer - ok
20:07:21.0006 0x0c74  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:07:21.0038 0x0c74  LanmanWorkstation - ok
20:07:21.0069 0x0c74  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
20:07:21.0084 0x0c74  LGBusEnum - ok
20:07:21.0100 0x0c74  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
20:07:21.0100 0x0c74  LGVirHid - ok
20:07:21.0147 0x0c74  [ ADA0C09E8AEDC17F11D8E1731986A88A, 1B25D7137E89149BB61FF52BE0259F48E374FC4F7114FAF267AF7A19F3B89BD3 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:07:21.0147 0x0c74  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
20:07:21.0147 0x0c74  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:07:21.0162 0x0c74  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:07:21.0178 0x0c74  lltdio - ok
20:07:21.0209 0x0c74  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:07:21.0240 0x0c74  lltdsvc - ok
20:07:21.0256 0x0c74  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:07:21.0287 0x0c74  lmhosts - ok
20:07:21.0303 0x0c74  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:07:21.0318 0x0c74  LSI_FC - ok
20:07:21.0334 0x0c74  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:07:21.0350 0x0c74  LSI_SAS - ok
20:07:21.0350 0x0c74  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:07:21.0365 0x0c74  LSI_SAS2 - ok
20:07:21.0381 0x0c74  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:07:21.0396 0x0c74  LSI_SCSI - ok
20:07:21.0412 0x0c74  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:07:21.0443 0x0c74  luafv - ok
20:07:21.0459 0x0c74  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:07:21.0474 0x0c74  Mcx2Svc - ok
20:07:21.0490 0x0c74  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:07:21.0490 0x0c74  megasas - ok
20:07:21.0506 0x0c74  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:07:21.0521 0x0c74  MegaSR - ok
20:07:21.0552 0x0c74  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:07:21.0568 0x0c74  MMCSS - ok
20:07:21.0584 0x0c74  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:07:21.0615 0x0c74  Modem - ok
20:07:21.0630 0x0c74  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:07:21.0646 0x0c74  monitor - ok
20:07:21.0662 0x0c74  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:07:21.0662 0x0c74  mouclass - ok
20:07:21.0677 0x0c74  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:07:21.0693 0x0c74  mouhid - ok
20:07:21.0708 0x0c74  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:07:21.0708 0x0c74  mountmgr - ok
20:07:21.0755 0x0c74  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:07:21.0755 0x0c74  MozillaMaintenance - ok
20:07:21.0786 0x0c74  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:07:21.0802 0x0c74  mpio - ok
20:07:21.0802 0x0c74  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:07:21.0833 0x0c74  mpsdrv - ok
20:07:21.0880 0x0c74  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:07:21.0911 0x0c74  MpsSvc - ok
20:07:21.0958 0x0c74  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:07:21.0958 0x0c74  MRxDAV - ok
20:07:21.0989 0x0c74  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:07:22.0005 0x0c74  mrxsmb - ok
20:07:22.0020 0x0c74  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:07:22.0036 0x0c74  mrxsmb10 - ok
20:07:22.0052 0x0c74  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:07:22.0052 0x0c74  mrxsmb20 - ok
20:07:22.0083 0x0c74  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:07:22.0098 0x0c74  msahci - ok
20:07:22.0114 0x0c74  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:07:22.0130 0x0c74  msdsm - ok
20:07:22.0130 0x0c74  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:07:22.0145 0x0c74  MSDTC - ok
20:07:22.0161 0x0c74  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:07:22.0192 0x0c74  Msfs - ok
20:07:22.0208 0x0c74  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:07:22.0239 0x0c74  mshidkmdf - ok
20:07:22.0254 0x0c74  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:07:22.0254 0x0c74  msisadrv - ok
20:07:22.0286 0x0c74  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:07:22.0317 0x0c74  MSiSCSI - ok
20:07:22.0317 0x0c74  msiserver - ok
20:07:22.0317 0x0c74  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:07:22.0348 0x0c74  MSKSSRV - ok
20:07:22.0364 0x0c74  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:07:22.0395 0x0c74  MSPCLOCK - ok
20:07:22.0410 0x0c74  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:07:22.0442 0x0c74  MSPQM - ok
20:07:22.0457 0x0c74  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:07:22.0473 0x0c74  MsRPC - ok
20:07:22.0488 0x0c74  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:07:22.0504 0x0c74  mssmbios - ok
20:07:22.0504 0x0c74  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:07:22.0535 0x0c74  MSTEE - ok
20:07:22.0551 0x0c74  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:07:22.0566 0x0c74  MTConfig - ok
20:07:22.0598 0x0c74  [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:07:22.0598 0x0c74  MTsensor - ok
20:07:22.0613 0x0c74  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:07:22.0613 0x0c74  Mup - ok
20:07:22.0644 0x0c74  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:07:22.0691 0x0c74  napagent - ok
20:07:22.0707 0x0c74  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:07:22.0738 0x0c74  NativeWifiP - ok
20:07:22.0800 0x0c74  [ E59AFB64C2F6E0C99350E1C944C75088, 10A9044192D0A83857A57286EABB05037922860483DA2B05AFCC485A8311E4EF ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
20:07:22.0816 0x0c74  NAUpdate - ok
20:07:22.0894 0x0c74  [ 5A4EC58A5F2E63DB2092B343CF1B2834, 33F957565E38A3A2842DDB16D7C969F93A4FB888DB5AFBBF5431A712FADE4E13 ] NAVENG          C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150808.001\ENG64.SYS
20:07:22.0894 0x0c74  NAVENG - ok
20:07:22.0972 0x0c74  [ 526EA496D7F06B3746775046B33027C1, FEC0B860F49C28ED6ED721A09D19239BB1E20CE3A29697B24B2FE604AE0EB808 ] NAVEX15         C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150808.001\EX64.SYS
20:07:23.0019 0x0c74  NAVEX15 - ok
20:07:23.0081 0x0c74  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:07:23.0097 0x0c74  NDIS - ok
20:07:23.0128 0x0c74  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:07:23.0159 0x0c74  NdisCap - ok
20:07:23.0175 0x0c74  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:07:23.0206 0x0c74  NdisTapi - ok
20:07:23.0206 0x0c74  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:07:23.0237 0x0c74  Ndisuio - ok
20:07:23.0253 0x0c74  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:07:23.0284 0x0c74  NdisWan - ok
20:07:23.0300 0x0c74  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ]

DT-Maniac · 09.08.2015, 19:36

Code:

