| |
| |||||||
Log-Analyse und Auswertung: Zip-Datei mit Trojaner: Crypt3.CDYN geöffnetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.03.2015, 12:43
| #1 |
 |  Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet Hallo allerseits, meine Freundin hat leider den Anhang einer Spam-Mail geöffnet (Zip) und mutmaßlich auch ausgeführt. Die Zip-Datei habe ich dann mit AVG scannen lassen und es wurde Trojaner: Crypt3.CDYN als Bedrohung angezeigt. Nach Bereinigen der Datei konnte AVG bei einem Komplett-Scan keine Bedrohungen mehr finden. Jetzt frage ich mich ob AVG wohl die Ausführung des Trojaners direkt verhindert hat, oder ob ich den PC neu aufsetzen muss. Hier die Logfiles: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:52 on 03/03/2015 (Benny)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Benny (administrator) on KOMPUTTA on 03-03-2015 11:55:32
Running from C:\Users\Benny\Desktop
Loaded Profiles: Benny (Available profiles: Marcel & Benny)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-06-20] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\9fwfn2wj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R3 Disc Soft Ultra Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [1378576 2014-12-09] (Disc Soft Ltd)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-02-26] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-02-26] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30352 2014-12-27] (Disc Soft Ltd)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 11:55 - 2015-03-03 11:56 - 00011681 _____ () C:\Users\Benny\Desktop\FRST.txt
2015-03-03 11:54 - 2015-03-03 11:55 - 00000000 ____D () C:\FRST
2015-03-03 11:53 - 2015-03-03 11:53 - 02092544 _____ (Farbar) C:\Users\Benny\Desktop\FRST64.exe
2015-03-03 11:52 - 2015-03-03 11:52 - 00000472 _____ () C:\Users\Benny\Desktop\defogger_disable.log
2015-03-03 11:52 - 2015-03-03 11:52 - 00000000 _____ () C:\Users\Benny\defogger_reenable
2015-03-03 11:51 - 2015-03-03 11:51 - 00050477 _____ () C:\Users\Benny\Desktop\Defogger.exe
2015-03-01 14:53 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-01 14:53 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-01 14:24 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-01 14:24 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-01 14:24 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-01 14:24 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-01 14:24 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-01 14:24 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-01 14:24 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-01 14:24 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-01 14:24 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-01 14:24 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-01 14:24 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-01 14:24 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-01 14:24 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-01 14:24 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-01 14:24 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-01 14:24 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-01 14:24 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-01 14:24 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-01 14:24 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-01 14:24 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-01 14:24 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-01 14:24 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-01 14:24 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-01 14:24 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-01 14:24 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-01 14:24 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-01 14:24 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-01 14:24 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-01 14:24 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-01 14:24 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-01 14:24 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-01 14:24 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-01 14:24 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-01 14:24 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-01 14:24 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-01 14:24 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-01 14:24 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-01 14:24 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-01 14:24 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-01 14:24 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-01 14:24 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-01 14:24 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-01 14:24 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-01 14:24 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-01 14:24 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-01 14:24 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-01 14:24 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-01 14:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-01 14:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-01 14:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-01 14:23 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-01 14:23 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-01 14:23 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-01 14:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-01 14:23 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-01 14:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-01 14:21 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-01 14:21 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-01 14:21 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-01 14:21 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-01 14:21 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-01 14:21 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-01 14:21 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-01 14:21 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-01 14:21 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-01 14:21 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-01 14:21 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-01 14:21 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-01 14:21 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-01 14:21 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-01 14:21 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-01 14:21 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-01 14:20 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-01 14:20 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-01 14:20 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-01 14:20 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-01 14:20 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-01 14:20 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-01 14:20 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-01 14:20 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-01 14:20 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-01 14:20 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-01 14:20 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-01 14:20 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-01 14:20 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-01 14:20 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-01 14:20 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-01 14:20 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-01 14:20 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-01 14:20 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-01 14:20 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-01 14:20 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-01 14:20 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-01 14:20 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-01 14:20 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-01 14:20 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-01 14:20 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-01 14:20 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-01 14:19 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-01 14:19 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-01 14:16 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-01 14:16 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-01 14:16 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-01 14:16 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-01 14:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-01 14:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-01 14:16 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-01 14:05 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-27 22:07 - 2015-02-27 22:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-26 21:29 - 2015-02-26 21:29 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-02-26 21:27 - 2015-02-27 22:07 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-02-26 21:27 - 2015-02-26 21:29 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-02-24 22:52 - 2015-02-24 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 11:52 - 2014-12-31 18:33 - 00000000 ____D () C:\Users\Benny
2015-03-03 11:46 - 2013-09-19 21:36 - 01989044 _____ () C:\Windows\WindowsUpdate.log
2015-03-03 11:44 - 2013-09-19 22:29 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-03 11:43 - 2014-12-27 10:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 11:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-03 11:16 - 2014-12-27 10:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 07:50 - 2015-01-24 09:04 - 00000000 ____D () C:\Users\Benny\AppData\Local\Avg2015
2015-03-02 15:53 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 15:53 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 15:48 - 2012-01-10 20:14 - 00020061 _____ () C:\Windows\setupact.log
2015-03-02 15:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 15:47 - 2009-07-14 05:45 - 00364520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-01 19:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-01 18:32 - 2013-11-17 20:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-01 18:32 - 2013-11-17 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-01 18:32 - 2013-09-19 22:18 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Adobe
2015-03-01 14:48 - 2014-12-27 11:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-01 14:46 - 2014-12-27 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-01 14:39 - 2013-09-20 00:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-01 14:33 - 2013-11-17 20:44 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-03-01 14:30 - 2012-01-10 19:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-01 10:59 - 2015-01-12 20:02 - 00001017 _____ () C:\Users\Benny\Desktop\Dropbox.lnk
2015-03-01 10:59 - 2015-01-12 20:02 - 00000000 ___RD () C:\Users\Benny\Dropbox
2015-03-01 10:59 - 2015-01-12 20:00 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-01 10:59 - 2015-01-12 19:57 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Dropbox
2015-03-01 10:12 - 2015-01-12 20:26 - 00000000 ____D () C:\Users\Benny\AppData\Local\Adobe
2015-02-26 21:00 - 2013-09-19 21:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 13:05 - 2014-12-27 10:59 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 13:05 - 2014-12-27 10:59 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-01 12:52 - 2014-12-31 18:33 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Adobe
Some content of TEMP:
====================
C:\Users\Benny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgsulrj.dll
C:\Users\Marcel\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 18:55
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Benny at 2015-03-03 11:56:48
Running from C:\Users\Benny\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
calibre (HKLM-x32\...\{4BF56EFD-2F39-40F2-89BB-CF9D3550A806}) (Version: 2.17.0 - Kovid Goyal)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 3.0.0.0309 - Disc Soft Ltd)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Dropbox (HKU\S-1-5-21-2605916418-3193630820-2758046491-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.55 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.03.13 - )
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
Startfenster (HKLM-x32\...\Startfenster) (Version: - Startfenster)
System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.41 - )
ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.26 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2605916418-3193630820-2758046491-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
03-03-2015 09:19:32 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11D4DA04-706D-4D39-A603-F6D823A39E1D} - System32\Tasks\{5BA2006A-2B28-4A49-BD23-2685559E1FC3} => pcalua.exe -a C:\Users\Marcel\Downloads\fritzdsl2.04.03_german_x64.exe -d C:\Users\Marcel\Downloads
Task: {1EB06A3C-1934-4A63-BF8A-1F3352AF5AA6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {2132FEFC-3ADE-4FAF-8AB3-B3714A3321F7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2C6FF75E-C42B-4608-A9EB-06A83F67CCC6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {4C3F509D-A7E5-41E6-AB8D-017532935AB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)
Task: {73E64565-D9D5-4B6B-BDF7-EB8D01E36BF5} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {76E90FBE-822E-40F1-8010-DE7323BEEA7A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BEC5B431-99FC-479F-A970-E442AE1A767B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-27] (Google Inc.)
Task: {E7E58319-DB38-4C09-A07E-620DD245D581} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E85AACB2-4E50-4A3C-94DF-BEC408245139} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {EE07D689-A1D6-413F-BDBE-6AFCEE619ABD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {F5862D65-536B-4FD0-92E9-55C8FD836CEF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-26 21:27 - 2015-02-26 21:21 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-02-26 21:29 - 2015-02-26 21:21 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2013-09-20 01:49 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-20 01:38 - 2013-06-26 05:55 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-12-27 10:24 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-01-24 12:28 - 2011-01-24 12:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2015-02-26 21:29 - 2015-02-26 21:25 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2015-03-01 18:32 - 2015-03-01 18:32 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2605916418-3193630820-2758046491-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2605916418-3193630820-2758046491-500 - Administrator - Disabled)
Benny (S-1-5-21-2605916418-3193630820-2758046491-1003 - Administrator - Enabled) => C:\Users\Benny
Gast (S-1-5-21-2605916418-3193630820-2758046491-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2605916418-3193630820-2758046491-1002 - Limited - Enabled)
Marcel (S-1-5-21-2605916418-3193630820-2758046491-1000 - Administrator - Enabled) => C:\Users\Marcel
==================== Faulty Device Manager Devices =============
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/02/2015 03:48:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/01/2015 01:39:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2015 09:07:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 09:32:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 09:02:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/25/2015 08:52:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/24/2015 08:50:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/23/2015 04:04:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/23/2015 10:56:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/16/2015 03:46:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/01/2015 07:32:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst avgwd erreicht.
