| |
| |||||||
Log-Analyse und Auswertung: Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von WartungscenterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.10.2014, 08:02
| #1 |
| |  Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter Servus zusammen, Seit gestern Abend (22.10.2014) ist mir im Microsoft Wartungscenter eine Meldung aufgefallen, vgl. angehängter Screenshot. Offenbar besteht der Virus aber schon seit dem 23.07.2013 (laut Wartungscenter). Besteht eine Chance auf Heilung? Oder ist der Virus jetzt schon so tief im System, dass es eigentlich schon zu spät ist? Danke für eure Mühe! VG Kitel00p Screenshot:  Hier die Logfiles: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:44 on 22/10/2014 (3A9144E2E76EAE31)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by 3A9144E2E76EAE31 (administrator) on JURAS4ARWR7 on 22-10-2014 17:45:22
Running from C:\Users\3A9144E2E76EAE31\Downloads
Loaded Profile: 3A9144E2E76EAE31 (Available profiles: 4B8A534E74956454 & 708CBD778F79C1EA & 64B82683972F6E10 & 7F56BCE2AEAB97BD & 3A9144E2E76EAE31 & RI63GOP2)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 11\MmReminderService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-03] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe [41352 2012-09-18] (Mindjet)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-10-16] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3064392890-1864387313-2023835924-9412\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [854704 2014-09-24] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-21] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-21] (Sophos Limited)
Startup: C:\Users\64B82683972F6E10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\3A9144E2E76EAE31\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.jura.uni-muenchen.de/index.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.jura.uni-muenchen.de/index.html
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1
FireFox:
========
FF ProfilePath: C:\Users\3A9144E2E76EAE31\AppData\Roaming\Mozilla\Firefox\Profiles\r0xkgh99.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-01-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-05-15]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2899968 2013-08-22] (Microsoft Corporation) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-16] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-10-16] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-16] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3262248 2014-10-16] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-10-16] (Sophos Limited)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-21] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-21] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-21] (Sophos Limited)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-22 17:45 - 2014-10-22 17:45 - 00016750 _____ () C:\Users\3A9144E2E76EAE31\Downloads\FRST.txt
2014-10-22 17:44 - 2014-10-22 17:45 - 00000000 ____D () C:\FRST
2014-10-22 17:43 - 2014-10-22 17:44 - 00000494 _____ () C:\Users\3A9144E2E76EAE31\Downloads\defogger_disable.log
2014-10-22 17:43 - 2014-10-22 17:43 - 02110976 _____ (Farbar) C:\Users\3A9144E2E76EAE31\Downloads\FRST64.exe
2014-10-22 17:43 - 2014-10-22 17:43 - 00050477 _____ () C:\Users\3A9144E2E76EAE31\Downloads\Defogger.exe
2014-10-22 17:43 - 2014-10-22 17:43 - 00000000 ____D () C:\Users\3A9144E2E76EAE31\AppData\Local\Lenovo
2014-10-22 17:43 - 2014-10-22 17:43 - 00000000 ____D () C:\Users\3A9144E2E76EAE31\AppData\Local\Apple
2014-10-22 17:43 - 2014-10-22 17:43 - 00000000 _____ () C:\Users\3A9144E2E76EAE31\defogger_reenable
2014-10-22 17:29 - 2014-10-22 17:29 - 00000000 ____D () C:\Users\3A9144E2E76EAE31\AppData\Local\Sophos
2014-10-22 17:27 - 2014-10-22 17:27 - 01393511 _____ () C:\Users\3A9144E2E76EAE31\Downloads\licensecrawler_1.43.732.zip
2014-10-22 17:22 - 2014-10-22 17:22 - 00000000 __SHD () C:\Users\3A9144E2E76EAE31\AppData\Local\EmieUserList
2014-10-22 17:22 - 2014-10-22 17:22 - 00000000 __SHD () C:\Users\3A9144E2E76EAE31\AppData\Local\EmieSiteList
2014-10-20 12:39 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-20 12:39 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-20 12:39 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-20 12:39 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-20 12:39 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-20 12:39 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-20 12:39 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-20 12:39 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-20 12:39 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-20 12:39 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-20 12:39 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-20 12:39 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-20 12:39 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-20 12:39 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-20 12:39 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-20 12:39 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-20 12:39 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-20 12:39 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-20 12:39 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-20 12:39 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-20 12:39 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-20 12:39 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-20 12:39 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-20 12:39 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-20 12:39 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-20 12:39 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-20 12:39 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-20 12:39 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-20 12:39 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-20 12:39 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-20 12:39 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-20 12:39 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-20 12:39 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-20 12:39 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-20 12:39 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-20 12:39 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-20 12:39 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-20 12:39 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-20 12:39 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-20 12:39 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-20 12:39 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-20 12:39 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-20 12:39 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-20 12:39 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-20 12:39 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-20 12:39 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-20 12:39 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-20 12:39 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-20 12:39 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-20 12:39 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-20 12:39 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-20 12:39 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-20 12:39 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-20 12:39 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-20 12:39 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-20 12:39 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-20 12:39 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-20 12:39 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-20 12:39 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-20 12:39 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-20 12:39 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-20 12:39 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-20 12:39 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-20 12:39 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-20 12:39 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-20 12:39 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-20 12:39 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-20 12:39 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-20 12:39 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-20 12:39 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-20 12:39 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-20 12:39 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-20 12:39 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-20 12:39 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-20 12:39 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-20 12:39 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-20 12:39 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-20 12:39 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-20 12:39 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-20 12:39 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-20 12:39 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-20 12:39 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-20 12:39 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-20 12:39 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-20 12:39 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-20 12:39 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-20 12:38 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-20 12:38 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-13 11:25 - 2014-10-13 11:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-10 17:06 - 2014-10-10 17:06 - 00000000 ____D () C:\Users\64B82683972F6E10\Desktop\Examinatorium IPR 2014 Sicherungskopie 10.10.2014
2014-10-10 16:39 - 2014-10-10 16:39 - 00000000 ____D () C:\Users\64B82683972F6E10\Desktop\AG WiSe 2014-15 Sicherungskopie 10.10.2014
2014-10-06 09:45 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-06 09:45 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-24 14:10 - 2014-09-24 14:11 - 00000000 ____D () C:\Users\64B82683972F6E10\Desktop\Fälle 1-8
2014-09-24 09:48 - 2014-09-05 16:35 - 02583184 _____ () C:\Users\64B82683972F6E10\Desktop\Neuformatierte Falllösungen Michael.zip
2014-09-24 09:34 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:34 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 09:34 - 2014-09-22 09:34 - 00000000 ____D () C:\Users\64B82683972F6E10\AppData\Roaming\Swiss Academic Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-22 17:43 - 2011-12-09 13:01 - 00000000 ____D () C:\Users\3A9144E2E76EAE31
2014-10-22 17:42 - 2011-12-05 18:19 - 01088523 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 17:35 - 2012-05-18 08:22 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 17:33 - 2009-07-14 06:45 - 00029680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 17:33 - 2009-07-14 06:45 - 00029680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 17:27 - 2011-12-15 14:59 - 00000000 ____D () C:\Users\3A9144E2E76EAE31\AppData\Local\Mozilla
2014-10-22 17:22 - 2011-12-09 13:02 - 00000000 ____D () C:\Users\3A9144E2E76EAE31\AppData\Roaming\Adobe
2014-10-22 17:21 - 2012-05-18 08:22 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 17:21 - 2011-12-09 13:02 - 00000000 ____D () C:\Users\3A9144E2E76EAE31\AppData\Local\Adobe
2014-10-22 17:20 - 2011-12-06 17:34 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-10-22 17:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 17:20 - 2009-07-14 06:51 - 00096401 _____ () C:\Windows\setupact.log
2014-10-22 17:20 - 2009-07-14 06:45 - 00430448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-22 17:18 - 2014-05-06 09:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-20 14:44 - 2011-12-05 18:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 14:42 - 2013-08-06 17:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 14:35 - 2011-12-05 18:56 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-20 14:33 - 2010-11-21 08:21 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-10-20 14:33 - 2010-11-21 08:21 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-10-20 14:33 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 13:49 - 2012-04-05 07:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 12:27 - 2013-09-11 11:00 - 00000000 ____D () C:\Users\64B82683972F6E10\AppData\Roaming\Dropbox
2014-10-15 17:18 - 2011-12-09 13:01 - 00000498 __RSH () C:\Users\3A9144E2E76EAE31\ntuser.pol
2014-10-15 17:17 - 2012-04-27 07:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-02 15:53 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-30 14:05 - 2013-08-26 15:57 - 00000000 ____D () C:\Users\64B82683972F6E10\AppData\Roaming\Adobe
2014-09-30 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 11:49 - 2012-04-05 07:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 11:49 - 2012-04-05 07:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 11:49 - 2011-12-06 17:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 09:27 - 2013-08-26 15:56 - 00000498 __RSH () C:\Users\64B82683972F6E10\ntuser.pol
2014-09-24 09:27 - 2013-08-26 15:56 - 00000000 ____D () C:\Users\64B82683972F6E10
Some content of TEMP:
====================
C:\Users\5DABFACA5DECABBB\AppData\Local\Temp\OutlookConnector.exe
C:\Users\64B82683972F6E10\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppj3ghv.dll
C:\Users\64B82683972F6E10\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih.exe
C:\Users\64B82683972F6E10\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe
C:\Users\64B82683972F6E10\AppData\Local\Temp\nvvistaservice.exe
C:\Users\64B82683972F6E10\AppData\Local\Temp\SkypeSetup.exe
C:\Users\RI63GOP2\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 08:27
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by 3A9144E2E76EAE31 at 2014-10-22 17:46:19
Running from C:\Users\3A9144E2E76EAE31\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.05 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Image Resizer for Windows (64 bit) (HKLM\...\{B6EFF29D-7CAB-4CE0-9FFC-3D55D27E948D}) (Version: 3.0.4442.6002 - Brice Lambson)
Image Resizer for Windows (HKLM-x32\...\{14ebe571-096e-4cdd-8ee5-a2c0cc6b9b5e}) (Version: 3.0.4442.6002 - Brice Lambson)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 17.4.95.0 (HKLM\...\PROSetDX) (Version: 17.4.95.0 - Intel)
Intel(R) Network Connections 17.4.95.0 (Version: 17.4.95.0 - Intel) Hidden
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
MediaInfo 0.7.61 (HKLM\...\MediaInfo) (Version: 0.7.61 - MediaArea.net)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-Bit (HKLM\...\{95140000-0081-0407-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mindjet (HKLM-x32\...\{643056EF-45A6-4C45-BBF8-CCA2E0651CE1}) (Version: 11.0.276 - Mindjet)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.11 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.4.81 - Sophos Limited)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
23-09-2014 08:19:58 Windows Update
24-09-2014 14:23:34 Windows Update
30-09-2014 10:27:57 Windows Update
06-10-2014 07:45:04 Windows Update
07-10-2014 01:00:24 Windows Update
10-10-2014 08:58:26 Windows Update
20-10-2014 10:31:06 Windows Update
20-10-2014 12:35:19 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {030F809F-8E20-4DBE-8C44-58F719191F79} - System32\Tasks\{8E06746F-7248-4D44-9729-D97607220C75} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.59.106/de/go/help.faq.installer?LastError=1603
Task: {387E1526-9F42-4E56-AE6E-4ABD08B52CEE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {43719ABB-7355-46DB-A02A-160A08CAF940} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {5B89C2DF-0AF1-4BAE-A688-AFEE4FBC6844} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18] (Google Inc.)