ATTFilter

NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:07:23.0315 0x0c74  NDProxy - ok
20:07:23.0331 0x0c74  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:07:23.0362 0x0c74  NetBIOS - ok
20:07:23.0378 0x0c74  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:07:23.0409 0x0c74  NetBT - ok
20:07:23.0424 0x0c74  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon        C:\Windows\system32\lsass.exe
20:07:23.0424 0x0c74  Netlogon - ok
20:07:23.0456 0x0c74  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:07:23.0487 0x0c74  Netman - ok
20:07:23.0518 0x0c74  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:07:23.0518 0x0c74  NetMsmqActivator - ok
20:07:23.0534 0x0c74  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:07:23.0549 0x0c74  NetPipeActivator - ok
20:07:23.0565 0x0c74  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:07:23.0596 0x0c74  netprofm - ok
20:07:23.0612 0x0c74  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:07:23.0627 0x0c74  NetTcpActivator - ok
20:07:23.0627 0x0c74  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:07:23.0643 0x0c74  NetTcpPortSharing - ok
20:07:23.0658 0x0c74  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:07:23.0674 0x0c74  nfrd960 - ok
20:07:23.0721 0x0c74  [ 0B9296AC65C6F3F32E3337490F4BEC67, 149D08436B749003E1B8307C56D46A59983E92DDD1D1348A0FEABD43D34E57BD ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
20:07:23.0736 0x0c74  NIS - ok
20:07:23.0768 0x0c74  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:07:23.0783 0x0c74  NlaSvc - ok
20:07:23.0799 0x0c74  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:07:23.0830 0x0c74  Npfs - ok
20:07:23.0846 0x0c74  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:07:23.0877 0x0c74  nsi - ok
20:07:23.0877 0x0c74  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:07:23.0908 0x0c74  nsiproxy - ok
20:07:23.0970 0x0c74  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:07:24.0017 0x0c74  Ntfs - ok
20:07:24.0033 0x0c74  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:07:24.0064 0x0c74  Null - ok
20:07:24.0080 0x0c74  [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
20:07:24.0080 0x0c74  nusb3hub - ok
20:07:24.0111 0x0c74  [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
20:07:24.0126 0x0c74  nusb3xhc - ok
20:07:24.0158 0x0c74  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
20:07:24.0173 0x0c74  NVENETFD - ok
20:07:24.0189 0x0c74  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:07:24.0189 0x0c74  nvraid - ok
20:07:24.0204 0x0c74  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:07:24.0220 0x0c74  nvstor - ok
20:07:24.0251 0x0c74  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:07:24.0251 0x0c74  nv_agp - ok
20:07:24.0267 0x0c74  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:07:24.0282 0x0c74  ohci1394 - ok
20:07:24.0329 0x0c74  [ 634347ADEBC790B8F07654A3EA8034FD, 1A7E0C145F80E598E96F75CFF3C97B4CD1E2DF492DF89BC398228AECE1F1AA1C ] P17             C:\Windows\system32\drivers\P17.sys
20:07:24.0360 0x0c74  P17 - ok
20:07:24.0392 0x0c74  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:07:24.0407 0x0c74  p2pimsvc - ok
20:07:24.0423 0x0c74  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:07:24.0454 0x0c74  p2psvc - ok
20:07:24.0470 0x0c74  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:07:24.0485 0x0c74  Parport - ok
20:07:24.0516 0x0c74  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:07:24.0516 0x0c74  partmgr - ok
20:07:24.0548 0x0c74  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:07:24.0563 0x0c74  PcaSvc - ok
20:07:24.0563 0x0c74  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:07:24.0579 0x0c74  pci - ok
20:07:24.0610 0x0c74  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:07:24.0610 0x0c74  pciide - ok
20:07:24.0626 0x0c74  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:07:24.0641 0x0c74  pcmcia - ok
20:07:24.0657 0x0c74  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:07:24.0672 0x0c74  pcw - ok
20:07:24.0735 0x0c74  [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
20:07:24.0766 0x0c74  PDF Architect Helper Service - ok
20:07:24.0797 0x0c74  [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
20:07:24.0828 0x0c74  PDF Architect Service - ok
20:07:24.0860 0x0c74  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:07:24.0875 0x0c74  PEAUTH - ok
20:07:24.0969 0x0c74  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:07:24.0969 0x0c74  PerfHost - ok
20:07:25.0031 0x0c74  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:07:25.0094 0x0c74  pla - ok
20:07:25.0125 0x0c74  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:07:25.0140 0x0c74  PlugPlay - ok
20:07:25.0156 0x0c74  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:07:25.0172 0x0c74  PNRPAutoReg - ok
20:07:25.0187 0x0c74  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:07:25.0203 0x0c74  PNRPsvc - ok
20:07:25.0234 0x0c74  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:07:25.0265 0x0c74  PolicyAgent - ok
20:07:25.0296 0x0c74  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:07:25.0328 0x0c74  Power - ok
20:07:25.0359 0x0c74  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:07:25.0390 0x0c74  PptpMiniport - ok
20:07:25.0390 0x0c74  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:07:25.0406 0x0c74  Processor - ok
20:07:25.0437 0x0c74  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:07:25.0452 0x0c74  ProfSvc - ok
20:07:25.0468 0x0c74  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe
20:07:25.0484 0x0c74  ProtectedStorage - ok
20:07:25.0484 0x0c74  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:07:25.0515 0x0c74  Psched - ok
20:07:25.0577 0x0c74  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:07:25.0608 0x0c74  ql2300 - ok
20:07:25.0624 0x0c74  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:07:25.0640 0x0c74  ql40xx - ok
20:07:25.0671 0x0c74  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:07:25.0686 0x0c74  QWAVE - ok
20:07:25.0702 0x0c74  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:07:25.0702 0x0c74  QWAVEdrv - ok
20:07:25.0733 0x0c74  [ 0CAA9F394453F7BBEEE2124017B1B842, 2DC64564FAF8CB00842260368CA9CF58EC0312471603FD18E812DC3971E9A3DD ] RadeonPro Support Service C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
20:07:25.0749 0x0c74  RadeonPro Support Service - detected UnsignedFile.Multi.Generic ( 1 )
20:07:25.0749 0x0c74  RadeonPro Support Service ( UnsignedFile.Multi.Generic ) - warning
20:07:25.0764 0x0c74  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:07:25.0796 0x0c74  RasAcd - ok
20:07:25.0811 0x0c74  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:07:25.0842 0x0c74  RasAgileVpn - ok
20:07:25.0858 0x0c74  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:07:25.0889 0x0c74  RasAuto - ok
20:07:25.0905 0x0c74  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:07:25.0936 0x0c74  Rasl2tp - ok
20:07:25.0952 0x0c74  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:07:25.0983 0x0c74  RasMan - ok
20:07:25.0998 0x0c74  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:07:26.0030 0x0c74  RasPppoe - ok
20:07:26.0045 0x0c74  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:07:26.0061 0x0c74  RasSstp - ok
20:07:26.0092 0x0c74  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:07:26.0123 0x0c74  rdbss - ok
20:07:26.0123 0x0c74  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:07:26.0139 0x0c74  rdpbus - ok
20:07:26.0154 0x0c74  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:07:26.0186 0x0c74  RDPCDD - ok
20:07:26.0186 0x0c74  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:07:26.0217 0x0c74  RDPENCDD - ok
20:07:26.0232 0x0c74  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:07:26.0248 0x0c74  RDPREFMP - ok
20:07:26.0310 0x0c74  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:07:26.0310 0x0c74  RdpVideoMiniport - ok
20:07:26.0342 0x0c74  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:07:26.0357 0x0c74  RDPWD - ok
20:07:26.0388 0x0c74  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:07:26.0388 0x0c74  rdyboost - ok
20:07:26.0420 0x0c74  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:07:26.0451 0x0c74  RemoteAccess - ok
20:07:26.0482 0x0c74  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:07:26.0513 0x0c74  RemoteRegistry - ok
20:07:26.0529 0x0c74  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:07:26.0544 0x0c74  RpcEptMapper - ok
20:07:26.0560 0x0c74  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:07:26.0576 0x0c74  RpcLocator - ok
20:07:26.0607 0x0c74  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:07:26.0638 0x0c74  RpcSs - ok
20:07:26.0654 0x0c74  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:07:26.0685 0x0c74  rspndr - ok
20:07:26.0732 0x0c74  [ 6FA271B6816AFFAEF640808FC51AC8AF, 696679114F6A106EC94C21E2A33FE17AF86368BCF9A796AAEA37EA6E8748AD6A ] RTCore64        C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
20:07:26.0732 0x0c74  RTCore64 - ok
20:07:26.0747 0x0c74  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs           C:\Windows\system32\lsass.exe
20:07:26.0747 0x0c74  SamSs - ok
20:07:26.0778 0x0c74  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:07:26.0794 0x0c74  sbp2port - ok
20:07:26.0794 0x0c74  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:07:26.0825 0x0c74  SCardSvr - ok
20:07:26.0841 0x0c74  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:07:26.0872 0x0c74  scfilter - ok
20:07:26.0919 0x0c74  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:07:26.0966 0x0c74  Schedule - ok
20:07:26.0997 0x0c74  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:07:27.0028 0x0c74  SCPolicySvc - ok
20:07:27.0044 0x0c74  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:07:27.0059 0x0c74  SDRSVC - ok
20:07:27.0075 0x0c74  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:07:27.0090 0x0c74  secdrv - ok
20:07:27.0106 0x0c74  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:07:27.0137 0x0c74  seclogon - ok
20:07:27.0153 0x0c74  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:07:27.0184 0x0c74  SENS - ok
20:07:27.0184 0x0c74  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:07:27.0200 0x0c74  SensrSvc - ok
20:07:27.0215 0x0c74  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:07:27.0231 0x0c74  Serenum - ok
20:07:27.0246 0x0c74  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:07:27.0246 0x0c74  Serial - ok
20:07:27.0262 0x0c74  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:07:27.0278 0x0c74  sermouse - ok
20:07:27.0309 0x0c74  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:07:27.0340 0x0c74  SessionEnv - ok
20:07:27.0356 0x0c74  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:07:27.0356 0x0c74  sffdisk - ok
20:07:27.0371 0x0c74  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:07:27.0387 0x0c74  sffp_mmc - ok
20:07:27.0402 0x0c74  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:07:27.0402 0x0c74  sffp_sd - ok
20:07:27.0418 0x0c74  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:07:27.0434 0x0c74  sfloppy - ok
20:07:27.0465 0x0c74  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:07:27.0496 0x0c74  SharedAccess - ok
20:07:27.0512 0x0c74  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:07:27.0558 0x0c74  ShellHWDetection - ok
20:07:27.0574 0x0c74  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:07:27.0574 0x0c74  SiSRaid2 - ok
20:07:27.0605 0x0c74  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:07:27.0621 0x0c74  SiSRaid4 - ok
20:07:27.0636 0x0c74  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:07:27.0652 0x0c74  Smb - ok
20:07:27.0683 0x0c74  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:07:27.0699 0x0c74  SNMPTRAP - ok
20:07:27.0699 0x0c74  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:07:27.0714 0x0c74  spldr - ok
20:07:27.0746 0x0c74  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:07:27.0777 0x0c74  Spooler - ok
20:07:27.0870 0x0c74  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:07:27.0964 0x0c74  sppsvc - ok
20:07:27.0995 0x0c74  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:07:28.0026 0x0c74  sppuinotify - ok
20:07:28.0104 0x0c74  [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS
20:07:28.0120 0x0c74  SRTSP - ok
20:07:28.0136 0x0c74  [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX          C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS
20:07:28.0151 0x0c74  SRTSPX - ok
20:07:28.0182 0x0c74  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:07:28.0214 0x0c74  srv - ok
20:07:28.0229 0x0c74  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:07:28.0245 0x0c74  srv2 - ok
20:07:28.0260 0x0c74  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:07:28.0276 0x0c74  srvnet - ok
20:07:28.0307 0x0c74  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:07:28.0338 0x0c74  SSDPSRV - ok
20:07:28.0354 0x0c74  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:07:28.0370 0x0c74  SstpSvc - ok
20:07:28.0401 0x0c74  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:07:28.0401 0x0c74  stexstor - ok
20:07:28.0432 0x0c74  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:07:28.0463 0x0c74  stisvc - ok
20:07:28.0479 0x0c74  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:07:28.0479 0x0c74  swenum - ok
20:07:28.0510 0x0c74  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:07:28.0541 0x0c74  swprv - ok
20:07:28.0572 0x0c74  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS
20:07:28.0588 0x0c74  SymDS - ok
20:07:28.0619 0x0c74  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS
20:07:28.0650 0x0c74  SymEFA - ok
20:07:28.0682 0x0c74  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:07:28.0697 0x0c74  SymEvent - ok
20:07:28.0728 0x0c74  [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON         C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS
20:07:28.0744 0x0c74  SymIRON - ok
20:07:28.0775 0x0c74  [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS         C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS
20:07:28.0791 0x0c74  SymNetS - ok
20:07:28.0853 0x0c74  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:07:28.0916 0x0c74  SysMain - ok
20:07:28.0916 0x0c74  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:07:28.0947 0x0c74  TabletInputService - ok
20:07:28.0962 0x0c74  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:07:28.0994 0x0c74  TapiSrv - ok
20:07:29.0009 0x0c74  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:07:29.0040 0x0c74  TBS - ok
20:07:29.0103 0x0c74  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:07:29.0150 0x0c74  Tcpip - ok
20:07:29.0196 0x0c74  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:07:29.0243 0x0c74  TCPIP6 - ok
20:07:29.0274 0x0c74  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:07:29.0290 0x0c74  tcpipreg - ok
20:07:29.0306 0x0c74  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:07:29.0321 0x0c74  TDPIPE - ok
20:07:29.0337 0x0c74  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:07:29.0352 0x0c74  TDTCP - ok
20:07:29.0384 0x0c74  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:07:29.0399 0x0c74  tdx - ok
20:07:29.0415 0x0c74  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:07:29.0430 0x0c74  TermDD - ok
20:07:29.0477 0x0c74  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:07:29.0493 0x0c74  TermService - ok