Error: (03/01/2015 07:12:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (03/01/2015 07:11:34 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (03/01/2015 02:18:05 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (02/27/2015 10:30:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (02/24/2015 09:07:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LSCWinService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/24/2015 09:07:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LSCWinService erreicht.
Error: (02/23/2015 06:55:35 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.
Error: (01/31/2015 05:54:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (01/24/2015 11:08:39 AM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.
Microsoft Office Sessions:
=========================
Error: (03/02/2015 03:48:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/01/2015 01:39:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2015 09:07:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 09:32:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 09:02:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/25/2015 08:52:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/24/2015 08:50:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/23/2015 04:04:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/23/2015 10:56:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/16/2015 03:46:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 75%
Total physical RAM: 2030.3 MB
Available physical RAM: 491.53 MB
Total Pagefile: 4060.59 MB
Available Pagefile: 1309.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:38.96 GB) (Free:5.41 GB) NTFS
Drive d: () (Fixed) (Total:54.1 GB) (Free:51.05 GB) NTFS
Drive h: (RS3ENUS1) (CDROM) (Total:0.4 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 93.2 GB) (Disk ID: 8128D1BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=54.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-03 12:06:53
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS72101 rev.MCZI 93,16GB
Running: Gmer-19357.exe; Driver: C:\Users\Benny\AppData\Local\Temp\pgryqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\SearchIndexer.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e0018
.text C:\Windows\System32\svchost.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e0018
.text C:\Windows\system32\winlogon.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e0018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e0018
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e0018
.text C:\Windows\Explorer.EXE[1748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e0018
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e0018
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007732fe14 5 bytes JMP 00000001724d1000
.text C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007732fe14 5 bytes JMP 00000001724d1000
.text C:\Windows\SysWOW64\rundll32.exe[6360] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007732fe14 5 bytes JMP 00000001724d1000
.text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e0018
.text C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe[3436] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007732fe14 5 bytes JMP 00000001724d1000
.text C:\Windows\system32\wuauclt.exe[9464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077181650 5 bytes JMP 00000000772e0018
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001c26f7ae50
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001c26f7ae50 (not active ControlSet)
---- EOF - GMER 2.1 ----
Benny |
|
03.03.2015, 13:26
| #2 |
| /// the machine /// TB-Ausbilder    | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
03.03.2015, 20:12
| #3 |
| | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet Hallo Schrauber,
__________________vielen Dank für deine schnelle Antwort! Hier der TDSSKiller Report aus dem Programmfenster: Code:
ATTFilter 20:02:48.0433 0x1568 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:03:12.0038 0x1568 ============================================================
20:03:12.0038 0x1568 Current date / time: 2015/03/03 20:03:12.0038
20:03:12.0038 0x1568 SystemInfo:
20:03:12.0038 0x1568
20:03:12.0038 0x1568 OS Version: 6.1.7601 ServicePack: 1.0
20:03:12.0038 0x1568 Product type: Workstation
20:03:12.0039 0x1568 ComputerName: KOMPUTTA
20:03:12.0039 0x1568 UserName: Benny
20:03:12.0039 0x1568 Windows directory: C:\Windows
20:03:12.0039 0x1568 System windows directory: C:\Windows
20:03:12.0039 0x1568 Running under WOW64
20:03:12.0039 0x1568 Processor architecture: Intel x64
20:03:12.0039 0x1568 Number of processors: 2
20:03:12.0039 0x1568 Page size: 0x1000
20:03:12.0039 0x1568 Boot type: Normal boot
20:03:12.0039 0x1568 ============================================================
20:03:14.0676 0x1568 KLMD registered as C:\Windows\system32\drivers\92935773.sys
20:03:15.0217 0x1568 System UUID: {56737458-9208-F6B3-1C6B-C3C51A8E79EE}
20:03:15.0792 0x1568 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 ( 93.16 Gb ), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:03:15.0802 0x1568 ============================================================
20:03:15.0802 0x1568 \Device\Harddisk0\DR0:
20:03:15.0802 0x1568 MBR partitions:
20:03:15.0802 0x1568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:03:15.0802 0x1568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4DEE000
20:03:15.0802 0x1568 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4E20800, BlocksNum 0x6C31000
20:03:15.0802 0x1568 ============================================================
20:03:15.0825 0x1568 C: <-> \Device\Harddisk0\DR0\Partition2
20:03:15.0865 0x1568 D: <-> \Device\Harddisk0\DR0\Partition3
20:03:15.0865 0x1568 ============================================================
20:03:15.0865 0x1568 Initialize success
20:03:15.0865 0x1568 ============================================================
20:03:47.0133 0x0520 ============================================================
20:03:47.0133 0x0520 Scan started
20:03:47.0133 0x0520 Mode: Manual; SigCheck; TDLFS;
20:03:47.0133 0x0520 ============================================================
20:03:47.0133 0x0520 KSN ping started
20:04:04.0060 0x0520 KSN ping finished: true
20:04:06.0354 0x0520 ================ Scan system memory ========================
20:04:06.0354 0x0520 System memory - ok
20:04:06.0354 0x0520 ================ Scan services =============================
20:04:06.0549 0x0520 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:04:06.0658 0x0520 1394ohci - ok
20:04:06.0704 0x0520 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:04:06.0729 0x0520 ACPI - ok
20:04:06.0754 0x0520 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:04:06.0847 0x0520 AcpiPmi - ok
20:04:06.0944 0x0520 [ 6C4B9E202A497782070CE383CBD5D737, DE09569366AF09314BF75D024F36D30C17D1C36D330855A84E669F366163E780 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
20:04:06.0961 0x0520 AcPrfMgrSvc - ok
20:04:07.0017 0x0520 [ B3BF04C7E3E4FB0925BB4F8422763A3D, 77E5205D67167B8E00A7AFC6A78ACCDF5FE6EE8854166CF853DEEC260E87E58E ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
20:04:07.0037 0x0520 AcSvc - ok
20:04:07.0100 0x0520 [ 560649E6A9C11F6124F97310EF387C45, 6F6E0467BBBBA2D67E050C5730D66032A6265049A1B77C27C470D1F928F16166 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
20:04:07.0163 0x0520 ADIHdAudAddService - ok
20:04:07.0289 0x0520 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:04:07.0347 0x0520 AdobeARMservice - ok
20:04:07.0427 0x0520 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:04:07.0458 0x0520 adp94xx - ok
20:04:07.0501 0x0520 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:04:07.0526 0x0520 adpahci - ok
20:04:07.0548 0x0520 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:04:07.0568 0x0520 adpu320 - ok
20:04:07.0604 0x0520 [ 3BDB13C79CC8C06E2F8182595903ED69, 9E00D6649E862DE6812718B091C350E05A2C5C4D28DE8E05E3DD1F789A04EE96 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
20:04:07.0620 0x0520 AEADIFilters - ok
20:04:07.0643 0x0520 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:04:07.0683 0x0520 AeLookupSvc - ok
20:04:07.0732 0x0520 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
20:04:07.0781 0x0520 AFD - ok
20:04:07.0824 0x0520 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:04:07.0840 0x0520 agp440 - ok
20:04:07.0861 0x0520 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:04:07.0930 0x0520 ALG - ok
20:04:07.0972 0x0520 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:04:07.0997 0x0520 aliide - ok
20:04:08.0042 0x0520 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:04:08.0056 0x0520 amdide - ok
20:04:08.0101 0x0520 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:04:08.0119 0x0520 AmdK8 - ok
20:04:08.0136 0x0520 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:04:08.0154 0x0520 AmdPPM - ok
20:04:08.0188 0x0520 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:04:08.0206 0x0520 amdsata - ok
20:04:08.0225 0x0520 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:04:08.0246 0x0520 amdsbs - ok
20:04:08.0268 0x0520 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:04:08.0282 0x0520 amdxata - ok
20:04:08.0317 0x0520 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
20:04:08.0456 0x0520 AppID - ok