Task: {5E441AE4-4700-47BB-9AB8-2E5683A90926} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {5E6E150E-24E2-4B25-A68E-D81500A0201B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18] (Google Inc.)
Task: {98919121-4DE3-45E3-82EF-FFC583659078} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {AD18FFE2-E3BC-4F27-91FA-E50E9B85F03A} - System32\Tasks\{AD7FBA36-FADC-4AE5-B410-40972373C667} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.59.106/de/go/help.faq.installer?LastError=1603
Task: {FB2273B2-F239-483A-BFBF-92F33AEAA936} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-25 14:47 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2014-08-25 14:47 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-05 18:37 - 2011-07-11 20:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-05-21 09:43 - 2012-05-31 08:01 - 00109592 _____ () C:\Program Files (x86)\Sophos\Sophos Anti-Virus\rkdisk.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_DE\acrotray.deu
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-18 04:14 - 2012-09-18 04:14 - 00151408 _____ () C:\Program Files (x86)\Mindjet\MindManager 11\zlib.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-12-05 18:37 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3564831082-3299511069-3468797682-500 - Administrator - Disabled)
Gast (S-1-5-21-3564831082-3299511069-3468797682-501 - Limited - Disabled)
RI63GOP2 (S-1-5-21-3564831082-3299511069-3468797682-1000 - Administrator - Enabled) => C:\Users\RI63GOP2
SophosSAUJURAS4ARWR0 (S-1-5-21-3564831082-3299511069-3468797682-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/22/2014 05:21:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 00:29:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: RIZ)
Description: Produkt: Adobe Acrobat XI Pro - Update "{AC76BA86-A440-FFFF-A440-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/20/2014 00:28:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/16/2014 02:21:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 32.0.3.5379 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1314
Startzeit: 01cfe904d1fbd4d4
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
Error: (10/16/2014 00:05:23 PM) (Source: MsiInstaller) (EventID: 1024) (User: RIZ)
Description: Produkt: Adobe Acrobat XI Pro - Update "{AC76BA86-A440-FFFF-A440-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/16/2014 07:47:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: RIZ)
Description: Produkt: Adobe Acrobat XI Pro - Update "{AC76BA86-A440-FFFF-A440-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/16/2014 07:47:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/15/2014 05:19:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 11:08:31 AM) (Source: MsiInstaller) (EventID: 1024) (User: RIZ)
Description: Produkt: Adobe Acrobat XI Pro - Update "{AC76BA86-A440-FFFF-A440-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (10/13/2014 11:05:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (10/22/2014 05:42:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.187.58.0)
Error: (10/22/2014 05:22:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/20/2014 02:35:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/20/2014 02:31:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (10/20/2014 02:27:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/20/2014 02:27:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/20/2014 02:27:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/20/2014 02:27:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/20/2014 00:28:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/16/2014 11:56:33 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Microsoft Office Sessions:
=========================
Error: (10/22/2014 05:21:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 00:29:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: RIZ)
Description: Adobe Acrobat XI Pro{AC76BA86-A440-FFFF-A440-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (10/20/2014 00:28:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/16/2014 02:21:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe32.0.3.5379131401cfe904d1fbd4d416C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Error: (10/16/2014 00:05:23 PM) (Source: MsiInstaller) (EventID: 1024) (User: RIZ)
Description: Adobe Acrobat XI Pro{AC76BA86-A440-FFFF-A440-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (10/16/2014 07:47:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: RIZ)
Description: Adobe Acrobat XI Pro{AC76BA86-A440-FFFF-A440-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (10/16/2014 07:47:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/15/2014 05:19:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 11:08:31 AM) (Source: MsiInstaller) (EventID: 1024) (User: RIZ)
Description: Adobe Acrobat XI Pro{AC76BA86-A440-FFFF-A440-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (10/13/2014 11:05:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-05-27 07:32:03.079
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\RTKVHD64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 07:24:43.549
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdkmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 07:50:39.735
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mouclass.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 07:50:39.703
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mouclass.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 07:42:22.760
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mouclass.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 07:42:22.745
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mouclass.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 07:42:20.046
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mouclass.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-03 07:42:20.015
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mouclass.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 57%
Total physical RAM: 3920.32 MB
Available physical RAM: 1658.97 MB
Total Pagefile: 7838.81 MB
Available Pagefile: 4993.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.62 GB) (Free:71.63 GB) NTFS
Drive d: () (Fixed) (Total:151.37 GB) (Free:149.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1A476569)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-22 17:57:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.19.0 298,09GB
Running: mcrefyk5.exe; Driver: C:\Users\3A9144~1\AppData\Local\Temp\kgldyuow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fff000 45 bytes [01, 10, F0, 0E, A0, F8, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fff02f 16 bytes [00, 00, 30, 3C, 07, A0, F8, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Windows\Explorer.EXE[3052] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077961890 5 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[3052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000779df490 8 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[3052] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe5c7490 11 bytes JMP 000007fffe2000d8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Mindjet\MindManager 11\MmReminderService.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Mindjet\MindManager 11\MmReminderService.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
.text C:\Users\3A9144E2E76EAE31\Downloads\mcrefyk5.exe[5536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c21465 2 bytes [C2, 77]
.text C:\Users\3A9144E2E76EAE31\Downloads\mcrefyk5.exe[5536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c214bb 2 bytes [C2, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2856:2880] 0000000077797587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2856:2892] 00000000726c7712
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2856:2944] 0000000077ca2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2856:5864] 0000000077ca3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2856:3624] 0000000077ca3e85
Thread C:\Windows\System32\svchost.exe [2996:3068] 000007fef8029688
---- EOF - GMER 2.1 ----
|
|
23.10.2014, 08:12
| #2 |
| /// the machine /// TB-Ausbilder    |  Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
23.10.2014, 08:21
| #3 |
| | Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter Hi Schrauber,
__________________Danke für die schnelle Antwort! Infizierte Objekte wurden nicht gefunden... Hier das Log-file von TDSSKiller: Code:
ATTFilter 09:16:46.0572 0x0d2c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
09:16:51.0310 0x0d2c ============================================================
09:16:51.0310 0x0d2c Current date / time: 2014/10/23 09:16:51.0310
09:16:51.0310 0x0d2c SystemInfo:
09:16:51.0310 0x0d2c
09:16:51.0310 0x0d2c OS Version: 6.1.7601 ServicePack: 1.0
09:16:51.0310 0x0d2c Product type: Workstation
09:16:51.0310 0x0d2c ComputerName: JURAS4ARWR7
09:16:51.0310 0x0d2c UserName: 3A9144E2E76EAE31
09:16:51.0310 0x0d2c Windows directory: C:\Windows
09:16:51.0310 0x0d2c System windows directory: C:\Windows
09:16:51.0310 0x0d2c Running under WOW64
09:16:51.0310 0x0d2c Processor architecture: Intel x64
09:16:51.0310 0x0d2c Number of processors: 4
09:16:51.0310 0x0d2c Page size: 0x1000
09:16:51.0310 0x0d2c Boot type: Normal boot
09:16:51.0310 0x0d2c ============================================================