20:07:29.0524 0x0c74  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:07:29.0540 0x0c74  Themes - ok
20:07:29.0555 0x0c74  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:07:29.0586 0x0c74  THREADORDER - ok
20:07:29.0586 0x0c74  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:07:29.0618 0x0c74  TrkWks - ok
20:07:29.0664 0x0c74  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:07:29.0696 0x0c74  TrustedInstaller - ok
20:07:29.0711 0x0c74  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:07:29.0727 0x0c74  tssecsrv - ok
20:07:29.0758 0x0c74  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:07:29.0758 0x0c74  TsUsbFlt - ok
20:07:29.0789 0x0c74  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:07:29.0805 0x0c74  TsUsbGD - ok
20:07:29.0820 0x0c74  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:07:29.0852 0x0c74  tunnel - ok
20:07:29.0867 0x0c74  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:07:29.0883 0x0c74  uagp35 - ok
20:07:29.0898 0x0c74  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:07:29.0930 0x0c74  udfs - ok
20:07:29.0961 0x0c74  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:07:29.0976 0x0c74  UI0Detect - ok
20:07:29.0992 0x0c74  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:07:30.0008 0x0c74  uliagpkx - ok
20:07:30.0008 0x0c74  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:07:30.0023 0x0c74  umbus - ok
20:07:30.0039 0x0c74  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:07:30.0039 0x0c74  UmPass - ok
20:07:30.0070 0x0c74  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:07:30.0101 0x0c74  upnphost - ok
20:07:30.0132 0x0c74  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:07:30.0148 0x0c74  usbaudio - ok
20:07:30.0164 0x0c74  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:07:30.0179 0x0c74  usbccgp - ok
20:07:30.0195 0x0c74  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:07:30.0210 0x0c74  usbcir - ok
20:07:30.0226 0x0c74  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:07:30.0242 0x0c74  usbehci - ok
20:07:30.0257 0x0c74  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:07:30.0273 0x0c74  usbhub - ok
20:07:30.0273 0x0c74  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:07:30.0288 0x0c74  usbohci - ok
20:07:30.0304 0x0c74  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:07:30.0320 0x0c74  usbprint - ok
20:07:30.0335 0x0c74  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:07:30.0351 0x0c74  usbscan - ok
20:07:30.0366 0x0c74  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:07:30.0382 0x0c74  USBSTOR - ok
20:07:30.0398 0x0c74  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:07:30.0398 0x0c74  usbuhci - ok
20:07:30.0429 0x0c74  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:07:30.0444 0x0c74  UxSms - ok
20:07:30.0460 0x0c74  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc        C:\Windows\system32\lsass.exe
20:07:30.0476 0x0c74  VaultSvc - ok
20:07:30.0476 0x0c74  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:07:30.0491 0x0c74  vdrvroot - ok
20:07:30.0522 0x0c74  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:07:30.0554 0x0c74  vds - ok
20:07:30.0569 0x0c74  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:07:30.0569 0x0c74  vga - ok
20:07:30.0585 0x0c74  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:07:30.0616 0x0c74  VgaSave - ok
20:07:30.0647 0x0c74  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:07:30.0663 0x0c74  vhdmp - ok
20:07:30.0678 0x0c74  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:07:30.0694 0x0c74  viaide - ok
20:07:30.0694 0x0c74  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:07:30.0710 0x0c74  volmgr - ok
20:07:30.0725 0x0c74  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:07:30.0741 0x0c74  volmgrx - ok
20:07:30.0772 0x0c74  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:07:30.0788 0x0c74  volsnap - ok
20:07:30.0803 0x0c74  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:07:30.0803 0x0c74  vsmraid - ok
20:07:30.0881 0x0c74  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:07:30.0944 0x0c74  VSS - ok
20:07:30.0959 0x0c74  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:07:30.0959 0x0c74  vwifibus - ok
20:07:30.0990 0x0c74  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:07:31.0022 0x0c74  W32Time - ok
20:07:31.0037 0x0c74  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:07:31.0053 0x0c74  WacomPen - ok
20:07:31.0068 0x0c74  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:07:31.0100 0x0c74  WANARP - ok
20:07:31.0100 0x0c74  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:07:31.0131 0x0c74  Wanarpv6 - ok
20:07:31.0178 0x0c74  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:07:31.0224 0x0c74  wbengine - ok
20:07:31.0240 0x0c74  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:07:31.0256 0x0c74  WbioSrvc - ok
20:07:31.0287 0x0c74  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:07:31.0318 0x0c74  wcncsvc - ok
20:07:31.0334 0x0c74  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:07:31.0334 0x0c74  WcsPlugInService - ok
20:07:31.0349 0x0c74  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:07:31.0365 0x0c74  Wd - ok
20:07:31.0412 0x0c74  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:07:31.0427 0x0c74  Wdf01000 - ok
20:07:31.0458 0x0c74  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:07:31.0474 0x0c74  WdiServiceHost - ok
20:07:31.0474 0x0c74  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:07:31.0490 0x0c74  WdiSystemHost - ok
20:07:31.0505 0x0c74  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:07:31.0521 0x0c74  WebClient - ok
20:07:31.0552 0x0c74  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:07:31.0583 0x0c74  Wecsvc - ok
20:07:31.0599 0x0c74  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:07:31.0630 0x0c74  wercplsupport - ok
20:07:31.0646 0x0c74  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:07:31.0677 0x0c74  WerSvc - ok
20:07:31.0692 0x0c74  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:07:31.0724 0x0c74  WfpLwf - ok
20:07:31.0739 0x0c74  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:07:31.0755 0x0c74  WIMMount - ok
20:07:31.0770 0x0c74  WinDefend - ok
20:07:31.0770 0x0c74  WinHttpAutoProxySvc - ok
20:07:31.0817 0x0c74  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:07:31.0848 0x0c74  Winmgmt - ok
20:07:31.0926 0x0c74  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:07:31.0973 0x0c74  WinRM - ok
20:07:32.0020 0x0c74  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
20:07:32.0036 0x0c74  WinUsb - ok
20:07:32.0082 0x0c74  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:07:32.0114 0x0c74  Wlansvc - ok
20:07:32.0238 0x0c74  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:07:32.0285 0x0c74  wlidsvc - ok
20:07:32.0316 0x0c74  [ E7F4937B613B1E4294100C9D4EFC36A9, E8C7EE623E5BEA179F0FC01AB90C129BD7F930A2ACC48D68D88534108BE0AF43 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
20:07:32.0332 0x0c74  WmBEnum - ok
20:07:32.0332 0x0c74  [ 6F6F2B263002B243D3501C7E6C8FC11D, EBC1C9936D35D9FD68E1A17A399759ACFB8B8BF57C179F8926D60CD11CEB8106 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
20:07:32.0348 0x0c74  WmFilter - ok
20:07:32.0363 0x0c74  [ 1584F8D5FDFE44C03DBA85A2106B937F, AABF84DD39E9F5547DD9721B37364EFB7FAB8EA14FA23688929ED649266FA86C ] WmHidLo         C:\Windows\system32\drivers\WmHidLo.sys
20:07:32.0363 0x0c74  WmHidLo - ok
20:07:32.0379 0x0c74  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:07:32.0379 0x0c74  WmiAcpi - ok
20:07:32.0410 0x0c74  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:07:32.0426 0x0c74  wmiApSrv - ok
20:07:32.0441 0x0c74  WMPNetworkSvc - ok
20:07:32.0457 0x0c74  [ 52B4FCC6AFAEC0FFD80BDA63F9B140CD, 5C1BF49D78EFF9E642694255A08E951E7D25B27792CA9E4C06BD619986B55588 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
20:07:32.0457 0x0c74  WmVirHid - ok
20:07:32.0472 0x0c74  [ 395B3E7FBA81BDC4501641B3B2CF2E20, 8DED5B304111F6A21C1C2AFC50228B2A0BB0C20D737EE6F7E955C8CCF36FD702 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
20:07:32.0488 0x0c74  WmXlCore - ok
20:07:32.0504 0x0c74  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:07:32.0519 0x0c74  WPCSvc - ok
20:07:32.0535 0x0c74  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:07:32.0550 0x0c74  WPDBusEnum - ok
20:07:32.0566 0x0c74  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:07:32.0582 0x0c74  ws2ifsl - ok
20:07:32.0597 0x0c74  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:07:32.0613 0x0c74  wscsvc - ok
20:07:32.0613 0x0c74  WSearch - ok
20:07:32.0722 0x0c74  [ 14882A15F5CE7B8EADC8E7F54FD5B53B, 75CE9845C6EE66B070EA3D11F5B49935B9D0A607DCC93D3105130F3987E39443 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:07:32.0784 0x0c74  wuauserv - ok
20:07:32.0816 0x0c74  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:07:32.0816 0x0c74  WudfPf - ok
20:07:32.0831 0x0c74  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
20:07:32.0847 0x0c74  WUDFRd - ok
20:07:32.0862 0x0c74  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:07:32.0862 0x0c74  wudfsvc - ok
20:07:32.0894 0x0c74  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:07:32.0909 0x0c74  WwanSvc - ok
20:07:32.0925 0x0c74  ================ Scan global ===============================
20:07:32.0940 0x0c74  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:07:32.0987 0x0c74  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
20:07:32.0987 0x0c74  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
20:07:33.0018 0x0c74  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:07:33.0050 0x0c74  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
20:07:33.0050 0x0c74  [ Global ] - ok
20:07:33.0050 0x0c74  ================ Scan MBR ==================================
20:07:33.0065 0x0c74  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:07:33.0299 0x0c74  \Device\Harddisk0\DR0 - ok
20:07:33.0299 0x0c74  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
20:07:33.0377 0x0c74  \Device\Harddisk1\DR1 - ok
20:07:33.0377 0x0c74  ================ Scan VBR ==================================
20:07:33.0377 0x0c74  [ E37234AFCD8C9A734E3AB252F6A930B3 ] \Device\Harddisk0\DR0\Partition1
20:07:33.0377 0x0c74  \Device\Harddisk0\DR0\Partition1 - ok
20:07:33.0408 0x0c74  [ 8C3E3A6662ACC98C3D031DAA369495BF ] \Device\Harddisk0\DR0\Partition2
20:07:33.0408 0x0c74  \Device\Harddisk0\DR0\Partition2 - ok
20:07:33.0408 0x0c74  [ 1C217497A5DCD0AFF6726F01B6790394 ] \Device\Harddisk0\DR0\Partition3
20:07:33.0408 0x0c74  \Device\Harddisk0\DR0\Partition3 - ok
20:07:33.0408 0x0c74  [ 3F3F6EA88443D53BEBFCC23D63EBDE36 ] \Device\Harddisk1\DR1\Partition1
20:07:33.0408 0x0c74  \Device\Harddisk1\DR1\Partition1 - ok
20:07:33.0408 0x0c74  ================ Scan generic autorun ======================
20:07:33.0471 0x0c74  [ FFF4ACD342AE202E9E5D9D51BC7FF0E1, 87ABDE33047DB65E619CD2392890C90A3F6C06C4D2A9CBC2824C27287D772C2C ] C:\Program Files\Logitech\Gaming Software\LWEMon.exe
20:07:33.0471 0x0c74  Start WingMan Profiler - ok
20:07:33.0845 0x0c74  [ 19ECAAEA3CC248489FE987C10B688C0D, 967CB23A8176B3181EE2A55DFBB04A69988AB22105D4C450C5B5E729B91FAD5A ] C:\Program Files\Logitech Gaming Software\LCore.exe
20:07:34.0079 0x0c74  Launch LCore - ok
20:07:34.0157 0x0c74  [ DE91AA01B01FF8F5837C46EF0B51B57F, C896865F9C0613286C01AA3183D37B25C324D64963A2B1EE0CFA91100822D086 ] C:\Program Files\Greenshot\Greenshot.exe
20:07:34.0173 0x0c74  Greenshot - detected UnsignedFile.Multi.Generic ( 1 )
20:07:34.0173 0x0c74  Greenshot ( UnsignedFile.Multi.Generic ) - warning
20:07:34.0235 0x0c74  [ ED191C327A6695B35F614BD420E9EB5D, 7F4CC0EFA3F624C966E8AD78C1AC049C2CAB99D6C667D15F89A54AFC8CF0D4AA ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
20:07:34.0235 0x0c74  VolPanel - detected UnsignedFile.Multi.Generic ( 1 )
20:07:34.0235 0x0c74  VolPanel ( UnsignedFile.Multi.Generic ) - warning
20:07:34.0235 0x0c74  Force sending object to P2P due to detect: C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
20:07:34.0235 0x0c74  Object send P2P result: false
20:07:34.0235 0x0c74  P17RunE - ok
20:07:34.0329 0x0c74  [ 16598A9758F386F82D2C447C70C95D10, 0A698135EFC195C359702AA76897B9C67712FDE0A54B51587134B65510B154ED ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:07:34.0344 0x0c74  StartCCC - ok
20:07:34.0376 0x0c74  [ 2B282A4050FE3B4B70EF9E3070BBFF78, 019B667781F5CE411AEB569EAA4095FA2B9942E43A6A1DFC6EEBB2DA214131FE ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
20:07:34.0391 0x0c74  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
20:07:34.0391 0x0c74  FreePDF Assistant ( UnsignedFile.Multi.Generic ) - warning
20:07:34.0469 0x0c74  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:07:34.0500 0x0c74  Sidebar - ok
20:07:34.0516 0x0c74  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:07:34.0532 0x0c74  mctadmin - ok
20:07:34.0563 0x0c74  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:07:34.0594 0x0c74  Sidebar - ok
20:07:34.0594 0x0c74  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:07:34.0610 0x0c74  mctadmin - ok
20:07:34.0750 0x0c74  [ 4AEE8446E8A922EC25C9300A766AC38A, C7E8A5A49811C0D1164043C490C9C4EDD554E348C88851ABDF5B13E27A86C8DB ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
20:07:34.0812 0x0c74  LightScribe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
20:07:34.0812 0x0c74  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - warning
20:07:34.0859 0x0c74  [ 4AEE8446E8A922EC25C9300A766AC38A, C7E8A5A49811C0D1164043C490C9C4EDD554E348C88851ABDF5B13E27A86C8DB ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
20:07:34.0922 0x0c74  LightScribe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
20:07:34.0922 0x0c74  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - warning
20:07:34.0937 0x0c74  AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe ( 22.3.0.0 ), 0x51000 ( enabled : updated )
20:07:34.0937 0x0c74  FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe ( 22.3.0.0 ), 0x51010 ( enabled )
20:07:34.0937 0x0c74  ============================================================
20:07:34.0937 0x0c74  Scan finished
20:07:34.0937 0x0c74  ============================================================
20:07:34.0953 0x072c  Detected object count: 10
20:07:34.0953 0x072c  Actual detected object count: 10
20:07:45.0015 0x072c  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:45.0015 0x072c  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:45.0015 0x072c  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:45.0015 0x072c  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:45.0015 0x072c  RadeonPro Support Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  RadeonPro Support Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:45.0015 0x072c  Greenshot ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  Greenshot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:45.0015 0x072c  VolPanel ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  VolPanel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:45.0015 0x072c  FreePDF Assistant ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  FreePDF Assistant ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:45.0015 0x072c  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:45.0015 0x072c  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:45.0015 0x072c  LightScribe Control Panel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:46.0965 0x0ae0  Deinitialize success