20:04:08.0482 0x0520 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:04:08.0534 0x0520 AppIDSvc - ok
20:04:08.0572 0x0520 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
20:04:08.0602 0x0520 Appinfo - ok
20:04:08.0636 0x0520 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
20:04:08.0667 0x0520 AppMgmt - ok
20:04:08.0709 0x0520 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
20:04:08.0725 0x0520 arc - ok
20:04:08.0742 0x0520 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:04:08.0758 0x0520 arcsas - ok
20:04:08.0873 0x0520 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:04:08.0905 0x0520 aspnet_state - ok
20:04:08.0946 0x0520 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:04:08.0986 0x0520 AsyncMac - ok
20:04:09.0039 0x0520 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:04:09.0053 0x0520 atapi - ok
20:04:09.0066 0x0520 athr - ok
20:04:09.0122 0x0520 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:04:09.0172 0x0520 AudioEndpointBuilder - ok
20:04:09.0197 0x0520 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:04:09.0228 0x0520 AudioSrv - ok
20:04:09.0283 0x0520 [ 54FE1CAFA3B3029B282E6A05EA672031, E972B8A22322FF06903A1E3AB20585E02A21C3A6EA9A75C172231494A08D14D1 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
20:04:09.0319 0x0520 Avgdiska - ok
20:04:09.0534 0x0520 [ 2568C3B3A5B58D04CE89A37C12576B73, D7178D0E780071C9C8B2917B873F2ED105890DFB87472B377B5A8C2EC1E3F0D0 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
20:04:09.0665 0x0520 AVGIDSAgent - ok
20:04:09.0723 0x0520 [ A3124AC9C0AF30ABD000A7CB5779C101, 1719EE6986FC29EE4EA383B2DAF4CAF9C1E70A1F547F75F8D51EDA027D3E5236 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:04:09.0744 0x0520 AVGIDSDriver - ok
20:04:09.0783 0x0520 [ 68070AEEE757ACC6EC5BC291B1E8EA1A, 8A4902CE6F4696F33CD6CF98F96FDA7895B99A676916F3137CF34192AF3C25A4 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
20:04:09.0806 0x0520 AVGIDSHA - ok
20:04:09.0825 0x0520 [ 7C9E8FD2BFCE60BDF9B5944C0BE47C87, 0F51507BAECDEF7B6F553066621A03832FF070EC6837A8E304AABA1227F779BF ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
20:04:09.0846 0x0520 Avgldx64 - ok
20:04:09.0886 0x0520 [ 734DCC05A7F327FDCE43A18BA011FD4E, E5245314E60D86911A6A9FC1FE4A0C0D0284D972CE642C28B9B1A43D1553AFA5 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
20:04:09.0908 0x0520 Avgloga - ok
20:04:09.0936 0x0520 [ B4D589C734D796B5B76E0A0E5DA50397, CACAB2C0D01583CEB55C62334A4E9BB46A2E399BE9B7EDC988AEC785DF1FCC1C ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
20:04:09.0969 0x0520 Avgmfx64 - ok
20:04:10.0043 0x0520 [ 3CE824D46BA1871713ABF147E6BAD556, B4D8AFC388BE06D6E3C5CDC865F80FF101E731E1D2B221FFC6C1E28487E1B3CD ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
20:04:10.0057 0x0520 Avgrkx64 - ok
20:04:10.0083 0x0520 [ 0BB7ECAC81554D83A66A0B9F961BB9D0, BBCE86FE8980E06F5A92E8636D6D3F2FD7B6EF7DB999BBEB0E68A5FCB220EDC9 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
20:04:10.0105 0x0520 Avgtdia - ok
20:04:10.0154 0x0520 [ 9B3B23AF6396FCC8899F0214A27EE49A, 187D8D2726891000702A4FAFDE9DFF1750F8B9C7EDE474547177E1213E0CCAF7 ] avgwd C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
20:04:10.0176 0x0520 avgwd - ok
20:04:10.0222 0x0520 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:04:10.0294 0x0520 AxInstSV - ok
20:04:10.0352 0x0520 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:04:10.0394 0x0520 b06bdrv - ok
20:04:10.0429 0x0520 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:04:10.0465 0x0520 b57nd60a - ok
20:04:10.0504 0x0520 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:04:10.0533 0x0520 BDESVC - ok
20:04:10.0569 0x0520 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:04:10.0607 0x0520 Beep - ok
20:04:10.0662 0x0520 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:04:10.0713 0x0520 BFE - ok
20:04:10.0772 0x0520 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
20:04:10.0850 0x0520 BITS - ok
20:04:10.0877 0x0520 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:04:10.0894 0x0520 blbdrive - ok
20:04:10.0931 0x0520 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:04:10.0973 0x0520 bowser - ok
20:04:11.0036 0x0520 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:04:11.0056 0x0520 BrFiltLo - ok
20:04:11.0074 0x0520 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:04:11.0106 0x0520 BrFiltUp - ok
20:04:11.0141 0x0520 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:04:11.0170 0x0520 Browser - ok
20:04:11.0197 0x0520 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:04:11.0238 0x0520 Brserid - ok
20:04:11.0267 0x0520 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:04:11.0286 0x0520 BrSerWdm - ok
20:04:11.0313 0x0520 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:04:11.0333 0x0520 BrUsbMdm - ok
20:04:11.0344 0x0520 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:04:11.0361 0x0520 BrUsbSer - ok
20:04:11.0405 0x0520 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:04:11.0439 0x0520 BthEnum - ok
20:04:11.0456 0x0520 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:04:11.0488 0x0520 BTHMODEM - ok
20:04:11.0521 0x0520 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:04:11.0543 0x0520 BthPan - ok
20:04:11.0589 0x0520 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:04:11.0625 0x0520 BTHPORT - ok
20:04:11.0659 0x0520 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:04:11.0709 0x0520 bthserv - ok
20:04:11.0733 0x0520 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:04:11.0751 0x0520 BTHUSB - ok
20:04:11.0788 0x0520 [ 2641A3FE3D7B0646308F33B67F3B5300, 8D2E37F6524D10197D36AAE41F59028B3DF0692A113EA342BB1AC36DEA13D8F6 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
20:04:11.0820 0x0520 btusbflt - ok
20:04:11.0855 0x0520 [ A72A9101F9730DB7332714E566614E4D, 7C75772EA40EAEDDE2565E5FF901B17EA9B748563B8CE40062D86D4B0F1DBF0C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:04:11.0870 0x0520 btwaudio - ok
20:04:11.0901 0x0520 [ 5CEEC634B617525F2B6AD29F871033F7, 0A48E08FB3C3384860783F72C85022F6AD11D8F7023580D007478AA94F6F41C5 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
20:04:11.0917 0x0520 btwavdt - ok
20:04:12.0081 0x0520 [ FFE8C1C3ABBF75CE4E74E9A0942DAE7D, 650B2403BB7FBC43CD111A9ABE71D48D685BE4AF84CD91ACA9A9A4C21A45E565 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
20:04:12.0126 0x0520 btwdins - ok
20:04:12.0162 0x0520 [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:04:12.0173 0x0520 btwl2cap - ok
20:04:12.0194 0x0520 [ 2AF5604D28BEF77B7CF4B9D232FE7CD3, 758524012FE284EDFC27DF095A2DD5853A0F084999F14DA66784103176E938E4 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:04:12.0206 0x0520 btwrchid - ok
20:04:12.0237 0x0520 [ FDB53A8D3BC52DC29884587E768E3388, 2D80EEFA7A01C5E62676B7B3804E2B2FE80BF350001FFD4ECC547B23CBA378A3 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
20:04:12.0273 0x0520 CAXHWAZL - ok
20:04:12.0313 0x0520 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:04:12.0353 0x0520 cdfs - ok
20:04:12.0394 0x0520 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:04:12.0430 0x0520 cdrom - ok
20:04:12.0464 0x0520 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:04:12.0502 0x0520 CertPropSvc - ok
20:04:12.0538 0x0520 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
20:04:12.0558 0x0520 circlass - ok
20:04:12.0595 0x0520 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
20:04:12.0617 0x0520 CLFS - ok
20:04:12.0680 0x0520 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:04:12.0696 0x0520 clr_optimization_v2.0.50727_32 - ok
20:04:12.0751 0x0520 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:04:12.0768 0x0520 clr_optimization_v2.0.50727_64 - ok
20:04:12.0851 0x0520 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:04:12.0904 0x0520 clr_optimization_v4.0.30319_32 - ok
20:04:12.0943 0x0520 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:04:12.0970 0x0520 clr_optimization_v4.0.30319_64 - ok
20:04:13.0008 0x0520 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:04:13.0025 0x0520 CmBatt - ok
20:04:13.0042 0x0520 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:04:13.0056 0x0520 cmdide - ok
20:04:13.0123 0x0520 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
20:04:13.0193 0x0520 CNG - ok
20:04:13.0219 0x0520 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:04:13.0234 0x0520 Compbatt - ok
20:04:13.0255 0x0520 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:04:13.0275 0x0520 CompositeBus - ok
20:04:13.0286 0x0520 COMSysApp - ok
20:04:13.0299 0x0520 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:04:13.0313 0x0520 crcdisk - ok
20:04:13.0361 0x0520 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:04:13.0395 0x0520 CryptSvc - ok
20:04:13.0441 0x0520 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
20:04:13.0489 0x0520 CSC - ok
20:04:13.0536 0x0520 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
20:04:13.0585 0x0520 CscService - ok
20:04:13.0638 0x0520 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:04:13.0702 0x0520 DcomLaunch - ok
20:04:13.0755 0x0520 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:04:13.0803 0x0520 defragsvc - ok
20:04:13.0828 0x0520 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:04:13.0880 0x0520 DfsC - ok