09:16:51.0653 0x0d2c KLMD registered as C:\Windows\system32\drivers\02267177.sys
09:16:52.0245 0x0d2c System UUID: {7DDA2811-3201-4FDE-1004-39A62DDC3B0B}
09:16:52.0713 0x0d2c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:16:52.0728 0x0d2c ============================================================
09:16:52.0728 0x0d2c \Device\Harddisk0\DR0:
09:16:52.0728 0x0d2c MBR partitions:
09:16:52.0728 0x0d2c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:16:52.0728 0x0d2c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x12540000
09:16:52.0728 0x0d2c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x12572800, BlocksNum 0x12EBB800
09:16:52.0728 0x0d2c ============================================================
09:16:52.0744 0x0d2c C: <-> \Device\Harddisk0\DR0\Partition2
09:16:52.0775 0x0d2c D: <-> \Device\Harddisk0\DR0\Partition3
09:16:52.0775 0x0d2c ============================================================
09:16:52.0775 0x0d2c Initialize success
09:16:52.0775 0x0d2c ============================================================
09:17:39.0608 0x0eb0 ============================================================
09:17:39.0608 0x0eb0 Scan started
09:17:39.0608 0x0eb0 Mode: Manual; SigCheck; TDLFS;
09:17:39.0608 0x0eb0 ============================================================
09:17:39.0608 0x0eb0 KSN ping started
09:17:42.0008 0x0eb0 KSN ping finished: true
09:17:42.0600 0x0eb0 ================ Scan system memory ========================
09:17:42.0600 0x0eb0 System memory - ok
09:17:42.0600 0x0eb0 ================ Scan services =============================
09:17:42.0740 0x0eb0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:17:42.0865 0x0eb0 1394ohci - ok
09:17:42.0912 0x0eb0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:17:42.0943 0x0eb0 ACPI - ok
09:17:42.0959 0x0eb0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:17:42.0990 0x0eb0 AcpiPmi - ok
09:17:43.0130 0x0eb0 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:17:43.0146 0x0eb0 AdobeARMservice - ok
09:17:43.0255 0x0eb0 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:17:43.0270 0x0eb0 AdobeFlashPlayerUpdateSvc - ok
09:17:43.0317 0x0eb0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:17:43.0364 0x0eb0 adp94xx - ok
09:17:43.0395 0x0eb0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:17:43.0426 0x0eb0 adpahci - ok
09:17:43.0442 0x0eb0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:17:43.0473 0x0eb0 adpu320 - ok
09:17:43.0489 0x0eb0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:17:43.0613 0x0eb0 AeLookupSvc - ok
09:17:43.0676 0x0eb0 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
09:17:43.0769 0x0eb0 AFD - ok
09:17:43.0800 0x0eb0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:17:43.0831 0x0eb0 agp440 - ok
09:17:43.0863 0x0eb0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:17:43.0909 0x0eb0 ALG - ok
09:17:43.0956 0x0eb0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:17:43.0972 0x0eb0 aliide - ok
09:17:44.0018 0x0eb0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:17:44.0034 0x0eb0 amdide - ok
09:17:44.0081 0x0eb0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:17:44.0143 0x0eb0 AmdK8 - ok
09:17:44.0159 0x0eb0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:17:44.0205 0x0eb0 AmdPPM - ok
09:17:44.0252 0x0eb0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:17:44.0283 0x0eb0 amdsata - ok
09:17:44.0315 0x0eb0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:17:44.0346 0x0eb0 amdsbs - ok
09:17:44.0377 0x0eb0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:17:44.0392 0x0eb0 amdxata - ok
09:17:44.0408 0x0eb0 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
09:17:44.0486 0x0eb0 AppID - ok
09:17:44.0517 0x0eb0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:17:44.0564 0x0eb0 AppIDSvc - ok
09:17:44.0580 0x0eb0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
09:17:44.0611 0x0eb0 Appinfo - ok
09:17:44.0657 0x0eb0 [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:17:44.0673 0x0eb0 Apple Mobile Device - ok
09:17:44.0704 0x0eb0 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
09:17:44.0767 0x0eb0 AppMgmt - ok
09:17:44.0782 0x0eb0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
09:17:44.0813 0x0eb0 arc - ok
09:17:44.0829 0x0eb0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:17:44.0844 0x0eb0 arcsas - ok
09:17:44.0954 0x0eb0 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:17:45.0047 0x0eb0 aspnet_state - ok
09:17:45.0063 0x0eb0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:17:45.0141 0x0eb0 AsyncMac - ok
09:17:45.0172 0x0eb0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:17:45.0187 0x0eb0 atapi - ok
09:17:45.0234 0x0eb0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:17:45.0281 0x0eb0 AudioEndpointBuilder - ok
09:17:45.0312 0x0eb0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:17:45.0359 0x0eb0 AudioSrv - ok
09:17:45.0374 0x0eb0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:17:45.0452 0x0eb0 AxInstSV - ok
09:17:45.0499 0x0eb0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:17:45.0593 0x0eb0 b06bdrv - ok
09:17:45.0608 0x0eb0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:17:45.0686 0x0eb0 b57nd60a - ok
09:17:45.0717 0x0eb0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:17:45.0780 0x0eb0 BDESVC - ok
09:17:45.0795 0x0eb0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:17:45.0842 0x0eb0 Beep - ok
09:17:45.0904 0x0eb0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:17:46.0029 0x0eb0 BFE - ok
09:17:46.0076 0x0eb0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:17:46.0185 0x0eb0 BITS - ok
09:17:46.0232 0x0eb0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:17:46.0263 0x0eb0 blbdrive - ok
09:17:46.0341 0x0eb0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:17:46.0356 0x0eb0 Bonjour Service - ok
09:17:46.0387 0x0eb0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:17:46.0434 0x0eb0 bowser - ok
09:17:46.0465 0x0eb0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:17:46.0496 0x0eb0 BrFiltLo - ok
09:17:46.0528 0x0eb0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:17:46.0543 0x0eb0 BrFiltUp - ok
09:17:46.0574 0x0eb0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:17:46.0621 0x0eb0 Browser - ok
09:17:46.0637 0x0eb0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:17:46.0699 0x0eb0 Brserid - ok
09:17:46.0715 0x0eb0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:17:46.0746 0x0eb0 BrSerWdm - ok
09:17:46.0777 0x0eb0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:17:46.0824 0x0eb0 BrUsbMdm - ok
09:17:46.0855 0x0eb0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:17:46.0886 0x0eb0 BrUsbSer - ok
09:17:46.0902 0x0eb0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:17:46.0964 0x0eb0 BTHMODEM - ok
09:17:46.0995 0x0eb0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:17:47.0089 0x0eb0 bthserv - ok
09:17:47.0120 0x0eb0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:17:47.0198 0x0eb0 cdfs - ok
09:17:47.0213 0x0eb0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:17:47.0260 0x0eb0 cdrom - ok
09:17:47.0276 0x0eb0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:17:47.0322 0x0eb0 CertPropSvc - ok
09:17:47.0354 0x0eb0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
09:17:47.0385 0x0eb0 circlass - ok
09:17:47.0416 0x0eb0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
09:17:47.0432 0x0eb0 CLFS - ok
09:17:47.0478 0x0eb0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:17:47.0541 0x0eb0 clr_optimization_v2.0.50727_32 - ok
09:17:47.0587 0x0eb0 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:17:47.0619 0x0eb0 clr_optimization_v2.0.50727_64 - ok
09:17:47.0697 0x0eb0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:17:47.0774 0x0eb0 clr_optimization_v4.0.30319_32 - ok
09:17:47.0790 0x0eb0 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:17:47.0821 0x0eb0 clr_optimization_v4.0.30319_64 - ok
09:17:47.0837 0x0eb0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:17:47.0868 0x0eb0 CmBatt - ok
09:17:47.0899 0x0eb0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:17:47.0899 0x0eb0 cmdide - ok
09:17:47.0930 0x0eb0 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
09:17:47.0977 0x0eb0 CNG - ok
09:17:47.0993 0x0eb0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:17:48.0008 0x0eb0 Compbatt - ok
09:17:48.0024 0x0eb0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:17:48.0071 0x0eb0 CompositeBus - ok
09:17:48.0086 0x0eb0 COMSysApp - ok
09:17:48.0133 0x0eb0 [ 5E5E266092CCC08BB81B0FBEE5B85760, 236F3B68C9B3A4C0FE868A184B49BF504252DBC929DFC4098781676F68AA70ED ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:17:48.0195 0x0eb0 cphs - ok
09:17:48.0211 0x0eb0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:17:48.0226 0x0eb0 crcdisk - ok
09:17:48.0258 0x0eb0 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:17:48.0304 0x0eb0 CryptSvc - ok
09:17:48.0320 0x0eb0 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
09:17:48.0413 0x0eb0 CSC - ok
09:17:48.0460 0x0eb0 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
09:17:48.0538 0x0eb0 CscService - ok
09:17:48.0600 0x0eb0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:17:48.0647 0x0eb0 DcomLaunch - ok
09:17:48.0694 0x0eb0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:17:48.0756 0x0eb0 defragsvc - ok
09:17:48.0787 0x0eb0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:17:48.0819 0x0eb0 DfsC - ok