schrauber · 10.08.2015, 12:29

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

DT-Maniac · 10.08.2015, 18:19

Hallo schrauber,

folgendes Problem: der Dienst von Norton Internet Security läuft im Hintergrund und ich kann diesen nicht beenden bzw. er startet dann automatisch wieder von selbst. Das wird auch von ComboFix angemeckert. Auto-Protect und die Firewall habe deaktiviert. Kann ich NIS irgendwie komplett ausschalten?

schrauber · 11.08.2015, 10:43

Am besten komplett deinstallieren und später wieder installieren (oder gleich was besseres....)

DT-Maniac · 11.08.2015, 17:02

So, nach erfolgreicher Deinstallation von NIS, hier die Log-Datei von ComboFix:

Code:

ATTFilter

ComboFix 15-08-08.01 - ******* 11.08.2015  17:38:25.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2883 [GMT 2:00]
ausgeführt von:: c:\users\*******\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp7251.tmp
c:\windows\SysWow64\tmpC9D.tmp
c:\windows\SysWow64\tmpCAE.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-07-11 bis 2015-08-11  ))))))))))))))))))))))))))))))
.
.
2015-08-11 15:45 . 2015-08-11 15:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-08-11 15:45 . 2015-08-11 15:45	--------	d-----w-	c:\users\****\AppData\Local\temp
2015-08-09 19:10 . 2012-07-26 05:32	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2015-08-09 19:10 . 2015-08-09 19:10	--------	dc----w-	c:\windows\system32\DRVSTORE
2015-08-09 19:10 . 2012-07-26 05:32	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2015-08-09 19:10 . 2012-07-26 05:32	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2015-08-09 19:09 . 2015-08-09 19:09	--------	d-----w-	c:\windows\system32\drivers\NBRTWizardx64
2015-08-09 19:09 . 2015-08-09 19:09	--------	d-----w-	c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2015-08-09 17:35 . 2015-08-09 17:35	--------	d-----w-	c:\programdata\Malwarebytes
2015-08-09 17:35 . 2015-08-09 19:30	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-08-09 17:35 . 2015-08-09 19:12	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-09 17:35 . 2015-08-09 19:12	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-08-08 19:29 . 2015-08-09 14:47	--------	d-----w-	C:\FRST
2015-08-08 18:38 . 2015-08-08 18:38	--------	d-----w-	c:\programdata\AVAST Software
2015-08-08 17:48 . 2015-08-09 19:31	--------	d-----w-	c:\users\*******\AppData\Local\NPE
2015-07-28 16:10 . 2015-07-28 16:10	--------	d-----w-	c:\programdata\PCSettings
2015-07-16 19:45 . 2015-07-16 20:00	--------	d-----w-	c:\users\****\AppData\Roaming\Greenshot
2015-07-16 19:45 . 2015-07-16 19:45	--------	d-----w-	c:\users\****\AppData\Local\Greenshot
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-16 16:05 . 2014-01-09 19:22	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-16 16:05 . 2014-01-09 19:22	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-18 08:09 . 2014-01-09 20:04	140135120	----a-w-	c:\windows\system32\MRT.exe
2015-05-25 18:24 . 2015-06-04 06:40	5569984	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-04 06:40	155584	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-04 06:40	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-04 06:40	1728960	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-04 06:40	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-04 06:40	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-04 06:40	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-04 06:40	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-04 06:40	1255424	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-04 06:40	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-04 06:40	879104	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-04 06:40	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-04 06:40	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-04 06:40	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-04 06:40	503808	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-04 06:40	113664	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-04 06:40	50176	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-04 06:40	28160	----a-w-	c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-04 06:40	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-04 06:40	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-04 06:40	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-04 06:40	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-04 06:40	728576	----a-w-	c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-04 06:40	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-04 06:40	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-04 06:40	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-04 06:40	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-04 06:40	22016	----a-w-	c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-04 06:40	879104	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-04 06:40	404992	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-04 06:40	47104	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-04 06:40	112640	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-04 06:40	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-04 06:40	43008	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-04 06:40	104448	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-04 06:40	31232	----a-w-	c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-04 06:40	19456	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-04 06:40	338432	----a-w-	c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-04 06:40	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-04 06:40	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-04 06:40	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-04 06:40	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-04 06:40	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-04 06:40	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-04 06:40	3989440	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-04 06:40	3934144	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-04 06:40	1310744	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-04 06:40	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-04 06:40	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-04 06:40	635392	----a-w-	c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-04 06:40	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-04 06:40	92160	----a-w-	c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-04 06:40	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-04 06:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-04 06:40	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-04 06:40	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-04 06:40	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-04 06:40	551424	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-04 06:40	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-04 06:40	641536	----a-w-	c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-04 06:40	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-04 06:40	40448	----a-w-	c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-04 06:40	364544	----a-w-	c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-04 06:40	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-04 06:40	37888	----a-w-	c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-04 06:40	82944	----a-w-	c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-04 06:40	17408	----a-w-	c:\windows\SysWow64\diskperf.exe
2015-05-25 18:00 . 2015-06-04 06:40	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
2015-05-25 17:59 . 2015-06-04 06:40	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2015-05-25 17:59 . 2015-06-04 06:40	5120	----a-w-	c:\windows\SysWow64\wow32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2013-01-16 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2014-03-18 373760]
"Acrobat Assistant 8.0"="c:\program files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe" [2008-10-01 640376]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2015-07-21 217632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 L6PODHDBEAN;Service - Line 6 POD HD;c:\windows\system32\Drivers\L6PODHDBEAN64.sys;c:\windows\SYSNATIVE\Drivers\L6PODHDBEAN64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 11:46	454176	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-09 16:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-10-14 12697368]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2015-04-19 540672]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - user.js: app.update.enabled - false
FF - user.js: app.update.auto - false
FF - user.js: app.update.silent - false
FF - user.js: app.update.staging.enabled - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-08-11  17:52:14
ComboFix-quarantined-files.txt  2015-08-11 15:52
.
Vor Suchlauf: 11 Verzeichnis(se), 40.020.127.744 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 40.787.771.392 Bytes frei
.
- - End Of File - - 23B288C8D43E57F700CA51E94C51C9B2
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 12.08.2015, 09:03

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

DT-Maniac · 12.08.2015, 19:44

Heute habe ich festgestellt, dass die nicht startenden Programme wieder laufen. Da ich derzeit keine Schutz-Software installiert habe, habe ich nur kurz das Netzwerkkabel eingesteckt und eine Seite aufgerufen. Der Internetzugang funktioniert ebenfalls wieder... Ob damit die Probleme gelöst sind, wage ich als Laie nicht zu beurteilen. Die Updates der Cleaning Software habe ich nicht gemacht, da ich ohne Schutz nicht online gehen will und zu dem Zeitpunkt noch nicht wusste, dass es wieder funktioniert. Mit welcher Software sollte man sich für einen guten Schutz denn ausrüsten? Ich lass mich da gerne belehren.

Hier die logs:
mbam:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 12.08.2015
Suchlaufzeit: 19:51
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.06.03.03
Rootkit-Datenbank: v2015.06.02.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *******

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 431040
Abgelaufene Zeit: 13 Min., 52 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 3
PUP.Optional.OpenCandy, C:\Users\*******\AppData\Roaming\OpenCandy, In Quarantäne, [460995213e4ccc6a3ea6f6bbb0533ac6], 
PUP.Optional.OpenCandy, C:\Users\*******\AppData\Roaming\OpenCandy\69A7B2BB42034C97A467BB608AEB11FE, In Quarantäne, [460995213e4ccc6a3ea6f6bbb0533ac6], 
PUP.Optional.IHlpr.A, C:\Users\*******\AppData\Roaming\IHlpr\69A7B2BB42034C97A467BB608AEB11FE, In Quarantäne, [50ffc2f4d8b2b3835ca2eee9b44f619f], 

Dateien: 1
PUP.Optional.IHlpr.A, C:\Users\*******\AppData\Roaming\IHlpr\69A7B2BB42034C97A467BB608AEB11FE\WEB.DE_MailCheck_FF_Setup_3.0.1.1739-1.exe, In Quarantäne, [50ffc2f4d8b2b3835ca2eee9b44f619f], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.208 - Bericht erstellt 12/08/2015 um 20:15:11
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-09.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : ******* - SHARK
# Gestarted von : C:\Users\*******\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\*******\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\IHlpr
Datei Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Solvusoft
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v38.0.5 (x86 de)

[8b53qvu9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

-\\ Opera v20.0.1387.77


*************************

AdwCleaner[R0].txt - [1965 Bytes] - [12/08/2015 20:13:32]
AdwCleaner[S0].txt - [1556 Bytes] - [12/08/2015 20:15:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1615  Bytes] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 7 Home Premium x64
Ran by ******* on 12.08.2015 at 20:20:56,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\*******\AppData\Roaming\mozilla\firefox\profiles\mzsmduzt.default\extensions\jid1-xkh0eos44u1a2w@jetpack.xpi
Emptied folder: C:\Users\*******\AppData\Roaming\mozilla\firefox\profiles\mzsmduzt.default\minidumps [54 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.08.2015 at 20:23:30,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST, die zweite:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
durchgeführt von ******* (Administrator) auf SHARK (12-08-2015 20:27:38)
Gestartet von C:\Users\*******\Desktop
Geladene Profile: ******* (Verfügbare Profile: ******* & ****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-17] (Logitech Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH)
HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1678810335-2756922238-3578185290-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-11-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-11-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-11-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-11-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7D1B3D77-3D1A-4DBA-AA76-4D7162C32DF9}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1678810335-2756922238-3578185290-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\searchplugins\duckduckgo.xml [2014-01-09]
FF Extension: YouTube Unblocker - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-06-17]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-01-09]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-01-09]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: DuckDuckGo Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-01-09]
FF Extension: {9192c10a-ce03-4ca3-a4e6-a1531e339a49} - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{9192c10a-ce03-4ca3-a4e6-a1531e339a49}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-09]
FF Extension: HTML Plugin - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{e3560e50-30d3-4bfa-978d-36033fbee1da}.xpi [2014-11-25]
FF Extension: Adblock Edge - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-09]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-04]

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-1678810335-2756922238-3578185290-1001) OperaStable - "C:\Program Files (x86)\Opera\Launcher.exe"