20:04:13.0915 0x0520 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:04:13.0956 0x0520 Dhcp - ok
20:04:14.0113 0x0520 [ 98804934152C30555C7FD3CDD26F1164, B2726F2A5A6F5D12EB357ED4900FF26928F1E921594F0D2CFD1797A69AC59524 ] Disc Soft Ultra Bus Service C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
20:04:14.0173 0x0520 Disc Soft Ultra Bus Service - ok
20:04:14.0193 0x0520 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:04:14.0235 0x0520 discache - ok
20:04:14.0282 0x0520 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
20:04:14.0299 0x0520 Disk - ok
20:04:14.0325 0x0520 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:04:14.0350 0x0520 dmvsc - ok
20:04:14.0386 0x0520 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:04:14.0418 0x0520 Dnscache - ok
20:04:14.0447 0x0520 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:04:14.0492 0x0520 dot3svc - ok
20:04:14.0550 0x0520 [ 9597BCB69286FF017DB1A0FB8144408D, B477E4E7C3B49A77075B3165079E29FF1908C81E2BCCB930B47DCCF7DA5C417C ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
20:04:14.0573 0x0520 DozeSvc - ok
20:04:14.0594 0x0520 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:04:14.0638 0x0520 DPS - ok
20:04:14.0678 0x0520 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:04:14.0709 0x0520 drmkaud - ok
20:04:14.0751 0x0520 [ 96E7FBED116D3C598BF7E67F85ADCB41, 7EE7A501DEBC6ED932E36053D4232A6375BD386BDAFD17FFC4E538F853EFFC76 ] dtultrascsibus C:\Windows\system32\DRIVERS\dtultrascsibus.sys
20:04:14.0764 0x0520 dtultrascsibus - ok
20:04:14.0837 0x0520 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:04:14.0889 0x0520 DXGKrnl - ok
20:04:14.0921 0x0520 [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
20:04:14.0934 0x0520 DzHDD64 - ok
20:04:14.0973 0x0520 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E, 2B8FE69BFCE48CFD25E0B9FEBA0F15EE144F3565B5D208509FCF548DD2CC4EF7 ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
20:04:14.0998 0x0520 e1express - ok
20:04:15.0034 0x0520 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:04:15.0075 0x0520 EapHost - ok
20:04:15.0234 0x0520 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:04:15.0368 0x0520 ebdrv - ok
20:04:15.0414 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
20:04:15.0441 0x0520 EFS - ok
20:04:15.0519 0x0520 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:04:15.0581 0x0520 ehRecvr - ok
20:04:15.0598 0x0520 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:04:15.0619 0x0520 ehSched - ok
20:04:15.0674 0x0520 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:04:15.0707 0x0520 elxstor - ok
20:04:15.0721 0x0520 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:04:15.0747 0x0520 ErrDev - ok
20:04:15.0809 0x0520 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:04:15.0874 0x0520 EventSystem - ok
20:04:15.0921 0x0520 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:04:15.0964 0x0520 exfat - ok
20:04:15.0997 0x0520 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:04:16.0081 0x0520 fastfat - ok
20:04:16.0131 0x0520 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:04:16.0178 0x0520 Fax - ok
20:04:16.0208 0x0520 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
20:04:16.0230 0x0520 fdc - ok
20:04:16.0256 0x0520 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:04:16.0306 0x0520 fdPHost - ok
20:04:16.0330 0x0520 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:04:16.0369 0x0520 FDResPub - ok
20:04:16.0393 0x0520 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:04:16.0409 0x0520 FileInfo - ok
20:04:16.0421 0x0520 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:04:16.0464 0x0520 Filetrace - ok
20:04:16.0611 0x0520 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:04:16.0654 0x0520 FLEXnet Licensing Service - ok
20:04:16.0681 0x0520 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:04:16.0723 0x0520 flpydisk - ok
20:04:16.0764 0x0520 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:04:16.0801 0x0520 FltMgr - ok
20:04:16.0934 0x0520 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
20:04:17.0049 0x0520 FontCache - ok
20:04:17.0123 0x0520 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:04:17.0153 0x0520 FontCache3.0.0.0 - ok
20:04:17.0199 0x0520 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:04:17.0220 0x0520 FsDepends - ok
20:04:17.0269 0x0520 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:04:17.0295 0x0520 Fs_Rec - ok
20:04:17.0427 0x0520 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:04:17.0465 0x0520 fvevol - ok
20:04:17.0501 0x0520 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:04:17.0531 0x0520 gagp30kx - ok
20:04:17.0636 0x0520 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:04:17.0715 0x0520 gpsvc - ok
20:04:17.0863 0x0520 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:04:17.0881 0x0520 gupdate - ok
20:04:17.0901 0x0520 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:04:17.0913 0x0520 gupdatem - ok
20:04:17.0955 0x0520 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:04:18.0018 0x0520 hcw85cir - ok
20:04:18.0079 0x0520 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:04:18.0124 0x0520 HdAudAddService - ok
20:04:18.0208 0x0520 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:04:18.0233 0x0520 HDAudBus - ok
20:04:18.0262 0x0520 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:04:18.0293 0x0520 HidBatt - ok
20:04:18.0314 0x0520 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:04:18.0337 0x0520 HidBth - ok
20:04:18.0365 0x0520 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
20:04:18.0386 0x0520 HidIr - ok
20:04:18.0410 0x0520 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
20:04:18.0450 0x0520 hidserv - ok
20:04:18.0488 0x0520 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:04:18.0519 0x0520 HidUsb - ok
20:04:18.0545 0x0520 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:04:18.0584 0x0520 hkmsvc - ok
20:04:18.0621 0x0520 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:04:18.0658 0x0520 HomeGroupListener - ok
20:04:18.0686 0x0520 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:04:18.0708 0x0520 HomeGroupProvider - ok
20:04:18.0742 0x0520 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:04:18.0759 0x0520 HpSAMD - ok
20:04:18.0857 0x0520 [ E90D0E3D9715F3BEC7DB2D6321DDDEE8, 60102A7D454971A120CDDCFD30BDEBDD02ECEA981D723A59788AEF4E858BA828 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
20:04:18.0938 0x0520 HSF_DPV - ok
20:04:19.0009 0x0520 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:04:19.0072 0x0520 HTTP - ok
20:04:19.0093 0x0520 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:04:19.0107 0x0520 hwpolicy - ok
20:04:19.0126 0x0520 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:04:19.0146 0x0520 i8042prt - ok
20:04:19.0198 0x0520 [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:04:19.0218 0x0520 iaStor - ok
20:04:19.0265 0x0520 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:04:19.0292 0x0520 iaStorV - ok
20:04:19.0325 0x0520 [ A410235155EAC4D43262532B53F229E3, A4C40F513CB56BC11DCD40F8B5EDC0D575FD7503A04A72803AD324ECDB2282DD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:04:19.0339 0x0520 IBMPMDRV - ok
20:04:19.0355 0x0520 [ A0680FF223F055DE508E72B185A41484, 7FFB4F9B7F4395CFDF059D5744BDEACF91C70C08B6C399A17BDDA5610D879B15 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
20:04:19.0368 0x0520 IBMPMSVC - ok
20:04:19.0401 0x0520 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:04:19.0409 0x0520 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:04:21.0881 0x0520 Detect skipped due to KSN trusted
20:04:21.0881 0x0520 IDriverT - ok
20:04:22.0009 0x0520 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:04:22.0083 0x0520 idsvc - ok
20:04:22.0102 0x0520 IEEtwCollectorService - ok
20:04:22.0520 0x0520 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:04:22.0888 0x0520 igfx - ok
20:04:22.0939 0x0520 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:04:22.0954 0x0520 iirsp - ok
20:04:23.0016 0x0520 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:04:23.0064 0x0520 IKEEXT - ok
20:04:23.0102 0x0520 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:04:23.0117 0x0520 intelide - ok
20:04:23.0165 0x0520 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:04:23.0197 0x0520 intelppm - ok
20:04:23.0229 0x0520 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:04:23.0272 0x0520 IPBusEnum - ok
20:04:23.0298 0x0520 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:04:23.0338 0x0520 IpFilterDriver - ok
20:04:23.0394 0x0520 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:04:23.0442 0x0520 iphlpsvc - ok
20:04:23.0463 0x0520 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:04:23.0493 0x0520 IPMIDRV - ok
20:04:23.0513 0x0520 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:04:23.0557 0x0520 IPNAT - ok
20:04:23.0593 0x0520 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:04:23.0614 0x0520 IRENUM - ok
20:04:23.0633 0x0520 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:04:23.0647 0x0520 isapnp - ok
20:04:23.0684 0x0520 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:04:23.0708 0x0520 iScsiPrt - ok
20:04:23.0731 0x0520 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:04:23.0748 0x0520 kbdclass - ok
20:04:23.0772 0x0520 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:04:23.0790 0x0520 kbdhid - ok