09:17:48.0850 0x0eb0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:17:48.0897 0x0eb0 Dhcp - ok
09:17:48.0928 0x0eb0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:17:48.0990 0x0eb0 discache - ok
09:17:49.0021 0x0eb0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
09:17:49.0021 0x0eb0 Disk - ok
09:17:49.0052 0x0eb0 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:17:49.0099 0x0eb0 dmvsc - ok
09:17:49.0130 0x0eb0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:17:49.0193 0x0eb0 Dnscache - ok
09:17:49.0208 0x0eb0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:17:49.0302 0x0eb0 dot3svc - ok
09:17:49.0349 0x0eb0 [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
09:17:49.0395 0x0eb0 dot4 - ok
09:17:49.0426 0x0eb0 [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:17:49.0458 0x0eb0 Dot4Print - ok
09:17:49.0473 0x0eb0 [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
09:17:49.0520 0x0eb0 dot4usb - ok
09:17:49.0567 0x0eb0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:17:49.0629 0x0eb0 DPS - ok
09:17:49.0676 0x0eb0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:17:49.0707 0x0eb0 drmkaud - ok
09:17:49.0785 0x0eb0 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:17:49.0816 0x0eb0 DXGKrnl - ok
09:17:49.0863 0x0eb0 [ 1BEF2C2E229452EC49FFE5A27283341D, 7010273570BD38E578FCF1DD2EB00C21E8FA3504CE2342AEE3755F6EFC4581E9 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
09:17:49.0894 0x0eb0 e1cexpress - ok
09:17:49.0910 0x0eb0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:17:49.0956 0x0eb0 EapHost - ok
09:17:50.0097 0x0eb0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:17:50.0252 0x0eb0 ebdrv - ok
09:17:50.0299 0x0eb0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
09:17:50.0346 0x0eb0 EFS - ok
09:17:50.0408 0x0eb0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:17:50.0517 0x0eb0 ehRecvr - ok
09:17:50.0533 0x0eb0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:17:50.0564 0x0eb0 ehSched - ok
09:17:50.0626 0x0eb0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:17:50.0673 0x0eb0 elxstor - ok
09:17:50.0689 0x0eb0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:17:50.0720 0x0eb0 ErrDev - ok
09:17:50.0767 0x0eb0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:17:50.0829 0x0eb0 EventSystem - ok
09:17:50.0860 0x0eb0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:17:50.0891 0x0eb0 exfat - ok
09:17:50.0907 0x0eb0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:17:50.0954 0x0eb0 fastfat - ok
09:17:51.0001 0x0eb0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
09:17:51.0063 0x0eb0 Fax - ok
09:17:51.0078 0x0eb0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
09:17:51.0110 0x0eb0 fdc - ok
09:17:51.0141 0x0eb0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:17:51.0156 0x0eb0 fdPHost - ok
09:17:51.0172 0x0eb0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:17:51.0203 0x0eb0 FDResPub - ok
09:17:51.0219 0x0eb0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:17:51.0234 0x0eb0 FileInfo - ok
09:17:51.0234 0x0eb0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:17:51.0281 0x0eb0 Filetrace - ok
09:17:51.0297 0x0eb0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:17:51.0312 0x0eb0 flpydisk - ok
09:17:51.0328 0x0eb0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:17:51.0343 0x0eb0 FltMgr - ok
09:17:51.0390 0x0eb0 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
09:17:51.0437 0x0eb0 FontCache - ok
09:17:51.0484 0x0eb0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:17:51.0546 0x0eb0 FontCache3.0.0.0 - ok
09:17:51.0546 0x0eb0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:17:51.0562 0x0eb0 FsDepends - ok
09:17:51.0577 0x0eb0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:17:51.0593 0x0eb0 Fs_Rec - ok
09:17:51.0624 0x0eb0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:17:51.0640 0x0eb0 fvevol - ok
09:17:51.0671 0x0eb0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:17:51.0686 0x0eb0 gagp30kx - ok
09:17:51.0717 0x0eb0 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:17:51.0733 0x0eb0 GEARAspiWDM - ok
09:17:51.0764 0x0eb0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:17:51.0827 0x0eb0 gpsvc - ok
09:17:51.0904 0x0eb0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:17:51.0920 0x0eb0 gupdate - ok
09:17:51.0936 0x0eb0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:17:51.0936 0x0eb0 gupdatem - ok
09:17:51.0951 0x0eb0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:17:51.0982 0x0eb0 hcw85cir - ok
09:17:52.0029 0x0eb0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:17:52.0107 0x0eb0 HdAudAddService - ok
09:17:52.0138 0x0eb0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:17:52.0169 0x0eb0 HDAudBus - ok
09:17:52.0185 0x0eb0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:17:52.0216 0x0eb0 HidBatt - ok
09:17:52.0232 0x0eb0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:17:52.0263 0x0eb0 HidBth - ok
09:17:52.0294 0x0eb0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
09:17:52.0310 0x0eb0 HidIr - ok
09:17:52.0325 0x0eb0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
09:17:52.0388 0x0eb0 hidserv - ok
09:17:52.0434 0x0eb0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:17:52.0450 0x0eb0 HidUsb - ok
09:17:52.0481 0x0eb0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:17:52.0528 0x0eb0 hkmsvc - ok
09:17:52.0543 0x0eb0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:17:52.0575 0x0eb0 HomeGroupListener - ok
09:17:52.0590 0x0eb0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:17:52.0606 0x0eb0 HomeGroupProvider - ok
09:17:52.0637 0x0eb0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:17:52.0653 0x0eb0 HpSAMD - ok
09:17:52.0668 0x0eb0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:17:52.0730 0x0eb0 HTTP - ok
09:17:52.0746 0x0eb0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:17:52.0762 0x0eb0 hwpolicy - ok
09:17:52.0777 0x0eb0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:17:52.0793 0x0eb0 i8042prt - ok
09:17:52.0840 0x0eb0 [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:17:52.0871 0x0eb0 iaStor - ok
09:17:52.0933 0x0eb0 [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:17:52.0949 0x0eb0 IAStorDataMgrSvc - ok
09:17:52.0980 0x0eb0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:17:53.0042 0x0eb0 iaStorV - ok
09:17:53.0089 0x0eb0 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:17:53.0151 0x0eb0 idsvc - ok
09:17:53.0182 0x0eb0 IEEtwCollectorService - ok
09:17:53.0588 0x0eb0 [ 9AA61DC7AA32C1D1260C4267FF07E0C1, 34FEE032C2585600E612A6CFEE33AD4C0C140B04ADB0B08825F2FC5505480366 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:17:54.0195 0x0eb0 igfx - ok
09:17:54.0242 0x0eb0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:17:54.0258 0x0eb0 iirsp - ok
09:17:54.0320 0x0eb0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
09:17:54.0382 0x0eb0 IKEEXT - ok
09:17:54.0507 0x0eb0 [ 895C6DD2A3CAB8C2BAEDB201DD1A7D40, 21C5969011FCF3878F0AD122B32623D966F358056B6B6EF16583996A3591860F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:17:54.0569 0x0eb0 IntcAzAudAddService - ok
09:17:54.0632 0x0eb0 [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:17:54.0710 0x0eb0 IntcDAud - ok
09:17:54.0741 0x0eb0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:17:54.0757 0x0eb0 intelide - ok
09:17:54.0788 0x0eb0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:17:54.0819 0x0eb0 intelppm - ok
09:17:54.0850 0x0eb0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:17:54.0912 0x0eb0 IPBusEnum - ok
09:17:54.0928 0x0eb0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:17:54.0959 0x0eb0 IpFilterDriver - ok
09:17:55.0006 0x0eb0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:17:55.0053 0x0eb0 iphlpsvc - ok
09:17:55.0068 0x0eb0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:17:55.0099 0x0eb0 IPMIDRV - ok
09:17:55.0115 0x0eb0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:17:55.0162 0x0eb0 IPNAT - ok
09:17:55.0255 0x0eb0 [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:17:55.0271 0x0eb0 iPod Service - ok
09:17:55.0302 0x0eb0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:17:55.0333 0x0eb0 IRENUM - ok
09:17:55.0349 0x0eb0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:17:55.0364 0x0eb0 isapnp - ok
09:17:55.0395 0x0eb0 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:17:55.0411 0x0eb0 iScsiPrt - ok
09:17:55.0427 0x0eb0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:17:55.0442 0x0eb0 kbdclass - ok
09:17:55.0458 0x0eb0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:17:55.0489 0x0eb0 kbdhid - ok
09:17:55.0520 0x0eb0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
09:17:55.0520 0x0eb0 KeyIso - ok
09:17:55.0551 0x0eb0 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:17:55.0551 0x0eb0 KSecDD - ok
09:17:55.0567 0x0eb0 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:17:55.0567 0x0eb0 KSecPkg - ok
09:17:55.0583 0x0eb0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:17:55.0629 0x0eb0 ksthunk - ok
09:17:55.0660 0x0eb0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:17:55.0738 0x0eb0 KtmRm - ok
09:17:55.0770 0x0eb0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:17:55.0816 0x0eb0 LanmanServer - ok
09:17:55.0847 0x0eb0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:17:55.0879 0x0eb0 LanmanWorkstation - ok
09:17:55.0925 0x0eb0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:17:55.0972 0x0eb0 lltdio - ok