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-01-10] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-10] (Creative Labs) [Datei ist nicht signiert]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [Datei ist nicht signiert]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-04-13] (Mr. John aka japamd) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 L6PODHDBEAN; C:\Windows\System32\Drivers\L6PODHDBEAN64.sys [772864 2013-07-11] (Line 6)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
U3 Winsock; kein ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-12 20:27 - 2015-08-12 20:27 - 00013918 _____ C:\Users\*******\Desktop\FRST.txt
2015-08-12 20:26 - 2015-08-12 20:26 - 00001699 _____ C:\Users\*******\Desktop\AdwCleaner[S0].txt
2015-08-12 20:23 - 2015-08-12 20:27 - 00000993 _____ C:\Users\*******\Desktop\JRT.txt
2015-08-12 20:13 - 2015-08-12 20:15 - 00000000 ____D C:\AdwCleaner
2015-08-12 20:11 - 2015-08-12 20:18 - 00001752 _____ C:\Users\*******\Desktop\mbam.txt
2015-08-12 19:50 - 2015-08-12 19:50 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-12 19:50 - 2015-08-12 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-08-12 19:50 - 2015-08-12 19:50 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-12 19:50 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-12 19:50 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-12 19:48 - 2015-08-12 19:36 - 02248704 _____ C:\Users\*******\Desktop\AdwCleaner_4.208.exe
2015-08-12 19:48 - 2015-08-12 19:36 - 01791580 _____ (Malwarebytes Corporation) C:\Users\*******\Desktop\JRT.exe
2015-08-11 17:52 - 2015-08-11 17:52 - 00017960 _____ C:\ComboFix.txt
2015-08-11 17:35 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-11 17:35 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-11 17:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-10 19:14 - 2015-08-11 17:52 - 00000000 ____D C:\Qoobox
2015-08-10 19:13 - 2015-08-11 17:50 - 00000000 ____D C:\Windows\erdnt
2015-08-10 19:11 - 2015-08-10 18:10 - 05634368 ____R (Swearware) C:\Users\*******\Desktop\ComboFix.exe
2015-08-09 21:10 - 2012-07-26 07:32 - 00125872 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi64.dll
2015-08-09 21:10 - 2012-07-26 07:32 - 00106928 _____ (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2015-08-09 21:10 - 2012-07-26 07:32 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-08-09 21:09 - 2015-08-09 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2015-08-09 21:09 - 2015-08-09 21:09 - 00000000 ____D C:\Windows\system32\Drivers\NBRTWizardx64
2015-08-09 21:09 - 2015-08-09 21:09 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2015-08-09 19:39 - 2015-08-09 19:57 - 00000000 ____D C:\Users\*******\Desktop\mbar
2015-08-09 19:39 - 2015-08-09 19:01 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\*******\Desktop\tdsskiller.exe
2015-08-09 19:35 - 2015-08-12 20:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 19:35 - 2015-08-12 19:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-09 19:35 - 2015-08-09 21:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-09 19:35 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 17:27 - 2015-08-11 17:29 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-08-09 16:31 - 2015-08-08 18:24 - 10079720 _____ (Symantec Corporation) C:\Users\*******\Desktop\NPE.exe
2015-08-08 22:05 - 2015-08-08 22:05 - 00587352 _____ C:\Windows\Minidump\080815-27393-01.dmp
2015-08-08 21:29 - 2015-08-12 20:27 - 00000000 ____D C:\FRST
2015-08-08 21:29 - 2015-08-08 21:29 - 00000000 _____ C:\Users\*******\defogger_reenable
2015-08-08 21:28 - 2015-08-08 20:52 - 02169856 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2015-08-08 21:28 - 2015-08-08 20:52 - 00380416 _____ C:\Users\*******\Desktop\Gmer-19357.exe
2015-08-08 21:28 - 2015-08-08 20:51 - 00050477 _____ C:\Users\*******\Desktop\Defogger.exe
2015-08-08 20:38 - 2015-08-08 20:38 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-08 20:38 - 2015-08-08 20:17 - 05481344 _____ (Avast Software s.r.o.) C:\Users\*******\Desktop\avast_free_antivirus_setup.exe
2015-08-08 20:38 - 2015-08-08 20:15 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\*******\Desktop\avira_de_av_55c646fd14add__ws.exe
2015-08-08 19:48 - 2015-08-09 21:31 - 00000000 ____D C:\Users\*******\AppData\Local\NPE
2015-07-28 18:10 - 2015-07-28 18:10 - 00000000 ____D C:\ProgramData\PCSettings
2015-07-26 17:14 - 2015-07-28 17:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-23 18:11 - 2015-07-23 18:11 - 00001083 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-07-23 18:11 - 2015-07-23 18:11 - 00001063 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-07-23 18:11 - 2015-07-23 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-07-16 21:45 - 2015-07-16 22:00 - 00000000 ____D C:\Users\****\AppData\Roaming\Greenshot
2015-07-16 21:45 - 2015-07-16 21:45 - 00000000 ____D C:\Users\****\AppData\Local\Greenshot

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-12 20:26 - 2014-01-09 19:04 - 01714167 _____ C:\Windows\WindowsUpdate.log
2015-08-12 20:21 - 2009-07-14 06:45 - 00025664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-12 20:21 - 2009-07-14 06:45 - 00025664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-12 20:17 - 2014-05-30 07:42 - 00000000 ____D C:\Users\*******\AppData\Local\FreePDF_XP
2015-08-12 20:16 - 2010-11-21 05:47 - 00562270 _____ C:\Windows\PFRO.log
2015-08-12 20:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-12 20:16 - 2009-07-14 06:51 - 00093845 _____ C:\Windows\setupact.log
2015-08-12 20:10 - 2015-07-03 09:14 - 00000000 ____D C:\Users\*******\AppData\Local\Greenshot
2015-08-12 20:09 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-08-12 20:04 - 2014-01-18 15:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-12 19:50 - 2014-03-18 18:13 - 00000000 ____D C:\Users\*******\AppData\Local\CrashDumps
2015-08-11 17:52 - 2014-04-22 20:57 - 00000000 ____D C:\Users\dub_cm_auto
2015-08-11 17:52 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-08-11 17:45 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-08-11 17:33 - 2014-01-09 19:12 - 00000000 ____D C:\ProgramData\Norton
2015-08-08 22:05 - 2014-06-08 14:49 - 501371548 _____ C:\Windows\MEMORY.DMP
2015-08-08 22:05 - 2014-06-08 14:49 - 00000000 ____D C:\Windows\Minidump
2015-08-08 21:29 - 2014-01-09 19:09 - 00000000 ____D C:\Users\*******
2015-08-06 22:19 - 2014-01-10 03:59 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-08-06 22:19 - 2014-01-10 03:59 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-08-06 22:19 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-06 21:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-27 21:35 - 2014-01-18 22:00 - 00000000 ____D C:\Users\*******\AppData\Local\Battle.net
2015-07-26 18:18 - 2014-02-19 21:03 - 00000000 ____D C:\Users\*******\AppData\Roaming\vlc
2015-07-26 17:12 - 2014-01-10 00:11 - 00000000 ____D C:\Program Files (x86)\RadeonPro
2015-07-23 18:11 - 2014-06-08 13:59 - 00000000 ____D C:\Program Files (x86)\PDF24
2015-07-16 21:45 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-16 18:05 - 2014-01-18 15:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 18:05 - 2014-01-09 21:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 18:05 - 2014-01-09 21:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-05-27 19:42 - 2014-05-27 19:57 - 0005632 _____ () C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-18 23:51 - 2015-04-18 23:51 - 0005211 _____ () C:\Users\*******\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
C:\Users\*******\AppData\Local\Temp\Quarantine.exe
C:\Users\*******\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-08 22:35

==================== Ende von log ============================

FRST Addition, die zweite:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
durchgeführt von ******* (2015-08-12 20:28:03)
Gestartet von C:\Users\*******\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1678810335-2756922238-3578185290-500 - Administrator - Disabled)
**** (S-1-5-21-1678810335-2756922238-3578185290-1003 - Administrator - Enabled) => C:\Users\****
Gast (S-1-5-21-1678810335-2756922238-3578185290-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1678810335-2756922238-3578185290-1002 - Limited - Enabled)
******* (S-1-5-21-1678810335-2756922238-3578185290-1001 - Administrator - Enabled) => C:\Users\*******

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 4.64 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AudioLabel (HKLM-x32\...\AudioLabel) (Version: 6.0 (Build 2) - CDCoverSoft)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CoCreate Modeling Personal Edition 3.0 ( x64 ) (HKLM\...\{1218162D-656E-4074-9201-B29EA22FDA4B}) (Version: 30.0.0034 - Parametric Technology GmbH)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
DiRT 3 (x32 Version: 1.0.0003.130 - Codemasters) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen)
FairStars CD Ripper 1.70 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Logitech Gaming Software 5.08 (HKLM\...\{96F1BA99-300F-4DD5-A26B-788EF63B53B1}) (Version: 5.08.146 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
Nero CoverDesigner (HKLM-x32\...\{79BB6415-00A7-413A-B278-A7EAE69F1753}) (Version: 12.0.02700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 20.0.1387.77 (HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\...\Opera 20.0.1387.77) (Version: 20.0.1387.77 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 7.0.6 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.1 - Tracker Software Products Ltd)
Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden
PTC Creo Elements/Direct Modeling Express 6.0 ( x64 ) (HKLM\...\{CAEBEDAB-0BDA-4E05-B904-7909713D079D}) (Version: 60.0.00392 - Parametric Technology GmbH)
PTC Diagnostic Tools (HKLM\...\{D8EE1206-5E41-425D-83E7-E6D9886E716D}) (Version: 3.0.0.0 - PTC)
PTC Mathcad Prime 3.1 (HKLM\...\{3A4F83E8-C604-4970-8A1F-8963B3507630}) (Version: 3.1.0 - PTC)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Sound Blaster X-Fi Xtreme Audio (HKLM-x32\...\{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}) (Version: 1.0 - )
Transcribe! 8.40 (HKLM-x32\...\Transcribe!_is1) (Version: 8.40 - Seventh String Software)
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
Unreal Tournament 2004 (HKLM-x32\...\{394DC0BC-5476-4260-B52C-BDE1BDEFA958}) (Version: 1.00.0000 - Epic Games)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VueScan x32 (HKLM-x32\...\VueScan x32) (Version:  - )
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.1.1739 - 1&1 Mail & Media GmbH)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