20:04:23.0812 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
20:04:23.0831 0x0520 KeyIso - ok
20:04:23.0860 0x0520 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:04:23.0877 0x0520 KSecDD - ok
20:04:23.0894 0x0520 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:04:23.0913 0x0520 KSecPkg - ok
20:04:23.0940 0x0520 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:04:23.0981 0x0520 ksthunk - ok
20:04:24.0055 0x0520 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:04:24.0106 0x0520 KtmRm - ok
20:04:24.0140 0x0520 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:04:24.0198 0x0520 LanmanServer - ok
20:04:24.0240 0x0520 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:04:24.0283 0x0520 LanmanWorkstation - ok
20:04:24.0364 0x0520 [ A062A18F4F792534F898AEB3BD723D01, 4B620E9BBADAC69F4F116F19BA00B07E49F01DE0516A6091772E8515A8636B72 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
20:04:24.0380 0x0520 LENOVO.MICMUTE - ok
20:04:24.0409 0x0520 [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
20:04:24.0420 0x0520 lenovo.smi - ok
20:04:24.0453 0x0520 [ 606DA892A53FA863B67F8D3F8FF016A0, FB026285C07C8A77C1702698E40C2EA694B054C35C62E45C9A5C498BC94BAD49 ] LenovoRd C:\Windows\system32\Drivers\LenovoRd.sys
20:04:24.0480 0x0520 LenovoRd - ok
20:04:24.0520 0x0520 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:04:24.0560 0x0520 lltdio - ok
20:04:24.0601 0x0520 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:04:24.0650 0x0520 lltdsvc - ok
20:04:24.0683 0x0520 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:04:24.0724 0x0520 lmhosts - ok
20:04:24.0776 0x0520 [ 2808470E5E91D8838243D9045588C303, 4516559853EEEDD86260F4A1EFAD41190C00E5B5317DB3CF5C709DF207AE42A9 ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
20:04:24.0788 0x0520 LSCWinService - ok
20:04:24.0845 0x0520 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:04:24.0863 0x0520 LSI_FC - ok
20:04:24.0905 0x0520 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:04:24.0922 0x0520 LSI_SAS - ok
20:04:24.0958 0x0520 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:04:24.0975 0x0520 LSI_SAS2 - ok
20:04:25.0030 0x0520 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:04:25.0048 0x0520 LSI_SCSI - ok
20:04:25.0073 0x0520 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:04:25.0114 0x0520 luafv - ok
20:04:25.0145 0x0520 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:04:25.0167 0x0520 Mcx2Svc - ok
20:04:25.0181 0x0520 [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:04:25.0220 0x0520 mdmxsdk - ok
20:04:25.0237 0x0520 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
20:04:25.0253 0x0520 megasas - ok
20:04:25.0295 0x0520 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:04:25.0318 0x0520 MegaSR - ok
20:04:25.0350 0x0520 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:04:25.0390 0x0520 MMCSS - ok
20:04:25.0414 0x0520 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:04:25.0452 0x0520 Modem - ok
20:04:25.0477 0x0520 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:04:25.0496 0x0520 monitor - ok
20:04:25.0520 0x0520 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:04:25.0536 0x0520 mouclass - ok
20:04:25.0559 0x0520 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:04:25.0576 0x0520 mouhid - ok
20:04:25.0601 0x0520 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:04:25.0618 0x0520 mountmgr - ok
20:04:25.0659 0x0520 [ 5C2B2F10C847834C6DA4E680A4093BA3, 0222EBC8789765613184F47339A1DBD118ED209B72BC5565A8A7D4FB4CCF5418 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:04:25.0677 0x0520 MozillaMaintenance - ok
20:04:25.0697 0x0520 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:04:25.0717 0x0520 mpio - ok
20:04:25.0747 0x0520 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:04:25.0787 0x0520 mpsdrv - ok
20:04:25.0846 0x0520 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:04:25.0914 0x0520 MpsSvc - ok
20:04:25.0949 0x0520 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:04:25.0983 0x0520 MRxDAV - ok
20:04:26.0036 0x0520 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:04:26.0065 0x0520 mrxsmb - ok
20:04:26.0088 0x0520 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:04:26.0116 0x0520 mrxsmb10 - ok
20:04:26.0134 0x0520 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:04:26.0154 0x0520 mrxsmb20 - ok
20:04:26.0179 0x0520 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:04:26.0194 0x0520 msahci - ok
20:04:26.0232 0x0520 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:04:26.0251 0x0520 msdsm - ok
20:04:26.0272 0x0520 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:04:26.0294 0x0520 MSDTC - ok
20:04:26.0322 0x0520 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:04:26.0361 0x0520 Msfs - ok
20:04:26.0373 0x0520 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:04:26.0412 0x0520 mshidkmdf - ok
20:04:26.0428 0x0520 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:04:26.0443 0x0520 msisadrv - ok
20:04:26.0489 0x0520 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:04:26.0543 0x0520 MSiSCSI - ok
20:04:26.0548 0x0520 msiserver - ok
20:04:26.0578 0x0520 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:04:26.0617 0x0520 MSKSSRV - ok
20:04:26.0637 0x0520 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:04:26.0674 0x0520 MSPCLOCK - ok
20:04:26.0682 0x0520 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:04:26.0722 0x0520 MSPQM - ok
20:04:26.0764 0x0520 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:04:26.0790 0x0520 MsRPC - ok
20:04:26.0806 0x0520 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:04:26.0820 0x0520 mssmbios - ok
20:04:26.0825 0x0520 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:04:26.0864 0x0520 MSTEE - ok
20:04:26.0882 0x0520 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:04:26.0899 0x0520 MTConfig - ok
20:04:26.0919 0x0520 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:04:26.0935 0x0520 Mup - ok
20:04:26.0980 0x0520 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:04:27.0036 0x0520 napagent - ok
20:04:27.0098 0x0520 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:04:27.0130 0x0520 NativeWifiP - ok
20:04:27.0195 0x0520 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
20:04:27.0243 0x0520 NDIS - ok
20:04:27.0258 0x0520 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:04:27.0299 0x0520 NdisCap - ok
20:04:27.0318 0x0520 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:04:27.0358 0x0520 NdisTapi - ok
20:04:27.0385 0x0520 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:04:27.0436 0x0520 Ndisuio - ok
20:04:27.0470 0x0520 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:04:27.0513 0x0520 NdisWan - ok
20:04:27.0527 0x0520 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:04:27.0565 0x0520 NDProxy - ok
20:04:27.0589 0x0520 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:04:27.0628 0x0520 NetBIOS - ok
20:04:27.0650 0x0520 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:04:27.0696 0x0520 NetBT - ok
20:04:27.0730 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
20:04:27.0765 0x0520 Netlogon - ok
20:04:27.0808 0x0520 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:04:27.0858 0x0520 Netman - ok
20:04:27.0902 0x0520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:27.0942 0x0520 NetMsmqActivator - ok
20:04:27.0954 0x0520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:27.0973 0x0520 NetPipeActivator - ok
20:04:28.0037 0x0520 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:04:28.0091 0x0520 netprofm - ok
20:04:28.0106 0x0520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:28.0124 0x0520 NetTcpActivator - ok
20:04:28.0132 0x0520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:28.0151 0x0520 NetTcpPortSharing - ok
20:04:28.0400 0x0520 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:04:28.0679 0x0520 netw5v64 - ok
20:04:28.0727 0x0520 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:04:28.0743 0x0520 nfrd960 - ok
20:04:28.0778 0x0520 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:04:28.0817 0x0520 NlaSvc - ok
20:04:28.0837 0x0520 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:04:28.0878 0x0520 Npfs - ok
20:04:28.0904 0x0520 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:04:28.0944 0x0520 nsi - ok
20:04:28.0955 0x0520 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:04:28.0996 0x0520 nsiproxy - ok
20:04:29.0103 0x0520 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:04:29.0174 0x0520 Ntfs - ok
20:04:29.0203 0x0520 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:04:29.0242 0x0520 Null - ok
20:04:29.0754 0x0520 [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:04:30.0350 0x0520 nvlddmkm - ok
20:04:30.0435 0x0520 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:04:30.0455 0x0520 nvraid - ok
20:04:30.0482 0x0520 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:04:30.0502 0x0520 nvstor - ok
20:04:30.0571 0x0520 [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc C:\Windows\system32\nvvsvc.exe
20:04:30.0630 0x0520 nvsvc - ok
20:04:30.0660 0x0520 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:04:30.0679 0x0520 nv_agp - ok
20:04:30.0716 0x0520 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:04:30.0768 0x0520 ohci1394 - ok