09:17:55.0988 0x0eb0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:17:56.0050 0x0eb0 lltdsvc - ok
09:17:56.0081 0x0eb0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:17:56.0128 0x0eb0 lmhosts - ok
09:17:56.0190 0x0eb0 [ DB083F1D27BA8A59CABB00F0A0FB6F84, BB5EFA4CADF852E1C8F4A3BBF860B240B85AFF60E70F988E387DB152F9301C03 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:17:56.0221 0x0eb0 LMS - ok
09:17:56.0237 0x0eb0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:17:56.0253 0x0eb0 LSI_FC - ok
09:17:56.0268 0x0eb0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:17:56.0284 0x0eb0 LSI_SAS - ok
09:17:56.0299 0x0eb0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:17:56.0315 0x0eb0 LSI_SAS2 - ok
09:17:56.0315 0x0eb0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:17:56.0331 0x0eb0 LSI_SCSI - ok
09:17:56.0346 0x0eb0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:17:56.0393 0x0eb0 luafv - ok
09:17:56.0440 0x0eb0 [ A401CFF74982D8DF851F20307C806073, 1D7BA90C9E77FAAE59F60AB5310EC41D9C5B98F1F9A89A3CDB9169E6DEF565DA ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
09:17:56.0486 0x0eb0 LVRS64 - ok
09:17:56.0658 0x0eb0 [ 13384CB5F5813E65F31078D6ABFAAF38, A6E7374C15CAECC273197BF62F8F926BA30E9509270A8470756F4710E1DEA126 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
09:17:56.0938 0x0eb0 LVUVC64 - ok
09:17:56.0970 0x0eb0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:17:57.0001 0x0eb0 Mcx2Svc - ok
09:17:57.0016 0x0eb0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
09:17:57.0032 0x0eb0 megasas - ok
09:17:57.0063 0x0eb0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:17:57.0094 0x0eb0 MegaSR - ok
09:17:57.0110 0x0eb0 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:17:57.0125 0x0eb0 MEIx64 - ok
09:17:57.0172 0x0eb0 Microsoft SharePoint Workspace Audit Service - ok
09:17:57.0188 0x0eb0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:17:57.0250 0x0eb0 MMCSS - ok
09:17:57.0266 0x0eb0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:17:57.0312 0x0eb0 Modem - ok
09:17:57.0328 0x0eb0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:17:57.0359 0x0eb0 monitor - ok
09:17:57.0390 0x0eb0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:17:57.0406 0x0eb0 mouclass - ok
09:17:57.0422 0x0eb0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:17:57.0453 0x0eb0 mouhid - ok
09:17:57.0468 0x0eb0 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:17:57.0484 0x0eb0 mountmgr - ok
09:17:57.0562 0x0eb0 [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:17:57.0609 0x0eb0 MozillaMaintenance - ok
09:17:57.0624 0x0eb0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:17:57.0640 0x0eb0 mpio - ok
09:17:57.0655 0x0eb0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:17:57.0686 0x0eb0 mpsdrv - ok
09:17:57.0733 0x0eb0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:17:57.0780 0x0eb0 MpsSvc - ok
09:17:57.0811 0x0eb0 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:17:57.0842 0x0eb0 MRxDAV - ok
09:17:57.0858 0x0eb0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:17:57.0905 0x0eb0 mrxsmb - ok
09:17:57.0920 0x0eb0 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:17:57.0983 0x0eb0 mrxsmb10 - ok
09:17:57.0998 0x0eb0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:17:58.0014 0x0eb0 mrxsmb20 - ok
09:17:58.0061 0x0eb0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:17:58.0076 0x0eb0 msahci - ok
09:17:58.0092 0x0eb0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:17:58.0123 0x0eb0 msdsm - ok
09:17:58.0154 0x0eb0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:17:58.0185 0x0eb0 MSDTC - ok
09:17:58.0216 0x0eb0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:17:58.0263 0x0eb0 Msfs - ok
09:17:58.0279 0x0eb0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:17:58.0325 0x0eb0 mshidkmdf - ok
09:17:58.0341 0x0eb0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:17:58.0341 0x0eb0 msisadrv - ok
09:17:58.0372 0x0eb0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:17:58.0435 0x0eb0 MSiSCSI - ok
09:17:58.0435 0x0eb0 msiserver - ok
09:17:58.0466 0x0eb0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:17:58.0512 0x0eb0 MSKSSRV - ok
09:17:58.0528 0x0eb0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:17:58.0575 0x0eb0 MSPCLOCK - ok
09:17:58.0575 0x0eb0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:17:58.0606 0x0eb0 MSPQM - ok
09:17:58.0637 0x0eb0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:17:58.0637 0x0eb0 MsRPC - ok
09:17:58.0653 0x0eb0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:17:58.0668 0x0eb0 mssmbios - ok
09:17:58.0668 0x0eb0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:17:58.0715 0x0eb0 MSTEE - ok
09:17:58.0731 0x0eb0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:17:58.0762 0x0eb0 MTConfig - ok
09:17:58.0777 0x0eb0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:17:58.0793 0x0eb0 Mup - ok
09:17:58.0824 0x0eb0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:17:58.0902 0x0eb0 napagent - ok
09:17:58.0933 0x0eb0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:17:58.0980 0x0eb0 NativeWifiP - ok
09:17:59.0058 0x0eb0 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
09:17:59.0089 0x0eb0 NDIS - ok
09:17:59.0120 0x0eb0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:17:59.0151 0x0eb0 NdisCap - ok
09:17:59.0151 0x0eb0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:17:59.0183 0x0eb0 NdisTapi - ok
09:17:59.0198 0x0eb0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:17:59.0245 0x0eb0 Ndisuio - ok
09:17:59.0261 0x0eb0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:17:59.0307 0x0eb0 NdisWan - ok
09:17:59.0338 0x0eb0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:17:59.0370 0x0eb0 NDProxy - ok
09:17:59.0432 0x0eb0 [ 76C4D5C98A808D8C8E0C46280036FAF8, A808DFA8B6949D44698122CDA43CD01B3B1CD14029B368F1686D023426239B87 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:17:59.0463 0x0eb0 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
09:18:01.0879 0x0eb0 Detect skipped due to KSN trusted
09:18:01.0879 0x0eb0 Net Driver HPZ12 - ok
09:18:01.0910 0x0eb0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:18:01.0972 0x0eb0 NetBIOS - ok
09:18:02.0004 0x0eb0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:18:02.0035 0x0eb0 NetBT - ok
09:18:02.0050 0x0eb0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
09:18:02.0066 0x0eb0 Netlogon - ok
09:18:02.0081 0x0eb0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:18:02.0128 0x0eb0 Netman - ok
09:18:02.0206 0x0eb0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:02.0284 0x0eb0 NetMsmqActivator - ok
09:18:02.0284 0x0eb0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:02.0300 0x0eb0 NetPipeActivator - ok
09:18:02.0331 0x0eb0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:18:02.0393 0x0eb0 netprofm - ok
09:18:02.0409 0x0eb0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:02.0424 0x0eb0 NetTcpActivator - ok
09:18:02.0424 0x0eb0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:02.0440 0x0eb0 NetTcpPortSharing - ok
09:18:02.0471 0x0eb0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:18:02.0471 0x0eb0 nfrd960 - ok
09:18:02.0518 0x0eb0 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:18:02.0549 0x0eb0 NlaSvc - ok
09:18:02.0565 0x0eb0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:18:02.0596 0x0eb0 Npfs - ok
09:18:02.0611 0x0eb0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:18:02.0643 0x0eb0 nsi - ok
09:18:02.0643 0x0eb0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:18:02.0689 0x0eb0 nsiproxy - ok
09:18:02.0767 0x0eb0 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:18:02.0798 0x0eb0 Ntfs - ok
09:18:02.0814 0x0eb0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:18:02.0861 0x0eb0 Null - ok
09:18:02.0907 0x0eb0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:18:02.0939 0x0eb0 nvraid - ok
09:18:02.0970 0x0eb0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:18:02.0985 0x0eb0 nvstor - ok
09:18:03.0001 0x0eb0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:18:03.0017 0x0eb0 nv_agp - ok
09:18:03.0032 0x0eb0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:18:03.0063 0x0eb0 ohci1394 - ok
09:18:03.0110 0x0eb0 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:18:03.0141 0x0eb0 ose64 - ok
09:18:03.0328 0x0eb0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:18:03.0733 0x0eb0 osppsvc - ok
09:18:03.0780 0x0eb0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:18:03.0827 0x0eb0 p2pimsvc - ok
09:18:03.0843 0x0eb0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:18:03.0889 0x0eb0 p2psvc - ok
09:18:03.0905 0x0eb0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:18:03.0936 0x0eb0 Parport - ok
09:18:03.0952 0x0eb0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:18:03.0967 0x0eb0 partmgr - ok
09:18:03.0983 0x0eb0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
09:18:04.0014 0x0eb0 PcaSvc - ok
09:18:04.0030 0x0eb0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:18:04.0045 0x0eb0 pci - ok
09:18:04.0076 0x0eb0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:18:04.0076 0x0eb0 pciide - ok
09:18:04.0108 0x0eb0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:18:04.0123 0x0eb0 pcmcia - ok
09:18:04.0139 0x0eb0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:18:04.0139 0x0eb0 pcw - ok