21-07-2015 18:13:27 Geplanter Prüfpunkt
08-08-2015 22:41:45 Geplanter Prüfpunkt
11-08-2015 17:35:25 ComboFix created restore point
12-08-2015 20:20:58 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-08-11 17:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01820DC9-1EB1-4E31-BF9D-7C3F1DF5E37C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {02351716-CDE1-4A09-BCAC-C1BD3BBA96B2} - System32\Tasks\{27952182-AB59-494E-8011-66F6BCD38CEA} => pcalua.exe -a C:\Users\*******\Desktop\gfwlivesetup.exe -d C:\Users\*******\Desktop
Task: {35DFCB1E-A4AB-4CE3-A58A-F6C31D02657E} - System32\Tasks\{9C838587-F0B1-46FE-B6C8-1EA032496928} => pcalua.exe -a Z:\Installer\Viewer\irfanview_plugins_437_setup.exe -d Z:\Installer\Viewer
Task: {94E9266A-39A1-4F53-9B79-38D73A7D830E} - System32\Tasks\{C330B0C9-5C79-4BE0-A084-DAAD21044709} => pcalua.exe -a G:\setup.exe -d G:\
Task: {D1A7E572-1903-4191-97CD-8AAD288C0AE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-04-25 12:03 - 2012-06-21 07:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*******\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{4D2938FA-05C6-4E06-A37C-009319327586}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{F5B69DC8-7E8C-4427-AB16-F695453184B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1DDCD492-6C55-403D-A3A2-AECF74AB5910}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{6188121D-024C-4433-961C-4C7A179EAE53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{F57C4A07-37E6-44B4-BA75-D2ED668BED24}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AC925902-28F8-4C38-B3ED-D342711F886F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{837730FE-AD6A-4E44-9EE8-AEB894D4B83C}] => (Allow) Z:\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{9325239C-6971-4898-9E44-DF00AF713B4D}] => (Allow) Z:\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{5821C85A-88D2-4B2B-A723-A6637A6063A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{2CA6743A-2C2D-4545-9E38-4223EA971B08}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{9B18A605-15E4-4D31-B7F6-5C7E34B36DF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E03A9F00-30C2-4E56-8F68-ED405E3CA691}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{6C2A5134-3D29-447B-BECC-5E2ECCD76DFB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{92B977B4-2979-4FD2-8DBF-6F1FD7A12984}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{0749BF5F-819F-41FD-BA41-F7433DBFE3C6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{75B3E434-5B48-40ED-97AD-D0B20E99FA62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{135EA207-84C5-4E89-AD00-AC4E2E71F321}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{94A3C0F9-4500-48B2-A0F8-8659B3F3E305}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [TCP Query User{90D85595-AD82-49B2-B3D8-19EF4BA5BF65}Z:\diablo iii\diablo iii.exe] => (Allow) Z:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{470649EE-1D8F-46FB-B590-56DF653F81C4}Z:\diablo iii\diablo iii.exe] => (Allow) Z:\diablo iii\diablo iii.exe
FirewallRules: [{61873EA7-3D64-4599-BC70-995AD67C080D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{F22FD00E-D2A3-4E71-A651-B3F5A5D24DF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{608824D0-37C6-48BE-9693-8C8D8775CE84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C1A8593D-4C2A-4EE2-828B-AFCA124CBE37}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0B5B6E11-8F55-4A55-BD7F-2F0C7DD71DD9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{A4D31217-22F4-40E3-99D2-E7E7E8CC279D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{31EC6E9D-3052-45F6-9522-EBB058D82125}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{BF9EF39C-64DA-4929-BD5D-7573C85484F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{E5C872B6-CBE2-4530-93B5-C600BBDCE3E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{497A4F5A-098E-4E1C-B437-FED77E98985D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{AB00ECC6-B67C-4A2E-ADDC-9CEED7862AA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{87E2BA6B-DB40-470F-B8D9-346EFDF32DF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{2DCAB66B-0321-4881-85B2-268147E07CEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{09F9640F-B425-4D4E-AE30-763299CEF27C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{111B51C1-738C-44BE-A485-74640CCFC37B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{ADAD4EA4-FA25-47EC-A0E1-4813D8BAEB4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{97EBACB7-46B2-4458-9F58-771968629AE0}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{063B2A4D-6A8B-4CC3-B681-00E21CBF6ACD}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{D78021E2-3BA2-43B8-A9EF-9A99BFD9C360}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{C391F70C-CE43-4B7A-B08F-33F9AF1FE61E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{E8B7AB49-B251-4E34-9883-FB50FD18422E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{6D282A7E-80F0-4EE9-8D1F-9592BBCF0F2A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{BBFEA202-A5AA-4274-934E-135C95D0A779}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CAAE74B4-9A08-4BFB-864A-E178840E4ABD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{A3AB0CC2-0449-4FF1-8B86-1F5EF6486E2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{0FF0CAD8-4E2D-45AA-9709-63187D1DC5D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{94D25D98-8A3D-4E62-B56A-F668ADCD9F60}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{1678A7CE-6DB6-44E0-98F9-3D0DA5497E21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{9A1F127F-CF5E-44CB-B86E-9E319F27C035}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{BC21BCAB-083F-4FC9-AFEC-70FD5634F5C8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{33EAE1DE-B350-4912-AFA9-25464A975A93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{14DC7E46-699F-4300-8EE7-508C30839666}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{DFAE125B-5888-446F-8392-A25FD51FA932}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{40DE75BC-821C-40FE-89FA-C307D2BB8221}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{161E88F0-A455-495C-AF8E-B2B6E7FE9E10}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{F74EBFB4-965D-49A2-BF2D-7531F605DDF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{EBDA7AA1-5025-46CF-B4CA-0AD554AFE77B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{9737DA2D-95FD-4AD6-9F17-19E330613870}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{69114650-21B0-43E7-AE1C-E41031C15934}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{82F80CEE-CEA3-4E55-A7D8-8D4AC9EB3C81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{FAB6639A-7340-422B-813B-4CE3E57D68C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{7DA8E4F3-A2B9-40D9-9267-7D8DA80F8472}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{64BEA362-EA09-47B2-B943-96229B5799BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{7816D4C8-1AB7-4CBC-B16E-BD463FFE0193}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{4FB4C574-497F-4D66-AF3C-8791959651F7}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds.exe
FirewallRules: [{4BF67C30-62A2-424A-AFCA-AE9C10CA21F9}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds.exe
FirewallRules: [{D4180822-D4E9-4276-89F8-D3CEF2795072}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{97DFEF71-4C22-4B45-9479-E729D6E532D1}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{D2EC7768-9D13-4964-96AB-478ACFB542DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{878D8F14-8F53-437E-86A3-E099F6DEED21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{00CECD7E-4B01-47F9-8CF2-80BA00BD59D0}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{A9D853A7-15FB-4FD6-B561-C69877A44495}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{B7DB40CC-B189-4D23-B45A-05EB2D379E24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFC1CB38-1196-4C19-81CF-2AAE2F4E2610}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46040856-17E4-448E-89C4-F7380D2A88E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E72D416-B6D5-4FB7-85AD-783D469DD607}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{368B028D-475A-4BA8-B3C6-747A3FC77FC4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D3532889-728D-402B-976C-403C14452D79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B293E784-04B5-422F-89B0-94C2A1EBAFB8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{810DA817-B230-489D-9BF8-EB2499B68D0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{E0B46CD9-DC07-4774-8DB3-2AD4180DEBA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{60CDB7FD-51DD-4A83-8C5E-DC9520782209}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{505E959A-2C2E-4E36-8402-C2AB6D0A1D17}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{8FA9253C-7393-4B45-B919-5AFFE6C93692}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{294B1A43-A455-414C-9B0B-681749D4A637}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{A2960F91-BE15-4DBA-B955-D941BAD327B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{36352B47-C03D-4514-9582-BE3C1A82D4C3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{67F4409A-E414-44F4-8B74-8D5AE37279FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/12/2015 08:18:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 08:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 07:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.55.0, Zeitstempel: 0x557a2a02
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x9a8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/12/2015 07:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.55.0, Zeitstempel: 0x557a2a02
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x578
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/12/2015 07:49:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2015 05:35:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2015 05:27:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2015 07:10:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2015 09:04:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm vuescan.exe, Version 9.4.25.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b28

Startzeit: 01d0d2d5fce772b0

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\VueScan\vuescan.exe

Berichts-ID: 506560f1-3ec9-11e5-a873-0023546fbd1c

Error: (08/09/2015 07:35:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (08/12/2015 08:21:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/12/2015 08:21:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/12/2015 08:21:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/12/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/12/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/12/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "RadeonPro Support Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/12/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/12/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/12/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/12/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (08/12/2015 08:18:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 08:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 07:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd9a801d0d527510f1c50H:\ Malwarebytes Anti-Malware \mbam.exeH:\ Malwarebytes Anti-Malware \MSVCR100.dll8eda9910-411a-11e5-bff2-0023546fbd1c

Error: (08/12/2015 07:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd57801d0d5273ec74d10C:\Users\*******\Desktop\ Malwarebytes Anti-Malware \mbam.exeC:\Users\*******\Desktop\ Malwarebytes Anti-Malware \MSVCR100.dll7ce15730-411a-11e5-bff2-0023546fbd1c

Error: (08/12/2015 07:49:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2015 05:35:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2015 05:27:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2015 07:10:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2015 09:04:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: vuescan.exe9.4.25.0b2801d0d2d5fce772b060000C:\Program Files (x86)\VueScan\vuescan.exe506560f1-3ec9-11e5-a873-0023546fbd1c

Error: (08/09/2015 07:35:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity:
===================================
  Date: 2015-08-11 17:43:50.996
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-08-11 17:43:50.964
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 32%
Total physical RAM: 4094.55 MB
Available physical RAM: 2771.34 MB
Total Virtual: 8187.32 MB
Available Virtual: 6700.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:37.62 GB) NTFS
Drive d: (Daten) (Fixed) (Total:172.79 GB) (Free:47.78 GB) NTFS
Drive h: (PHIL) (Removable) (Total:7.52 GB) (Free:7.19 GB) exFAT
Drive z: (Games) (Fixed) (Total:195.32 GB) (Free:40.02 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 50990D2B)
Partition 1: (Not Active) - (Size=270.4 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=195.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 000A5724)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)

==================== Ende von log ============================

schrauber · 13.08.2015, 10:59

Ich empfehle immer Emsisoft, kostet aber. Kannste 30 Tage kostenlos testen, falls es gefällt kann ich dir als User des Boards hier auch Rabatt anbieten

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

DT-Maniac · 13.08.2015, 21:56

Wie gesagt, die Probleme, die ich hatte, scheinen schon behoben zu sein. Werde aber die restlichen Scans auch noch durchziehen. Bin gerne bereit, für guten Schutz zu bezahlen. NIS kostet schließlich auch. Und wenns was besseres gibt, warum nicht?

Wie gesagt, die Probleme, die ich hatte, scheinen schon behoben zu sein. Werde aber die restlichen Scans auch noch durchziehen. Bin gerne bereit, für guten Schutz zu bezahlen. NIS kostet schließlich auch. Und wenns was besseres gibt, warum nicht?

NIS stuft SecurityCheck als nicht sicher ein...

Hier die Logs von

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=45fd2038e283974c931819e0080f52dc
# end=init
# utc_time=2015-08-13 05:51:58
# local_time=2015-08-13 07:51:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25262
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=45fd2038e283974c931819e0080f52dc
# end=updated
# utc_time=2015-08-13 05:59:06
# local_time=2015-08-13 07:59:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=45fd2038e283974c931819e0080f52dc
# engine=25262
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-13 08:32:40
# local_time=2015-08-13 10:32:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 49342308 191127810 0 0
# scanned=280865
# found=5
# cleaned=0
# scan_time=9213
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.R evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\*******\Downloads\Dell_Color_Laser_3130cn_Treiber_Update_06-2014.exe"
sh=6F8C7B8CAC70F006B6F0305F4DAE21F5A05E2941 ft=1 fh=77b67014d1f9f560 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Schriftarten\typo40e.exe"
sh=2ADC64976A3CA941169B1EFE30433026330B9AD2 ft=1 fh=18f13fffb8922f62 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="Z:\Installer\cdburnerxp-4-5-2-4478.exe"
sh=FC7A6EFD80A04C657B2331EA0FD7793E1463C0F9 ft=1 fh=a28090f725c68914 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="Z:\Installer\Mathcad Prime - CHIP-Installer.exe"
sh=1AE533E99F9452EDCDC5DBDE1FD37179FB445022 ft=1 fh=548f9280fbfcadcf vn="Win32/Induc Virus" ac=I fn="Z:\Installer\Ausmist_Tools\gusetup.exe"