20:04:30.0851 0x0520 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:04:30.0873 0x0520 ose - ok
20:04:31.0131 0x0520 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:04:31.0391 0x0520 osppsvc - ok
20:04:31.0444 0x0520 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:04:31.0495 0x0520 p2pimsvc - ok
20:04:31.0536 0x0520 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:04:31.0581 0x0520 p2psvc - ok
20:04:31.0613 0x0520 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
20:04:31.0635 0x0520 Parport - ok
20:04:31.0667 0x0520 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:04:31.0684 0x0520 partmgr - ok
20:04:31.0701 0x0520 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
20:04:31.0729 0x0520 PcaSvc - ok
20:04:31.0744 0x0520 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:04:31.0766 0x0520 pci - ok
20:04:31.0785 0x0520 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:04:31.0800 0x0520 pciide - ok
20:04:31.0824 0x0520 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:04:31.0847 0x0520 pcmcia - ok
20:04:31.0860 0x0520 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:04:31.0876 0x0520 pcw - ok
20:04:31.0917 0x0520 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:04:31.0989 0x0520 PEAUTH - ok
20:04:32.0084 0x0520 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:04:32.0161 0x0520 PeerDistSvc - ok
20:04:32.0245 0x0520 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:04:32.0263 0x0520 PerfHost - ok
20:04:32.0352 0x0520 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:04:32.0437 0x0520 pla - ok
20:04:32.0491 0x0520 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:04:32.0545 0x0520 PlugPlay - ok
20:04:32.0576 0x0520 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:04:32.0603 0x0520 PNRPAutoReg - ok
20:04:32.0635 0x0520 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:04:32.0660 0x0520 PNRPsvc - ok
20:04:32.0706 0x0520 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:04:32.0764 0x0520 PolicyAgent - ok
20:04:32.0807 0x0520 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
20:04:32.0852 0x0520 Power - ok
20:04:32.0968 0x0520 [ D47E74C5D68F28CDF90486C4B297A4EB, 71CDF87AB64F35D3F261E73414C188B808CEF6E073CB0AF5783E7BBAD52CCB43 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
20:04:33.0048 0x0520 Power Manager DBC Service - ok
20:04:33.0103 0x0520 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:04:33.0144 0x0520 PptpMiniport - ok
20:04:33.0166 0x0520 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
20:04:33.0186 0x0520 Processor - ok
20:04:33.0220 0x0520 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
20:04:33.0252 0x0520 ProfSvc - ok
20:04:33.0270 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:04:33.0289 0x0520 ProtectedStorage - ok
20:04:33.0317 0x0520 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:04:33.0361 0x0520 Psched - ok
20:04:33.0461 0x0520 [ 88831D5178E82C77BEA028761293E695, C29434D66AA82A2941A5A683D0F10D2B61D732BD96E5A3AFB2BD7D550A36E1D7 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
20:04:33.0528 0x0520 PwmEWSvc - ok
20:04:33.0625 0x0520 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:04:33.0693 0x0520 ql2300 - ok
20:04:33.0722 0x0520 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:04:33.0741 0x0520 ql40xx - ok
20:04:33.0778 0x0520 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:04:33.0810 0x0520 QWAVE - ok
20:04:33.0823 0x0520 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:04:33.0847 0x0520 QWAVEdrv - ok
20:04:33.0873 0x0520 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:04:33.0913 0x0520 RasAcd - ok
20:04:33.0943 0x0520 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:04:33.0993 0x0520 RasAgileVpn - ok
20:04:34.0015 0x0520 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:04:34.0060 0x0520 RasAuto - ok
20:04:34.0075 0x0520 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:04:34.0118 0x0520 Rasl2tp - ok
20:04:34.0146 0x0520 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:04:34.0197 0x0520 RasMan - ok
20:04:34.0211 0x0520 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:04:34.0254 0x0520 RasPppoe - ok
20:04:34.0277 0x0520 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:04:34.0344 0x0520 RasSstp - ok
20:04:34.0368 0x0520 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:04:34.0417 0x0520 rdbss - ok
20:04:34.0446 0x0520 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:04:34.0466 0x0520 rdpbus - ok
20:04:34.0484 0x0520 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:04:34.0524 0x0520 RDPCDD - ok
20:04:34.0549 0x0520 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:04:34.0579 0x0520 RDPDR - ok
20:04:34.0600 0x0520 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:04:34.0641 0x0520 RDPENCDD - ok
20:04:34.0654 0x0520 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:04:34.0704 0x0520 RDPREFMP - ok
20:04:34.0739 0x0520 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:04:34.0766 0x0520 RdpVideoMiniport - ok
20:04:34.0798 0x0520 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:04:34.0854 0x0520 RDPWD - ok
20:04:34.0906 0x0520 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:04:34.0927 0x0520 rdyboost - ok
20:04:34.0958 0x0520 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:04:35.0012 0x0520 RemoteAccess - ok
20:04:35.0054 0x0520 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:04:35.0109 0x0520 RemoteRegistry - ok
20:04:35.0151 0x0520 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:04:35.0178 0x0520 RFCOMM - ok
20:04:35.0207 0x0520 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF, A0F6D5C912FE5FF3E3F3826F14D42D6B8219B109A04CEC30BDDF8A05FE22902E ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
20:04:35.0236 0x0520 rismxdp - ok
20:04:35.0253 0x0520 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:04:35.0296 0x0520 RpcEptMapper - ok
20:04:35.0325 0x0520 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:04:35.0344 0x0520 RpcLocator - ok
20:04:35.0404 0x0520 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:04:35.0498 0x0520 RpcSs - ok
20:04:35.0578 0x0520 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:04:35.0680 0x0520 rspndr - ok
20:04:35.0752 0x0520 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:04:35.0844 0x0520 s3cap - ok
20:04:35.0862 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
20:04:35.0890 0x0520 SamSs - ok
20:04:35.0911 0x0520 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:04:35.0928 0x0520 sbp2port - ok
20:04:35.0967 0x0520 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:04:36.0017 0x0520 SCardSvr - ok
20:04:36.0035 0x0520 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:04:36.0078 0x0520 scfilter - ok
20:04:36.0139 0x0520 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
20:04:36.0237 0x0520 Schedule - ok
20:04:36.0270 0x0520 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:04:36.0314 0x0520 SCPolicySvc - ok
20:04:36.0349 0x0520 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:04:36.0398 0x0520 sdbus - ok
20:04:36.0438 0x0520 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:04:36.0498 0x0520 SDRSVC - ok
20:04:36.0548 0x0520 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:04:36.0615 0x0520 secdrv - ok
20:04:36.0629 0x0520 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:04:36.0708 0x0520 seclogon - ok
20:04:36.0742 0x0520 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
20:04:36.0794 0x0520 SENS - ok
20:04:36.0818 0x0520 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:04:36.0891 0x0520 SensrSvc - ok
20:04:36.0926 0x0520 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:04:36.0945 0x0520 Serenum - ok
20:04:37.0020 0x0520 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
20:04:37.0045 0x0520 Serial - ok
20:04:37.0098 0x0520 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:04:37.0115 0x0520 sermouse - ok
20:04:37.0156 0x0520 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:04:37.0202 0x0520 SessionEnv - ok
20:04:37.0218 0x0520 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:04:37.0239 0x0520 sffdisk - ok
20:04:37.0258 0x0520 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:04:37.0290 0x0520 sffp_mmc - ok
20:04:37.0315 0x0520 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:04:37.0346 0x0520 sffp_sd - ok
20:04:37.0361 0x0520 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:04:37.0380 0x0520 sfloppy - ok
20:04:37.0420 0x0520 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:04:37.0472 0x0520 SharedAccess - ok
20:04:37.0506 0x0520 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:04:37.0558 0x0520 ShellHWDetection - ok
20:04:37.0585 0x0520 [ 21144BECAEC1012FF0F6C6C1D6177232, 4ACDC8B9F2EB862F440A7C1D31FEC9A13386DEA50D9B98EAB5FC311BC8FF0065 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
20:04:37.0604 0x0520 Shockprf - ok
20:04:37.0625 0x0520 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:04:37.0641 0x0520 SiSRaid2 - ok
20:04:37.0680 0x0520 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:04:37.0698 0x0520 SiSRaid4 - ok
20:04:37.0732 0x0520 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:04:37.0775 0x0520 Smb - ok
20:04:37.0818 0x0520 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:04:37.0837 0x0520 SNMPTRAP - ok
20:04:37.0849 0x0520 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:04:37.0865 0x0520 spldr - ok