09:18:04.0170 0x0eb0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:18:04.0217 0x0eb0 PEAUTH - ok
09:18:04.0279 0x0eb0 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:18:04.0372 0x0eb0 PeerDistSvc - ok
09:18:04.0435 0x0eb0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:18:04.0497 0x0eb0 PerfHost - ok
09:18:04.0559 0x0eb0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:18:04.0637 0x0eb0 pla - ok
09:18:04.0700 0x0eb0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:18:04.0762 0x0eb0 PlugPlay - ok
09:18:04.0824 0x0eb0 [ D1A4DBB8A29F7FFC78378F47F9EA6B91, 782C7C6AA7A4A772C5E7392EA6D849BBCD159C30DF30918941C0BE058226D765 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:18:04.0856 0x0eb0 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
09:18:07.0209 0x0eb0 Detect skipped due to KSN trusted
09:18:07.0209 0x0eb0 Pml Driver HPZ12 - ok
09:18:07.0225 0x0eb0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:18:07.0256 0x0eb0 PNRPAutoReg - ok
09:18:07.0287 0x0eb0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:18:07.0318 0x0eb0 PNRPsvc - ok
09:18:07.0349 0x0eb0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:18:07.0427 0x0eb0 PolicyAgent - ok
09:18:07.0458 0x0eb0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:18:07.0505 0x0eb0 Power - ok
09:18:07.0536 0x0eb0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:18:07.0614 0x0eb0 PptpMiniport - ok
09:18:07.0754 0x0eb0 [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
09:18:07.0941 0x0eb0 PrintNotify - detected UnsignedFile.Multi.Generic ( 1 )
09:18:10.0310 0x0eb0 Detect skipped due to KSN trusted
09:18:10.0310 0x0eb0 PrintNotify - ok
09:18:10.0326 0x0eb0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
09:18:10.0373 0x0eb0 Processor - ok
09:18:10.0404 0x0eb0 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
09:18:10.0435 0x0eb0 ProfSvc - ok
09:18:10.0451 0x0eb0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:18:10.0466 0x0eb0 ProtectedStorage - ok
09:18:10.0497 0x0eb0 [ 4A768FB063A38B0A78AD97617D3A04F5, 715C7949C886EADFA134FBF38F96A17F649A16BF44BBA6EB9148C6A7406BF4ED ] psadd C:\Windows\system32\DRIVERS\psadd.sys
09:18:10.0544 0x0eb0 psadd - ok
09:18:10.0575 0x0eb0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:18:10.0638 0x0eb0 Psched - ok
09:18:10.0700 0x0eb0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:18:10.0793 0x0eb0 ql2300 - ok
09:18:10.0809 0x0eb0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:18:10.0825 0x0eb0 ql40xx - ok
09:18:10.0856 0x0eb0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:18:10.0871 0x0eb0 QWAVE - ok
09:18:10.0887 0x0eb0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:18:10.0918 0x0eb0 QWAVEdrv - ok
09:18:10.0934 0x0eb0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:18:10.0965 0x0eb0 RasAcd - ok
09:18:10.0980 0x0eb0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:18:11.0027 0x0eb0 RasAgileVpn - ok
09:18:11.0043 0x0eb0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:18:11.0090 0x0eb0 RasAuto - ok
09:18:11.0105 0x0eb0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:18:11.0168 0x0eb0 Rasl2tp - ok
09:18:11.0183 0x0eb0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:18:11.0230 0x0eb0 RasMan - ok
09:18:11.0245 0x0eb0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:18:11.0292 0x0eb0 RasPppoe - ok
09:18:11.0323 0x0eb0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:18:11.0386 0x0eb0 RasSstp - ok
09:18:11.0417 0x0eb0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:18:11.0479 0x0eb0 rdbss - ok
09:18:11.0495 0x0eb0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:18:11.0510 0x0eb0 rdpbus - ok
09:18:11.0526 0x0eb0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:18:11.0557 0x0eb0 RDPCDD - ok
09:18:11.0573 0x0eb0 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:18:11.0604 0x0eb0 RDPDR - ok
09:18:11.0604 0x0eb0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:18:11.0651 0x0eb0 RDPENCDD - ok
09:18:11.0666 0x0eb0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:18:11.0682 0x0eb0 RDPREFMP - ok
09:18:11.0713 0x0eb0 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:18:11.0760 0x0eb0 RDPWD - ok
09:18:11.0775 0x0eb0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:18:11.0791 0x0eb0 rdyboost - ok
09:18:11.0822 0x0eb0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:18:11.0869 0x0eb0 RemoteAccess - ok
09:18:11.0900 0x0eb0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:18:11.0947 0x0eb0 RemoteRegistry - ok
09:18:11.0947 0x0eb0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:18:11.0978 0x0eb0 RpcEptMapper - ok
09:18:12.0009 0x0eb0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:18:12.0056 0x0eb0 RpcLocator - ok
09:18:12.0087 0x0eb0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:18:12.0134 0x0eb0 RpcSs - ok
09:18:12.0149 0x0eb0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:18:12.0181 0x0eb0 rspndr - ok
09:18:12.0181 0x0eb0 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:18:12.0212 0x0eb0 s3cap - ok
09:18:12.0227 0x0eb0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
09:18:12.0243 0x0eb0 SamSs - ok
09:18:12.0290 0x0eb0 [ 791EE9F4A82FC4E13133F107C1C4C286, F7B9E57D08EF68B17ADF70C2D1F7623EAE13CAADE5ACFF4CD54FB89DFDEAD9C6 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
09:18:12.0321 0x0eb0 SAVAdminService - ok
09:18:12.0352 0x0eb0 [ 54C1EDAE9DF790450A73F5CF42CBEEEC, FF2BB46F1EBCAF567B313A210A599B1794A5FAF1C766EC96F33A694B0EABF3E6 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
09:18:12.0368 0x0eb0 SAVOnAccess - ok
09:18:12.0399 0x0eb0 [ D99F39D77432D1E979C1D918597C8A3E, 738740DB028B9A9838466714914A844AF72A669BAE1243123780F2C2FCD132CC ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
09:18:12.0414 0x0eb0 SAVService - ok
09:18:12.0445 0x0eb0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:18:12.0461 0x0eb0 sbp2port - ok
09:18:12.0492 0x0eb0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:18:12.0539 0x0eb0 SCardSvr - ok
09:18:12.0555 0x0eb0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:18:12.0601 0x0eb0 scfilter - ok
09:18:12.0648 0x0eb0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
09:18:12.0726 0x0eb0 Schedule - ok
09:18:12.0757 0x0eb0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:18:12.0773 0x0eb0 SCPolicySvc - ok
09:18:12.0804 0x0eb0 [ 75B98959013B22F8F40C08095B8AB73C, EF608EFBF72AF48EFC9352FCEDF0523BDBA6055612FFD22654E3B241AA9C8033 ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
09:18:12.0820 0x0eb0 sdcfilter - ok
09:18:12.0835 0x0eb0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:18:12.0897 0x0eb0 SDRSVC - ok
09:18:12.0913 0x0eb0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:18:12.0975 0x0eb0 secdrv - ok
09:18:12.0991 0x0eb0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:18:13.0022 0x0eb0 seclogon - ok
09:18:13.0022 0x0eb0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
09:18:13.0069 0x0eb0 SENS - ok
09:18:13.0069 0x0eb0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:18:13.0100 0x0eb0 SensrSvc - ok
09:18:13.0131 0x0eb0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:18:13.0162 0x0eb0 Serenum - ok
09:18:13.0178 0x0eb0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:18:13.0209 0x0eb0 Serial - ok
09:18:13.0240 0x0eb0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:18:13.0271 0x0eb0 sermouse - ok
09:18:13.0287 0x0eb0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:18:13.0349 0x0eb0 SessionEnv - ok
09:18:13.0381 0x0eb0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:18:13.0396 0x0eb0 sffdisk - ok
09:18:13.0396 0x0eb0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:18:13.0427 0x0eb0 sffp_mmc - ok
09:18:13.0443 0x0eb0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:18:13.0474 0x0eb0 sffp_sd - ok
09:18:13.0490 0x0eb0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:18:13.0505 0x0eb0 sfloppy - ok
09:18:13.0552 0x0eb0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:18:13.0630 0x0eb0 SharedAccess - ok
09:18:13.0677 0x0eb0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:18:13.0723 0x0eb0 ShellHWDetection - ok
09:18:13.0755 0x0eb0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:18:13.0770 0x0eb0 SiSRaid2 - ok
09:18:13.0770 0x0eb0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:18:13.0786 0x0eb0 SiSRaid4 - ok
09:18:13.0833 0x0eb0 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:18:13.0864 0x0eb0 SkypeUpdate - ok
09:18:13.0879 0x0eb0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:18:13.0910 0x0eb0 Smb - ok
09:18:13.0926 0x0eb0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:18:13.0957 0x0eb0 SNMPTRAP - ok
09:18:14.0020 0x0eb0 [ D9F13BBDFB1997FD10B9733131F8EE63, B829D9050E9073FE9A30F6F5E7D79E7A8FBDC0CE1238E994F5D6EA87497A56FC ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
09:18:14.0051 0x0eb0 Sophos AutoUpdate Service - ok
09:18:14.0129 0x0eb0 [ E26625A4A22E5BADF495B8FB613F27AD, C040328B0838A1DD2F5E12863611B3755681697D1ADA2F0C014694762B4F8F72 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
09:18:14.0144 0x0eb0 Sophos Web Control Service - ok
09:18:14.0160 0x0eb0 [ FFD056D55C46946ACA218F0A61DA2743, A9E3910EBEFC8674704F42C6D43A12A521C212B911D46FCD669D8AAFA8381C55 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
09:18:14.0160 0x0eb0 SophosBootDriver - ok
09:18:14.0175 0x0eb0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:18:14.0191 0x0eb0 spldr - ok
09:18:14.0222 0x0eb0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