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 1.006  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.209  
 Mozilla Firefox 38.0.5 Firefox out of Date!  
 Mozilla Thunderbird 31.7.0 Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
durchgeführt von ******* (Administrator) auf SHARK (13-08-2015 22:41:57)
Gestartet von C:\Users\*******\Desktop
Geladene Profile: ******* (Verfügbare Profile: ******* & ****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-17] (Logitech Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH)
HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1678810335-2756922238-3578185290-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-11-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-11-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-11-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-11-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7D1B3D77-3D1A-4DBA-AA76-4D7162C32DF9}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1678810335-2756922238-3578185290-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF-XChange-Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-01-08] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\searchplugins\duckduckgo.xml [2014-01-09]
FF Extension: YouTube Unblocker - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-06-17]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-01-09]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-01-09]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: DuckDuckGo Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-01-09]
FF Extension: {9192c10a-ce03-4ca3-a4e6-a1531e339a49} - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{9192c10a-ce03-4ca3-a4e6-a1531e339a49}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-09]
FF Extension: HTML Plugin - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{e3560e50-30d3-4bfa-978d-36033fbee1da}.xpi [2014-11-25]
FF Extension: Adblock Edge - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\mzsmduzt.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-09]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-04]

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-1678810335-2756922238-3578185290-1001) OperaStable - "C:\Program Files (x86)\Opera\Launcher.exe"

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-01-10] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-01-10] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [Datei ist nicht signiert]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-04-13] (Mr. John aka japamd) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 L6PODHDBEAN; C:\Windows\System32\Drivers\L6PODHDBEAN64.sys [772864 2013-07-11] (Line 6)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
U3 Winsock; kein ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-13 22:41 - 2015-08-13 22:42 - 00015283 _____ C:\Users\*******\Desktop\FRST.txt
2015-08-13 19:54 - 2015-08-13 19:54 - 00852684 _____ C:\Users\*******\Desktop\SecurityCheck.exe
2015-08-13 19:49 - 2015-08-13 19:49 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-13 19:49 - 2015-08-13 19:09 - 173235232 _____ (Emsisoft Ltd. ) C:\Users\*******\Desktop\EmsisoftInternetSecuritySetup.exe
2015-08-13 19:49 - 2015-08-13 18:35 - 02870984 _____ (ESET) C:\Users\*******\Desktop\esetsmartinstaller_deu.exe
2015-08-12 20:13 - 2015-08-12 20:15 - 00000000 ____D C:\AdwCleaner
2015-08-12 19:50 - 2015-08-12 19:50 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-12 19:50 - 2015-08-12 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-08-12 19:50 - 2015-08-12 19:50 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-12 19:50 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-12 19:50 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-12 19:48 - 2015-08-12 19:36 - 02248704 _____ C:\Users\*******\Desktop\AdwCleaner_4.208.exe
2015-08-12 19:48 - 2015-08-12 19:36 - 01791580 _____ (Malwarebytes Corporation) C:\Users\*******\Desktop\JRT.exe
2015-08-11 17:52 - 2015-08-11 17:52 - 00017960 _____ C:\ComboFix.txt
2015-08-11 17:35 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-11 17:35 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-11 17:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-11 17:35 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-10 19:14 - 2015-08-11 17:52 - 00000000 ____D C:\Qoobox
2015-08-10 19:13 - 2015-08-11 17:50 - 00000000 ____D C:\Windows\erdnt
2015-08-10 19:11 - 2015-08-10 18:10 - 05634368 ____R (Swearware) C:\Users\*******\Desktop\ComboFix.exe
2015-08-09 21:10 - 2012-07-26 07:32 - 00125872 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi64.dll
2015-08-09 21:10 - 2012-07-26 07:32 - 00106928 _____ (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2015-08-09 21:10 - 2012-07-26 07:32 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-08-09 21:09 - 2015-08-09 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2015-08-09 21:09 - 2015-08-09 21:09 - 00000000 ____D C:\Windows\system32\Drivers\NBRTWizardx64
2015-08-09 21:09 - 2015-08-09 21:09 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2015-08-09 19:39 - 2015-08-09 19:57 - 00000000 ____D C:\Users\*******\Desktop\mbar
2015-08-09 19:39 - 2015-08-09 19:01 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\*******\Desktop\tdsskiller.exe
2015-08-09 19:35 - 2015-08-12 20:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 19:35 - 2015-08-12 19:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-09 19:35 - 2015-08-09 21:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-09 19:35 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 17:27 - 2015-08-11 17:29 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-08-09 16:31 - 2015-08-08 18:24 - 10079720 _____ (Symantec Corporation) C:\Users\*******\Desktop\NPE.exe
2015-08-08 22:05 - 2015-08-08 22:05 - 00587352 _____ C:\Windows\Minidump\080815-27393-01.dmp
2015-08-08 21:29 - 2015-08-13 22:41 - 00000000 ____D C:\FRST
2015-08-08 21:29 - 2015-08-08 21:29 - 00000000 _____ C:\Users\*******\defogger_reenable
2015-08-08 21:28 - 2015-08-08 20:52 - 02169856 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2015-08-08 21:28 - 2015-08-08 20:52 - 00380416 _____ C:\Users\*******\Desktop\Gmer-19357.exe
2015-08-08 21:28 - 2015-08-08 20:51 - 00050477 _____ C:\Users\*******\Desktop\Defogger.exe
2015-08-08 20:38 - 2015-08-08 20:38 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-08 20:38 - 2015-08-08 20:17 - 05481344 _____ (Avast Software s.r.o.) C:\Users\*******\Desktop\avast_free_antivirus_setup.exe
2015-08-08 20:38 - 2015-08-08 20:15 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\*******\Desktop\avira_de_av_55c646fd14add__ws.exe
2015-08-08 19:48 - 2015-08-09 21:31 - 00000000 ____D C:\Users\*******\AppData\Local\NPE
2015-07-28 18:10 - 2015-07-28 18:10 - 00000000 ____D C:\ProgramData\PCSettings
2015-07-26 17:14 - 2015-07-28 17:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-23 18:11 - 2015-07-23 18:11 - 00001083 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-07-23 18:11 - 2015-07-23 18:11 - 00001063 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-07-23 18:11 - 2015-07-23 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-07-16 21:45 - 2015-07-16 22:00 - 00000000 ____D C:\Users\****\AppData\Roaming\Greenshot
2015-07-16 21:45 - 2015-07-16 21:45 - 00000000 ____D C:\Users\****\AppData\Local\Greenshot

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-13 22:04 - 2014-01-18 15:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-13 20:03 - 2014-01-09 19:04 - 01753741 _____ C:\Windows\WindowsUpdate.log
2015-08-13 19:48 - 2014-05-30 07:42 - 00000000 ____D C:\Users\*******\AppData\Local\FreePDF_XP
2015-08-13 18:40 - 2009-07-14 06:45 - 00025664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-13 18:40 - 2009-07-14 06:45 - 00025664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-13 18:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-13 18:32 - 2009-07-14 06:51 - 00093957 _____ C:\Windows\setupact.log
2015-08-12 20:16 - 2010-11-21 05:47 - 00562270 _____ C:\Windows\PFRO.log
2015-08-12 20:10 - 2015-07-03 09:14 - 00000000 ____D C:\Users\*******\AppData\Local\Greenshot
2015-08-12 20:09 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-08-12 19:50 - 2014-03-18 18:13 - 00000000 ____D C:\Users\*******\AppData\Local\CrashDumps
2015-08-11 17:52 - 2014-04-22 20:57 - 00000000 ____D C:\Users\dub_cm_auto
2015-08-11 17:52 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-08-11 17:45 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-08-11 17:33 - 2014-01-09 19:12 - 00000000 ____D C:\ProgramData\Norton
2015-08-08 22:05 - 2014-06-08 14:49 - 501371548 _____ C:\Windows\MEMORY.DMP
2015-08-08 22:05 - 2014-06-08 14:49 - 00000000 ____D C:\Windows\Minidump
2015-08-08 21:29 - 2014-01-09 19:09 - 00000000 ____D C:\Users\*******
2015-08-06 22:19 - 2014-01-10 03:59 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-08-06 22:19 - 2014-01-10 03:59 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-08-06 22:19 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-06 21:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-27 21:35 - 2014-01-18 22:00 - 00000000 ____D C:\Users\*******\AppData\Local\Battle.net
2015-07-26 18:18 - 2014-02-19 21:03 - 00000000 ____D C:\Users\*******\AppData\Roaming\vlc
2015-07-26 17:12 - 2014-01-10 00:11 - 00000000 ____D C:\Program Files (x86)\RadeonPro
2015-07-23 18:11 - 2014-06-08 13:59 - 00000000 ____D C:\Program Files (x86)\PDF24
2015-07-16 21:45 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-16 18:05 - 2014-01-18 15:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 18:05 - 2014-01-09 21:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 18:05 - 2014-01-09 21:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-05-27 19:42 - 2014-05-27 19:57 - 0005632 _____ () C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-18 23:51 - 2015-04-18 23:51 - 0005211 _____ () C:\Users\*******\AppData\Local\recently-used.xbel

Einige Dateien in TEMP:
====================
C:\Users\*******\AppData\Local\Temp\Quarantine.exe
C:\Users\*******\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-12 20:50

==================== Ende von log ============================

und FRST Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
durchgeführt von ******* (2015-08-13 22:42:28)
Gestartet von C:\Users\*******\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1678810335-2756922238-3578185290-500 - Administrator - Disabled)
**** (S-1-5-21-1678810335-2756922238-3578185290-1003 - Administrator - Enabled) => C:\Users\****
Gast (S-1-5-21-1678810335-2756922238-3578185290-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1678810335-2756922238-3578185290-1002 - Limited - Enabled)
******* (S-1-5-21-1678810335-2756922238-3578185290-1001 - Administrator - Enabled) => C:\Users\*******

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 4.64 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AudioLabel (HKLM-x32\...\AudioLabel) (Version: 6.0 (Build 2) - CDCoverSoft)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CoCreate Modeling Personal Edition 3.0 ( x64 ) (HKLM\...\{1218162D-656E-4074-9201-B29EA22FDA4B}) (Version: 30.0.0034 - Parametric Technology GmbH)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
DiRT 3 (x32 Version: 1.0.0003.130 - Codemasters) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FairStars CD Ripper 1.70 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Logitech Gaming Software 5.08 (HKLM\...\{96F1BA99-300F-4DD5-A26B-788EF63B53B1}) (Version: 5.08.146 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
Nero CoverDesigner (HKLM-x32\...\{79BB6415-00A7-413A-B278-A7EAE69F1753}) (Version: 12.0.02700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 20.0.1387.77 (HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\...\Opera 20.0.1387.77) (Version: 20.0.1387.77 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 7.0.6 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.1 - Tracker Software Products Ltd)
Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden
PTC Creo Elements/Direct Modeling Express 6.0 ( x64 ) (HKLM\...\{CAEBEDAB-0BDA-4E05-B904-7909713D079D}) (Version: 60.0.00392 - Parametric Technology GmbH)
PTC Diagnostic Tools (HKLM\...\{D8EE1206-5E41-425D-83E7-E6D9886E716D}) (Version: 3.0.0.0 - PTC)
PTC Mathcad Prime 3.1 (HKLM\...\{3A4F83E8-C604-4970-8A1F-8963B3507630}) (Version: 3.1.0 - PTC)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Sound Blaster X-Fi Xtreme Audio (HKLM-x32\...\{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}) (Version: 1.0 - )
Transcribe! 8.40 (HKLM-x32\...\Transcribe!_is1) (Version: 8.40 - Seventh String Software)
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
Unreal Tournament 2004 (HKLM-x32\...\{394DC0BC-5476-4260-B52C-BDE1BDEFA958}) (Version: 1.00.0000 - Epic Games)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VueScan x32 (HKLM-x32\...\VueScan x32) (Version:  - )
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.1.1739 - 1&1 Mail & Media GmbH)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