20:04:37.0911 0x0520 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
20:04:37.0957 0x0520 Spooler - ok
20:04:38.0119 0x0520 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:04:38.0302 0x0520 sppsvc - ok
20:04:38.0339 0x0520 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:04:38.0382 0x0520 sppuinotify - ok
20:04:38.0425 0x0520 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:04:38.0469 0x0520 srv - ok
20:04:38.0500 0x0520 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:04:38.0529 0x0520 srv2 - ok
20:04:38.0575 0x0520 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:04:38.0601 0x0520 SrvHsfHDA - ok
20:04:38.0684 0x0520 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:04:38.0753 0x0520 SrvHsfV92 - ok
20:04:38.0802 0x0520 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:04:38.0846 0x0520 SrvHsfWinac - ok
20:04:38.0876 0x0520 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:04:38.0910 0x0520 srvnet - ok
20:04:38.0947 0x0520 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:04:39.0007 0x0520 SSDPSRV - ok
20:04:39.0037 0x0520 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:04:39.0080 0x0520 SstpSvc - ok
20:04:39.0112 0x0520 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:04:39.0128 0x0520 stexstor - ok
20:04:39.0180 0x0520 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:04:39.0224 0x0520 stisvc - ok
20:04:39.0244 0x0520 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:04:39.0259 0x0520 storflt - ok
20:04:39.0299 0x0520 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:04:39.0314 0x0520 storvsc - ok
20:04:39.0414 0x0520 [ F07850E89839894F731E4562B64E08A5, BF11E096E1CC57B57FFB4E0528DB43F6B049A7E8A0C00C34E03A00EF2F2092B6 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
20:04:39.0426 0x0520 SUService - ok
20:04:39.0441 0x0520 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:04:39.0456 0x0520 swenum - ok
20:04:39.0503 0x0520 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:04:39.0563 0x0520 swprv - ok
20:04:39.0582 0x0520 [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
20:04:39.0599 0x0520 Synth3dVsc - ok
20:04:39.0653 0x0520 [ AEAE48AF681BAF5904608FF5D84E3C9C, 39B362E9E64A43B9AF5CCE2E704CCAE5E10B5BA0B45E535098BC0E40A4F772A8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:04:39.0682 0x0520 SynTP - ok
20:04:39.0782 0x0520 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
20:04:39.0863 0x0520 SysMain - ok
20:04:39.0885 0x0520 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:04:39.0912 0x0520 TabletInputService - ok
20:04:39.0939 0x0520 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:04:39.0989 0x0520 TapiSrv - ok
20:04:40.0045 0x0520 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:04:40.0089 0x0520 TBS - ok
20:04:40.0188 0x0520 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:04:40.0278 0x0520 Tcpip - ok
20:04:40.0359 0x0520 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:04:40.0431 0x0520 TCPIP6 - ok
20:04:40.0460 0x0520 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:04:40.0477 0x0520 tcpipreg - ok
20:04:40.0509 0x0520 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:04:40.0535 0x0520 TDPIPE - ok
20:04:40.0558 0x0520 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:04:40.0575 0x0520 TDTCP - ok
20:04:40.0617 0x0520 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:04:40.0653 0x0520 tdx - ok
20:04:40.0687 0x0520 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:04:40.0703 0x0520 TermDD - ok
20:04:40.0736 0x0520 [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt C:\Windows\system32\drivers\terminpt.sys
20:04:40.0767 0x0520 terminpt - ok
20:04:40.0834 0x0520 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
20:04:40.0889 0x0520 TermService - ok
20:04:40.0918 0x0520 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:04:40.0942 0x0520 Themes - ok
20:04:40.0974 0x0520 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:04:41.0024 0x0520 THREADORDER - ok
20:04:41.0047 0x0520 [ 8CC4CABFC4D35B61ABF596CE024C438C, 674BC35916AE4D0C425D9F0A4473335408499B06BCEF8AF64DF724D44FB310C5 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
20:04:41.0060 0x0520 TPDIGIMN - ok
20:04:41.0080 0x0520 [ 25AD1E90D51382173D49F55963B59C64, 84CE25338E1CE78037488160B204392FD85EBB1F3E4CD636F60FDB2E24839D9B ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
20:04:41.0097 0x0520 TPHDEXLGSVC - ok
20:04:41.0175 0x0520 [ 6FE3085AB39EA391FCABE7275C8A380C, A3BBD17237D29BE9C11E1CA15C89028218ECAEB5E1151047D12957CEB7F434E2 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
20:04:41.0190 0x0520 TPHKLOAD - ok
20:04:41.0204 0x0520 [ F7B2314456B1676777AA9FFEF6776B45, FC6B4909BB698BC9EC151EC68357F1C27725E8F0AF8074338FD9502B1DEBCD0B ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:04:41.0220 0x0520 TPHKSVC - ok
20:04:41.0254 0x0520 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
20:04:41.0272 0x0520 TPM - ok
20:04:41.0311 0x0520 [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
20:04:41.0331 0x0520 TPPWRIF - ok
20:04:41.0359 0x0520 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:04:41.0405 0x0520 TrkWks - ok
20:04:41.0453 0x0520 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:04:41.0498 0x0520 TrustedInstaller - ok
20:04:41.0533 0x0520 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:04:41.0551 0x0520 tssecsrv - ok
20:04:41.0596 0x0520 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:04:41.0627 0x0520 TsUsbFlt - ok
20:04:41.0659 0x0520 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:04:41.0694 0x0520 TsUsbGD - ok
20:04:41.0730 0x0520 [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
20:04:41.0766 0x0520 tsusbhub - ok
20:04:41.0803 0x0520 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:04:41.0854 0x0520 tunnel - ok
20:04:41.0872 0x0520 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:04:41.0892 0x0520 uagp35 - ok
20:04:41.0922 0x0520 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:04:41.0980 0x0520 udfs - ok
20:04:42.0030 0x0520 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:04:42.0050 0x0520 UI0Detect - ok
20:04:42.0097 0x0520 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:04:42.0113 0x0520 uliagpkx - ok
20:04:42.0143 0x0520 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:04:42.0162 0x0520 umbus - ok
20:04:42.0181 0x0520 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
20:04:42.0198 0x0520 UmPass - ok
20:04:42.0226 0x0520 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
20:04:42.0250 0x0520 UmRdpService - ok
20:04:42.0275 0x0520 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:04:42.0332 0x0520 upnphost - ok
20:04:42.0365 0x0520 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
20:04:42.0398 0x0520 usbccgp - ok
20:04:42.0437 0x0520 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:04:42.0474 0x0520 usbcir - ok
20:04:42.0500 0x0520 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:04:42.0518 0x0520 usbehci - ok
20:04:42.0571 0x0520 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:04:42.0636 0x0520 usbhub - ok
20:04:42.0676 0x0520 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:04:42.0694 0x0520 usbohci - ok
20:04:42.0750 0x0520 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:04:42.0775 0x0520 usbprint - ok
20:04:42.0804 0x0520 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:04:42.0851 0x0520 USBSTOR - ok
20:04:42.0886 0x0520 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:04:42.0923 0x0520 usbuhci - ok
20:04:42.0971 0x0520 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:04:43.0120 0x0520 usbvideo - ok
20:04:43.0158 0x0520 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:04:43.0208 0x0520 UxSms - ok
20:04:43.0236 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
20:04:43.0345 0x0520 VaultSvc - ok
20:04:43.0375 0x0520 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:04:43.0393 0x0520 vdrvroot - ok
20:04:43.0441 0x0520 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:04:43.0518 0x0520 vds - ok
20:04:43.0546 0x0520 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:04:43.0573 0x0520 vga - ok
20:04:43.0606 0x0520 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:04:43.0695 0x0520 VgaSave - ok
20:04:43.0711 0x0520 VGPU - ok
20:04:43.0741 0x0520 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:04:43.0764 0x0520 vhdmp - ok
20:04:43.0793 0x0520 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:04:43.0809 0x0520 viaide - ok
20:04:43.0843 0x0520 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:04:43.0865 0x0520 vmbus - ok
20:04:43.0888 0x0520 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:04:43.0916 0x0520 VMBusHID - ok
20:04:43.0973 0x0520 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:04:44.0028 0x0520 volmgr - ok
20:04:44.0068 0x0520 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:04:44.0105 0x0520 volmgrx - ok
20:04:44.0136 0x0520 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:04:44.0172 0x0520 volsnap - ok
20:04:44.0199 0x0520 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:04:44.0222 0x0520 vsmraid - ok
20:04:44.0356 0x0520 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:04:44.0470 0x0520 VSS - ok