09:18:14.0253 0x0eb0 Spooler - ok
09:18:14.0394 0x0eb0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:18:14.0534 0x0eb0 sppsvc - ok
09:18:14.0565 0x0eb0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:18:14.0596 0x0eb0 sppuinotify - ok
09:18:14.0627 0x0eb0 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:18:14.0674 0x0eb0 srv - ok
09:18:14.0690 0x0eb0 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:18:14.0721 0x0eb0 srv2 - ok
09:18:14.0752 0x0eb0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:18:14.0752 0x0eb0 srvnet - ok
09:18:14.0783 0x0eb0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:18:14.0814 0x0eb0 SSDPSRV - ok
09:18:14.0830 0x0eb0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:18:14.0846 0x0eb0 SstpSvc - ok
09:18:14.0877 0x0eb0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:18:14.0892 0x0eb0 stexstor - ok
09:18:14.0939 0x0eb0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:18:14.0986 0x0eb0 stisvc - ok
09:18:15.0001 0x0eb0 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:18:15.0017 0x0eb0 storflt - ok
09:18:15.0033 0x0eb0 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
09:18:15.0095 0x0eb0 StorSvc - ok
09:18:15.0111 0x0eb0 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:18:15.0142 0x0eb0 storvsc - ok
09:18:15.0204 0x0eb0 [ BC2CF20E9C24423FF8826C601104A4CC, E71D5070B7BA59CDC61D555FB9D8ADD178521FB186174CB522852522929D62D4 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
09:18:15.0235 0x0eb0 SUService - ok
09:18:15.0251 0x0eb0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:18:15.0266 0x0eb0 swenum - ok
09:18:15.0407 0x0eb0 [ F93242F00BD1516E6199E28701156D01, 6E090F16F9E67D19A09918A25DA63E1A4BCED0FF0487792B4A7613F7FECBC5EF ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
09:18:15.0469 0x0eb0 swi_service - ok
09:18:15.0609 0x0eb0 [ 033D51B204E4BD1237183F212E17C752, 9A5BE115960FCF255070B92E92B00EC4FBAD3925A66C13851C5EBD8738FBC195 ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
09:18:15.0703 0x0eb0 swi_update_64 - ok
09:18:15.0750 0x0eb0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:18:15.0812 0x0eb0 swprv - ok
09:18:15.0890 0x0eb0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
09:18:15.0968 0x0eb0 SysMain - ok
09:18:15.0983 0x0eb0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:18:16.0014 0x0eb0 TabletInputService - ok
09:18:16.0014 0x0eb0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:18:16.0077 0x0eb0 TapiSrv - ok
09:18:16.0092 0x0eb0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:18:16.0124 0x0eb0 TBS - ok
09:18:16.0217 0x0eb0 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:18:16.0264 0x0eb0 Tcpip - ok
09:18:16.0342 0x0eb0 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:18:16.0388 0x0eb0 TCPIP6 - ok
09:18:16.0404 0x0eb0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:18:16.0435 0x0eb0 tcpipreg - ok
09:18:16.0451 0x0eb0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:18:16.0498 0x0eb0 TDPIPE - ok
09:18:16.0513 0x0eb0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:18:16.0560 0x0eb0 TDTCP - ok
09:18:16.0576 0x0eb0 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:18:16.0638 0x0eb0 tdx - ok
09:18:16.0653 0x0eb0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:18:16.0669 0x0eb0 TermDD - ok
09:18:16.0700 0x0eb0 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll
09:18:16.0763 0x0eb0 TermService - ok
09:18:16.0794 0x0eb0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:18:16.0809 0x0eb0 Themes - ok
09:18:16.0825 0x0eb0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:18:16.0856 0x0eb0 THREADORDER - ok
09:18:16.0872 0x0eb0 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
09:18:16.0887 0x0eb0 TPM - ok
09:18:16.0903 0x0eb0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:18:16.0934 0x0eb0 TrkWks - ok
09:18:16.0981 0x0eb0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:18:17.0027 0x0eb0 TrustedInstaller - ok
09:18:17.0059 0x0eb0 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:18:17.0074 0x0eb0 tssecsrv - ok
09:18:17.0105 0x0eb0 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:18:17.0137 0x0eb0 TsUsbFlt - ok
09:18:17.0152 0x0eb0 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:18:17.0183 0x0eb0 TsUsbGD - ok
09:18:17.0214 0x0eb0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:18:17.0292 0x0eb0 tunnel - ok
09:18:17.0308 0x0eb0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:18:17.0324 0x0eb0 uagp35 - ok
09:18:17.0339 0x0eb0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:18:17.0386 0x0eb0 udfs - ok
09:18:17.0417 0x0eb0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:18:17.0448 0x0eb0 UI0Detect - ok
09:18:17.0479 0x0eb0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:18:17.0495 0x0eb0 uliagpkx - ok
09:18:17.0511 0x0eb0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:18:17.0542 0x0eb0 umbus - ok
09:18:17.0557 0x0eb0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
09:18:17.0589 0x0eb0 UmPass - ok
09:18:17.0604 0x0eb0 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
09:18:17.0651 0x0eb0 UmRdpService - ok
09:18:17.0791 0x0eb0 [ 07AE0C9F64C4D83ABAA816EE23548D6D, DCFC5B0A43E99EC952C409680001458FA81A1CD4CA821FCB1386545F46B124A3 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:18:17.0853 0x0eb0 UNS - ok
09:18:17.0885 0x0eb0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:18:17.0931 0x0eb0 upnphost - ok
09:18:17.0963 0x0eb0 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:18:17.0978 0x0eb0 usbaudio - ok
09:18:18.0025 0x0eb0 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:18:18.0040 0x0eb0 usbccgp - ok
09:18:18.0072 0x0eb0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:18:18.0103 0x0eb0 usbcir - ok
09:18:18.0118 0x0eb0 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:18:18.0150 0x0eb0 usbehci - ok
09:18:18.0181 0x0eb0 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:18:18.0228 0x0eb0 usbhub - ok
09:18:18.0259 0x0eb0 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:18:18.0274 0x0eb0 usbohci - ok
09:18:18.0305 0x0eb0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:18:18.0352 0x0eb0 usbprint - ok
09:18:18.0383 0x0eb0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:18:18.0415 0x0eb0 USBSTOR - ok
09:18:18.0430 0x0eb0 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:18:18.0446 0x0eb0 usbuhci - ok
09:18:18.0477 0x0eb0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:18:18.0524 0x0eb0 UxSms - ok
09:18:18.0555 0x0eb0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
09:18:18.0555 0x0eb0 VaultSvc - ok
09:18:18.0570 0x0eb0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:18:18.0570 0x0eb0 vdrvroot - ok
09:18:18.0602 0x0eb0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:18:18.0664 0x0eb0 vds - ok
09:18:18.0695 0x0eb0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:18:18.0711 0x0eb0 vga - ok
09:18:18.0711 0x0eb0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:18:18.0757 0x0eb0 VgaSave - ok
09:18:18.0773 0x0eb0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:18:18.0804 0x0eb0 vhdmp - ok
09:18:18.0820 0x0eb0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:18:18.0835 0x0eb0 viaide - ok
09:18:18.0851 0x0eb0 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:18:18.0867 0x0eb0 vmbus - ok
09:18:18.0882 0x0eb0 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:18:18.0913 0x0eb0 VMBusHID - ok
09:18:18.0929 0x0eb0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:18:18.0929 0x0eb0 volmgr - ok
09:18:18.0960 0x0eb0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:18:18.0960 0x0eb0 volmgrx - ok
09:18:18.0976 0x0eb0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:18:18.0991 0x0eb0 volsnap - ok
09:18:19.0022 0x0eb0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:18:19.0038 0x0eb0 vsmraid - ok
09:18:19.0116 0x0eb0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:18:19.0209 0x0eb0 VSS - ok
09:18:19.0225 0x0eb0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:18:19.0241 0x0eb0 vwifibus - ok
09:18:19.0272 0x0eb0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:18:19.0303 0x0eb0 W32Time - ok
09:18:19.0334 0x0eb0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:18:19.0365 0x0eb0 WacomPen - ok
09:18:19.0381 0x0eb0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:18:19.0428 0x0eb0 WANARP - ok
09:18:19.0428 0x0eb0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:18:19.0459 0x0eb0 Wanarpv6 - ok
09:18:19.0521 0x0eb0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:18:19.0615 0x0eb0 wbengine - ok
09:18:19.0630 0x0eb0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:18:19.0661 0x0eb0 WbioSrvc - ok
09:18:19.0677 0x0eb0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:18:19.0739 0x0eb0 wcncsvc - ok
09:18:19.0755 0x0eb0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:18:19.0802 0x0eb0 WcsPlugInService - ok
09:18:19.0817 0x0eb0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
09:18:19.0833 0x0eb0 Wd - ok
09:18:19.0880 0x0eb0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:18:19.0911 0x0eb0 Wdf01000 - ok
09:18:19.0911 0x0eb0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:18:20.0004 0x0eb0 WdiServiceHost - ok
09:18:20.0004 0x0eb0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:18:20.0020 0x0eb0 WdiSystemHost - ok
09:18:20.0051 0x0eb0 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
09:18:20.0098 0x0eb0 WebClient - ok