08-08-2015 22:41:45 Geplanter Prüfpunkt
11-08-2015 17:35:25 ComboFix created restore point
12-08-2015 20:20:58 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-08-11 17:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01820DC9-1EB1-4E31-BF9D-7C3F1DF5E37C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {02351716-CDE1-4A09-BCAC-C1BD3BBA96B2} - System32\Tasks\{27952182-AB59-494E-8011-66F6BCD38CEA} => pcalua.exe -a C:\Users\*******\Desktop\gfwlivesetup.exe -d C:\Users\*******\Desktop
Task: {35DFCB1E-A4AB-4CE3-A58A-F6C31D02657E} - System32\Tasks\{9C838587-F0B1-46FE-B6C8-1EA032496928} => pcalua.exe -a Z:\Installer\Viewer\irfanview_plugins_437_setup.exe -d Z:\Installer\Viewer
Task: {94E9266A-39A1-4F53-9B79-38D73A7D830E} - System32\Tasks\{C330B0C9-5C79-4BE0-A084-DAAD21044709} => pcalua.exe -a G:\setup.exe -d G:\
Task: {D1A7E572-1903-4191-97CD-8AAD288C0AE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-04-25 12:03 - 2012-06-21 07:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-01-16 12:58 - 2013-01-16 12:58 - 02408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2013-01-16 12:58 - 2013-01-16 12:58 - 08626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2013-01-16 12:58 - 2013-01-16 12:58 - 00212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-01-09 20:50 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-01-09 20:50 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-06-08 13:59 - 2015-07-21 11:43 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2014-06-08 13:59 - 2015-07-21 11:43 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1678810335-2756922238-3578185290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*******\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{4D2938FA-05C6-4E06-A37C-009319327586}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{F5B69DC8-7E8C-4427-AB16-F695453184B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1DDCD492-6C55-403D-A3A2-AECF74AB5910}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{6188121D-024C-4433-961C-4C7A179EAE53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{F57C4A07-37E6-44B4-BA75-D2ED668BED24}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AC925902-28F8-4C38-B3ED-D342711F886F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{837730FE-AD6A-4E44-9EE8-AEB894D4B83C}] => (Allow) Z:\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{9325239C-6971-4898-9E44-DF00AF713B4D}] => (Allow) Z:\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{5821C85A-88D2-4B2B-A723-A6637A6063A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{2CA6743A-2C2D-4545-9E38-4223EA971B08}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{9B18A605-15E4-4D31-B7F6-5C7E34B36DF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E03A9F00-30C2-4E56-8F68-ED405E3CA691}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{6C2A5134-3D29-447B-BECC-5E2ECCD76DFB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{92B977B4-2979-4FD2-8DBF-6F1FD7A12984}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{0749BF5F-819F-41FD-BA41-F7433DBFE3C6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{75B3E434-5B48-40ED-97AD-D0B20E99FA62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{135EA207-84C5-4E89-AD00-AC4E2E71F321}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{94A3C0F9-4500-48B2-A0F8-8659B3F3E305}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [TCP Query User{90D85595-AD82-49B2-B3D8-19EF4BA5BF65}Z:\diablo iii\diablo iii.exe] => (Allow) Z:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{470649EE-1D8F-46FB-B590-56DF653F81C4}Z:\diablo iii\diablo iii.exe] => (Allow) Z:\diablo iii\diablo iii.exe
FirewallRules: [{61873EA7-3D64-4599-BC70-995AD67C080D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{F22FD00E-D2A3-4E71-A651-B3F5A5D24DF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{608824D0-37C6-48BE-9693-8C8D8775CE84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C1A8593D-4C2A-4EE2-828B-AFCA124CBE37}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0B5B6E11-8F55-4A55-BD7F-2F0C7DD71DD9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{A4D31217-22F4-40E3-99D2-E7E7E8CC279D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{31EC6E9D-3052-45F6-9522-EBB058D82125}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{BF9EF39C-64DA-4929-BD5D-7573C85484F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{E5C872B6-CBE2-4530-93B5-C600BBDCE3E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{497A4F5A-098E-4E1C-B437-FED77E98985D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{AB00ECC6-B67C-4A2E-ADDC-9CEED7862AA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{87E2BA6B-DB40-470F-B8D9-346EFDF32DF4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{2DCAB66B-0321-4881-85B2-268147E07CEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{09F9640F-B425-4D4E-AE30-763299CEF27C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{111B51C1-738C-44BE-A485-74640CCFC37B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{ADAD4EA4-FA25-47EC-A0E1-4813D8BAEB4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{97EBACB7-46B2-4458-9F58-771968629AE0}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{063B2A4D-6A8B-4CC3-B681-00E21CBF6ACD}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{D78021E2-3BA2-43B8-A9EF-9A99BFD9C360}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{C391F70C-CE43-4B7A-B08F-33F9AF1FE61E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{E8B7AB49-B251-4E34-9883-FB50FD18422E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{6D282A7E-80F0-4EE9-8D1F-9592BBCF0F2A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{BBFEA202-A5AA-4274-934E-135C95D0A779}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CAAE74B4-9A08-4BFB-864A-E178840E4ABD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{A3AB0CC2-0449-4FF1-8B86-1F5EF6486E2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{0FF0CAD8-4E2D-45AA-9709-63187D1DC5D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{94D25D98-8A3D-4E62-B56A-F668ADCD9F60}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{1678A7CE-6DB6-44E0-98F9-3D0DA5497E21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{9A1F127F-CF5E-44CB-B86E-9E319F27C035}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{BC21BCAB-083F-4FC9-AFEC-70FD5634F5C8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{33EAE1DE-B350-4912-AFA9-25464A975A93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{14DC7E46-699F-4300-8EE7-508C30839666}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{DFAE125B-5888-446F-8392-A25FD51FA932}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{40DE75BC-821C-40FE-89FA-C307D2BB8221}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{161E88F0-A455-495C-AF8E-B2B6E7FE9E10}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{F74EBFB4-965D-49A2-BF2D-7531F605DDF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{EBDA7AA1-5025-46CF-B4CA-0AD554AFE77B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{9737DA2D-95FD-4AD6-9F17-19E330613870}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{69114650-21B0-43E7-AE1C-E41031C15934}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{82F80CEE-CEA3-4E55-A7D8-8D4AC9EB3C81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{FAB6639A-7340-422B-813B-4CE3E57D68C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{7DA8E4F3-A2B9-40D9-9267-7D8DA80F8472}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{64BEA362-EA09-47B2-B943-96229B5799BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{7816D4C8-1AB7-4CBC-B16E-BD463FFE0193}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{4FB4C574-497F-4D66-AF3C-8791959651F7}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds.exe
FirewallRules: [{4BF67C30-62A2-424A-AFCA-AE9C10CA21F9}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds.exe
FirewallRules: [{D4180822-D4E9-4276-89F8-D3CEF2795072}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{97DFEF71-4C22-4B45-9479-E729D6E532D1}] => (Allow) C:\Program Files (x86)\Games\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{D2EC7768-9D13-4964-96AB-478ACFB542DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{878D8F14-8F53-437E-86A3-E099F6DEED21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{00CECD7E-4B01-47F9-8CF2-80BA00BD59D0}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{A9D853A7-15FB-4FD6-B561-C69877A44495}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{B7DB40CC-B189-4D23-B45A-05EB2D379E24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFC1CB38-1196-4C19-81CF-2AAE2F4E2610}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46040856-17E4-448E-89C4-F7380D2A88E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E72D416-B6D5-4FB7-85AD-783D469DD607}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{368B028D-475A-4BA8-B3C6-747A3FC77FC4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D3532889-728D-402B-976C-403C14452D79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{B293E784-04B5-422F-89B0-94C2A1EBAFB8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{810DA817-B230-489D-9BF8-EB2499B68D0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{E0B46CD9-DC07-4774-8DB3-2AD4180DEBA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{60CDB7FD-51DD-4A83-8C5E-DC9520782209}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{505E959A-2C2E-4E36-8402-C2AB6D0A1D17}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{8FA9253C-7393-4B45-B919-5AFFE6C93692}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{294B1A43-A455-414C-9B0B-681749D4A637}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{A2960F91-BE15-4DBA-B955-D941BAD327B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{36352B47-C03D-4514-9582-BE3C1A82D4C3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{67F4409A-E414-44F4-8B74-8D5AE37279FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/13/2015 10:36:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/13/2015 07:49:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/13/2015 07:49:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/13/2015 07:49:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/13/2015 06:33:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2015 03:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 08:18:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 08:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 07:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.55.0, Zeitstempel: 0x557a2a02
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x9a8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/12/2015 07:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.55.0, Zeitstempel: 0x557a2a02
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x578
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3


Systemfehler:
=============
Error: (08/13/2015 07:59:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/13/2015 07:59:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\*******\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2015 07:59:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/13/2015 07:59:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\*******\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2015 07:59:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/13/2015 07:59:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\*******\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2015 07:52:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/13/2015 07:52:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\*******\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2015 07:52:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/13/2015 07:52:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\*******\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office:
=========================
Error: (08/13/2015 10:36:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/13/2015 07:49:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\*******\Desktop\esetsmartinstaller_deu.exe

Error: (08/13/2015 07:49:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\*******\Desktop\esetsmartinstaller_deu.exe

Error: (08/13/2015 07:49:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestH:\esetsmartinstaller_deu.exe

Error: (08/13/2015 06:33:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2015 03:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 08:18:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 08:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2015 07:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd9a801d0d527510f1c50H:\ Malwarebytes Anti-Malware \mbam.exeH:\ Malwarebytes Anti-Malware \MSVCR100.dll8eda9910-411a-11e5-bff2-0023546fbd1c

Error: (08/12/2015 07:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd57801d0d5273ec74d10C:\Users\*******\Desktop\ Malwarebytes Anti-Malware \mbam.exeC:\Users\*******\Desktop\ Malwarebytes Anti-Malware \MSVCR100.dll7ce15730-411a-11e5-bff2-0023546fbd1c


CodeIntegrity:
===================================
  Date: 2015-08-11 17:43:50.996
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-08-11 17:43:50.964
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 38%
Total physical RAM: 4094.55 MB
Available physical RAM: 2522.74 MB
Total Virtual: 8187.32 MB
Available Virtual: 6628.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:35.5 GB) NTFS
Drive d: (Daten) (Fixed) (Total:172.79 GB) (Free:47.78 GB) NTFS
Drive h: (PHIL) (Removable) (Total:7.52 GB) (Free:7.03 GB) exFAT
Drive z: (Games) (Fixed) (Total:195.32 GB) (Free:40.02 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 50990D2B)
Partition 1: (Not Active) - (Size=270.4 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=195.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 000A5724)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)

==================== Ende von log ============================

Emsisoft Internet Security habe ich heruntergeladen und installiert. Werde mich dann nochmal melden, wenn die Testphase vorbei ist.

schrauber · 14.08.2015, 16:16

Java, Firefox und Thunderbird updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\*******\Downloads\Dell_Color_Laser_3130cn_Treiber_Update_06-2014.exe

D:\Schriftarten\typo40e.exe

Z:\Installer\cdburnerxp-4-5-2-4478.exe

Z:\Installer\Mathcad Prime - CHIP-Installer.exe

Z:\Installer\Ausmist_Tools\gusetup.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Win 7 Home x64; Internetverbindung, Norton Internet Security und andere Programme funktionieren nicht mehr

Log-Analyse und Auswertung: Win 7 Home x64; Internetverbindung, Norton Internet Security und andere Programme funktionieren nicht mehr