09:18:20.0129 0x0eb0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:18:20.0207 0x0eb0 Wecsvc - ok
09:18:20.0238 0x0eb0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:18:20.0269 0x0eb0 wercplsupport - ok
09:18:20.0316 0x0eb0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:18:20.0347 0x0eb0 WerSvc - ok
09:18:20.0378 0x0eb0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:18:20.0409 0x0eb0 WfpLwf - ok
09:18:20.0425 0x0eb0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:18:20.0425 0x0eb0 WIMMount - ok
09:18:20.0456 0x0eb0 WinDefend - ok
09:18:20.0472 0x0eb0 WinHttpAutoProxySvc - ok
09:18:20.0534 0x0eb0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:18:20.0565 0x0eb0 Winmgmt - ok
09:18:20.0643 0x0eb0 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
09:18:20.0783 0x0eb0 WinRM - ok
09:18:20.0830 0x0eb0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:18:20.0893 0x0eb0 Wlansvc - ok
09:18:20.0924 0x0eb0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:18:20.0939 0x0eb0 WmiAcpi - ok
09:18:20.0970 0x0eb0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:18:21.0017 0x0eb0 wmiApSrv - ok
09:18:21.0048 0x0eb0 WMPNetworkSvc - ok
09:18:21.0064 0x0eb0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:18:21.0095 0x0eb0 WPCSvc - ok
09:18:21.0111 0x0eb0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:18:21.0157 0x0eb0 WPDBusEnum - ok
09:18:21.0173 0x0eb0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:18:21.0235 0x0eb0 ws2ifsl - ok
09:18:21.0251 0x0eb0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
09:18:21.0282 0x0eb0 wscsvc - ok
09:18:21.0313 0x0eb0 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:18:21.0345 0x0eb0 WSDPrintDevice - ok
09:18:21.0345 0x0eb0 WSearch - ok
09:18:21.0454 0x0eb0 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
09:18:21.0532 0x0eb0 wuauserv - ok
09:18:21.0563 0x0eb0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:18:21.0625 0x0eb0 WudfPf - ok
09:18:21.0656 0x0eb0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:18:21.0703 0x0eb0 WUDFRd - ok
09:18:21.0734 0x0eb0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:18:21.0765 0x0eb0 wudfsvc - ok
09:18:21.0796 0x0eb0 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
09:18:21.0859 0x0eb0 WwanSvc - ok
09:18:21.0874 0x0eb0 ================ Scan global ===============================
09:18:21.0890 0x0eb0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:18:21.0921 0x0eb0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:18:21.0952 0x0eb0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:18:21.0968 0x0eb0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:18:21.0999 0x0eb0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:18:22.0015 0x0eb0 [ Global ] - ok
09:18:22.0015 0x0eb0 ================ Scan MBR ==================================
09:18:22.0015 0x0eb0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:18:22.0280 0x0eb0 \Device\Harddisk0\DR0 - ok
09:18:22.0280 0x0eb0 ================ Scan VBR ==================================
09:18:22.0280 0x0eb0 [ 3D76E4A05E6F29E66D7386AE21BCA38D ] \Device\Harddisk0\DR0\Partition1
09:18:22.0280 0x0eb0 \Device\Harddisk0\DR0\Partition1 - ok
09:18:22.0280 0x0eb0 [ CBA5A9EA4C4F67DBB904619870FC69B5 ] \Device\Harddisk0\DR0\Partition2
09:18:22.0295 0x0eb0 \Device\Harddisk0\DR0\Partition2 - ok
09:18:22.0295 0x0eb0 [ 501536C54E99E8A83E0519F8DC181B94 ] \Device\Harddisk0\DR0\Partition3
09:18:22.0295 0x0eb0 \Device\Harddisk0\DR0\Partition3 - ok
09:18:22.0295 0x0eb0 ================ Scan generic autorun ======================
09:18:22.0654 0x0eb0 [ 492916D95898A5209F8458C5D5749F42, 66C28E391D29E69072079E7F3F5E31CC531790C700834D53CCB1E84AA8908D6B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
09:18:22.0872 0x0eb0 RtHDVCpl - ok
09:18:22.0934 0x0eb0 [ 39CF316EB5842AE27CC0D3CC4E2840DE, BC4D4ED926F988B7B70CC87B7EC92D148DA6BC39C5C514751F1B0CA69D0F9081 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
09:18:22.0965 0x0eb0 BCSSync - ok
09:18:23.0090 0x0eb0 [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
09:18:23.0121 0x0eb0 AdobeAAMUpdater-1.0 - ok
09:18:23.0137 0x0eb0 [ 7307AEC9FA7F0872A26F4B5D2E8B623A, 95C9EED87278F638C8DAEDBE0ECB10F8FC725623AB707DD7C36F3A11A361BE52 ] C:\Windows\system32\igfxtray.exe
09:18:23.0152 0x0eb0 IgfxTray - ok
09:18:23.0168 0x0eb0 [ 053C46FD07C5FB6D4C73FCC7DE72D3D3, D636554AA1C8899C7B85ABE27194F8BFE6002634CE69BCD7127F3081C6E79B81 ] C:\Windows\system32\hkcmd.exe
09:18:23.0184 0x0eb0 HotKeysCmds - ok
09:18:23.0215 0x0eb0 [ 5ED0DF577AC20A47685DE15D25C077D8, 72B33534D88C0AA944A548489E05C500D1A45FA9818446C7CC9E111DE9C8C1F3 ] C:\Windows\system32\igfxpers.exe
09:18:23.0230 0x0eb0 Persistence - ok
09:18:23.0261 0x0eb0 [ D6935C335A7767369A35BC7EA10613D1, 479CCDE8B1451BB2F820E935434E3C848E5AB917E5CC430FEE21D6A94CAC8B7D ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
09:18:23.0261 0x0eb0 IMSS - ok
09:18:23.0308 0x0eb0 [ 4A73AB8412D3AA6CFAD24051FF9DBFA7, 7C1F6BDECE92F2A58E88FC603F1BEE9B0F72130136AE9A368892323A9A327FD1 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
09:18:23.0324 0x0eb0 IAStorIcon - ok
09:18:23.0417 0x0eb0 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:18:23.0448 0x0eb0 Adobe ARM - ok
09:18:23.0495 0x0eb0 [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:18:23.0511 0x0eb0 APSDaemon - ok
09:18:23.0573 0x0eb0 [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
09:18:23.0589 0x0eb0 iTunesHelper - ok
09:18:23.0636 0x0eb0 [ 8DDA2B606279753601F9415DA503CA63, 2C9AD8218E150B6D50817991377ED3230A1672EFBD7AE29D0CD9E55E2418C800 ] C:\Program Files (x86)\QuickTime\QTTask.exe
09:18:23.0682 0x0eb0 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
09:18:26.0036 0x0eb0 Detect skipped due to KSN trusted
09:18:26.0036 0x0eb0 QuickTime Task - ok
09:18:26.0114 0x0eb0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:18:26.0238 0x0eb0 Sidebar - ok
09:18:26.0254 0x0eb0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:18:26.0269 0x0eb0 mctadmin - ok
09:18:26.0301 0x0eb0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:18:26.0332 0x0eb0 Sidebar - ok
09:18:26.0332 0x0eb0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:18:26.0347 0x0eb0 mctadmin - ok
09:18:26.0394 0x0eb0 Akamai NetSession Interface - ok
09:18:26.0394 0x0eb0 Waiting for KSN requests completion. In queue: 184
09:18:27.0407 0x0eb0 Waiting for KSN requests completion. In queue: 184
09:18:28.0420 0x0eb0 Waiting for KSN requests completion. In queue: 184
09:18:29.0433 0x0eb0 AV detected via SS2: Sophos Anti-Virus, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.3.6.0 ), 0x51000 ( enabled : updated )
09:18:29.0480 0x0eb0 Win FW state via NFP2: enabled
09:18:31.0849 0x0eb0 ============================================================
09:18:31.0849 0x0eb0 Scan finished
09:18:31.0849 0x0eb0 ============================================================
09:18:31.0849 0x13a0 Detected object count: 0
09:18:31.0849 0x13a0 Actual detected object count: 0
|
|
23.10.2014, 20:09
| #4 |
| /// the machine /// TB-Ausbilder | Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter Dann springen wir mal gleich zum Onlinescan, ich denke nämlich an ein Problem mit Sophos. ESET Online Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.10.2014, 10:58
| #5 |
| | Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter Hallo Schrauber, 50% des Suchlaufs sind inzwischen durch. Und zwei "Bedrohungen" hat er angeblich gefunden. Details dann im Log, wenn er fertig ist. Bis später und Danke für deine Mühe! *** EDIT***: Hi Schrauber, Also hier nun das logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=568220b33f7cbf4fbccf80cf004336da
# engine=20759
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-24 09:46:33
# local_time=2014-10-24 11:46:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 165773843 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 7593 123960589 0 0
# scanned=193130
# found=2
# cleaned=0
# scan_time=4603
sh=7B720E224C304F4B33FFBCCDF7747AD5678E9334 ft=1 fh=950772f3162e2eb6 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\5DABFACA5DECABBB\Downloads\SoftonicDownloader_fuer_mediainfo.exe"
sh=6846A2F81389B7C2A61509D795CE6B6B16E7297F ft=1 fh=1a23ae1e279c7a5f vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Lehrstuhl\AppData\Local\Temp\ASKEFF9.tmp"
|
|
25.10.2014, 08:00
| #6 |
| /// the machine /// TB-Ausbilder | Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter Das is nix, nur bissl Temp Kram. Deinstalliere Sophos komplett, reboote, und installiere es neu.
__________________ --> Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter |
|
25.10.2014, 11:26
| #7 |
| | Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter Hi Schrauber, sieht so aus, als hätte das Deinstallieren und die Neuinstallation etwas genützt. Jedenfalls erscheint die Fehlermeldung nicht mehr! Danke für deine Hilfe. Großes Kino, wie Ihr euch hier engagiert und Zeit nehmt! VG Kitel00p |
|
25.10.2014, 19:12
| #8 |
| /// the machine /// TB-Ausbilder | Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter Gern Geschehen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter |
| adobe, adware, bonjour, browser, cpu, defender, desktop, error, feedback, fehlercode 1, flash player, installation, monitor, mozilla, programm, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, temp, tracker, virus, win32/small.ca, win32/small.ca-virus, windows, windows 7 |
Linear-Darstellung