20:04:44.0949 0x0520 [ 47A543ECF4D8D1BA5E5DC8F7EF08BF91, 9831953754C7E4E980FAFEE652F6CC91589BE09DACE20EB2B1FBF5ECFFA89A28 ] vToolbarUpdater18.4.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
20:04:45.0084 0x0520 vToolbarUpdater18.4.0 - ok
20:04:45.0117 0x0520 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:04:45.0153 0x0520 vwifibus - ok
20:04:45.0195 0x0520 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:04:45.0220 0x0520 vwififlt - ok
20:04:45.0315 0x0520 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:04:45.0434 0x0520 W32Time - ok
20:04:45.0461 0x0520 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:04:45.0494 0x0520 WacomPen - ok
20:04:45.0550 0x0520 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:04:45.0593 0x0520 WANARP - ok
20:04:45.0599 0x0520 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:04:45.0653 0x0520 Wanarpv6 - ok
20:04:45.0845 0x0520 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:04:45.0945 0x0520 wbengine - ok
20:04:45.0997 0x0520 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:04:46.0040 0x0520 WbioSrvc - ok
20:04:46.0081 0x0520 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:04:46.0179 0x0520 wcncsvc - ok
20:04:46.0207 0x0520 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:04:46.0278 0x0520 WcsPlugInService - ok
20:04:46.0319 0x0520 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
20:04:46.0336 0x0520 Wd - ok
20:04:46.0408 0x0520 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:04:46.0459 0x0520 Wdf01000 - ok
20:04:46.0509 0x0520 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:04:46.0541 0x0520 WdiServiceHost - ok
20:04:46.0549 0x0520 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:04:46.0572 0x0520 WdiSystemHost - ok
20:04:46.0606 0x0520 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
20:04:46.0668 0x0520 WebClient - ok
20:04:46.0705 0x0520 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:04:46.0756 0x0520 Wecsvc - ok
20:04:46.0774 0x0520 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:04:46.0819 0x0520 wercplsupport - ok
20:04:46.0855 0x0520 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:04:46.0907 0x0520 WerSvc - ok
20:04:46.0926 0x0520 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:04:46.0970 0x0520 WfpLwf - ok
20:04:47.0006 0x0520 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:04:47.0024 0x0520 WIMMount - ok
20:04:47.0082 0x0520 [ 057B062CF9A11E04DB45B8C3AFC28B11, 9D1617F79BFBE4608BF69AB84B5FCC5CCFC039EDF9748D12322E593127B1D5CC ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:04:47.0137 0x0520 winachsf - ok
20:04:47.0167 0x0520 WinDefend - ok
20:04:47.0188 0x0520 WinHttpAutoProxySvc - ok
20:04:47.0251 0x0520 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:04:47.0304 0x0520 Winmgmt - ok
20:04:47.0410 0x0520 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
20:04:47.0526 0x0520 WinRM - ok
20:04:47.0580 0x0520 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:04:47.0602 0x0520 WinUsb - ok
20:04:47.0665 0x0520 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:04:47.0728 0x0520 Wlansvc - ok
20:04:47.0758 0x0520 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:04:47.0787 0x0520 WmiAcpi - ok
20:04:47.0821 0x0520 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:04:47.0846 0x0520 wmiApSrv - ok
20:04:47.0874 0x0520 WMPNetworkSvc - ok
20:04:47.0895 0x0520 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:04:47.0926 0x0520 WPCSvc - ok
20:04:47.0941 0x0520 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:04:47.0969 0x0520 WPDBusEnum - ok
20:04:47.0981 0x0520 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:04:48.0025 0x0520 ws2ifsl - ok
20:04:48.0044 0x0520 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
20:04:48.0074 0x0520 wscsvc - ok
20:04:48.0079 0x0520 WSearch - ok
20:04:48.0210 0x0520 [ FFD80DC0CDA145C3376A5076360162C8, 2DA34929DC416164A001B7C711D7CF1046FAE53F8B31697F3EC4AF75C45163E5 ] WtuSystemSupport C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
20:04:48.0256 0x0520 WtuSystemSupport - ok
20:04:48.0671 0x0520 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
20:04:48.0860 0x0520 wuauserv - ok
20:04:48.0908 0x0520 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:04:48.0965 0x0520 WudfPf - ok
20:04:49.0024 0x0520 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:04:49.0083 0x0520 WUDFRd - ok
20:04:49.0121 0x0520 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:04:49.0154 0x0520 wudfsvc - ok
20:04:49.0219 0x0520 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:04:49.0284 0x0520 WwanSvc - ok
20:04:49.0375 0x0520 [ 638C99D993AFAB0E1FAB226E2BBE6D79, 2EED237A65D6440804524DC349D74A4AC36837592B86631A6A6469BDA7F67F19 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
20:04:49.0401 0x0520 XAudio - ok
20:04:49.0449 0x0520 [ 3E775F0BD28DDEFF53D78578B97A3CFF, 19A808CA7810420FB56C3722ADB557E04820CCF2009AB5A5C72666763B08F7B1 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
20:04:49.0488 0x0520 XAudioService - ok
20:04:49.0526 0x0520 ================ Scan global ===============================
20:04:49.0552 0x0520 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:04:49.0590 0x0520 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:04:49.0613 0x0520 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:04:49.0637 0x0520 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:04:49.0679 0x0520 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:04:49.0690 0x0520 [ Global ] - ok
20:04:49.0691 0x0520 ================ Scan MBR ==================================
20:04:49.0702 0x0520 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:04:50.0477 0x0520 \Device\Harddisk0\DR0 - ok
20:04:50.0477 0x0520 ================ Scan VBR ==================================
20:04:50.0481 0x0520 [ E20E8D76A1410B1D1EA7E21E8AFA7F33 ] \Device\Harddisk0\DR0\Partition1
20:04:50.0483 0x0520 \Device\Harddisk0\DR0\Partition1 - ok
20:04:50.0497 0x0520 [ FC78DDC43CC61BF6763AF1B6E5CC5499 ] \Device\Harddisk0\DR0\Partition2
20:04:50.0499 0x0520 \Device\Harddisk0\DR0\Partition2 - ok
20:04:50.0521 0x0520 [ 0A05698394C0C986A041245FB58B2B60 ] \Device\Harddisk0\DR0\Partition3
20:04:50.0523 0x0520 \Device\Harddisk0\DR0\Partition3 - ok
20:04:50.0524 0x0520 ================ Scan generic autorun ======================
20:04:50.0557 0x0520 [ 747A1B5CF84312898E836D60EB0D0D7D, 3734A74A1FB734E690E8C2263FA41F77B250C5E497E92B1BB1AB620D3B7511E0 ] C:\Windows\system32\TpShocks.exe
20:04:50.0585 0x0520 TpShocks - ok
20:04:50.0640 0x0520 [ 142A09BC16E53D2A51F75FEABB5B7154, 9D6109349411AFEF30A0032A93B90639DC44807AAEE371B431EF1FAA6BEE0E3C ] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
20:04:50.0656 0x0520 AcWin7Hlpr - ok
20:04:50.0660 0x0520 SynTPEnh - ok
20:04:50.0855 0x0520 [ FD28C482645DB5918D918A94A9A87682, 6BE5B1E00A66CF690897FBB7CFC04B0DDA3665FE84CACDB888B8DE874DA35D3A ] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
20:04:50.0961 0x0520 nwiz - ok
20:04:51.0195 0x0520 [ 9DB4F8D6F900D0511CC216783C7F7D48, 63FD23A41C26186302104B9752EFEC91FDCB7AEF68ECC4956809F5009B6A65C5 ] C:\Program Files (x86)\AVG\AVG2015\avgui.exe
20:04:51.0303 0x0520 AVG_UI - ok
20:04:51.0428 0x0520 [ AFD15F701B550037FFDDE6B18171479D, 38C049529611653832944B9A624BA9E336E0AFE668CEDD95BDAF550A9605ADF5 ] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
20:04:51.0497 0x0520 SoundMAXPnP - ok
20:04:51.0504 0x0520 PWMTRV - ok
20:04:51.0596 0x0520 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:04:51.0682 0x0520 Sidebar - ok
20:04:51.0712 0x0520 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:04:51.0751 0x0520 mctadmin - ok
20:04:51.0791 0x0520 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:04:51.0842 0x0520 Sidebar - ok
20:04:51.0852 0x0520 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:04:51.0883 0x0520 mctadmin - ok
20:04:52.0075 0x0520 [ 3AC24F892E6CC38BA4A1767F6489ABAF, 44F369567C4FD0D935F6D5C5C276ED0D5800036724943D0622BA408F870CE38F ] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe
20:04:52.0279 0x0520 DAEMON Tools Ultra Agent - ok
20:04:52.0289 0x0520 Waiting for KSN requests completion. In queue: 101
20:04:53.0289 0x0520 Waiting for KSN requests completion. In queue: 101
20:04:54.0289 0x0520 Waiting for KSN requests completion. In queue: 101
20:04:55.0360 0x0520 AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5646 ), 0x41000 ( enabled : updated )
20:04:55.0433 0x0520 Win FW state via NFP2: enabled
20:04:57.0923 0x0520 ============================================================
20:04:57.0923 0x0520 Scan finished
20:04:57.0923 0x0520 ============================================================
20:04:57.0937 0x1600 Detected object count: 0
20:04:57.0937 0x1600 Actual detected object count: 0
|
|
03.03.2015, 21:08
| #4 |
| | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet und hier noch der Inhalt der TDSSKiller Textdatei: Code:
ATTFilter 20:02:48.0433 0x1568 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:03:12.0038 0x1568 ============================================================
20:03:12.0038 0x1568 Current date / time: 2015/03/03 20:03:12.0038
20:03:12.0038 0x1568 SystemInfo:
20:03:12.0038 0x1568
20:03:12.0038 0x1568 OS Version: 6.1.7601 ServicePack: 1.0
20:03:12.0038 0x1568 Product type: Workstation
20:03:12.0039 0x1568 ComputerName: KOMPUTTA
20:03:12.0039 0x1568 UserName: Benny
20:03:12.0039 0x1568 Windows directory: C:\Windows
20:03:12.0039 0x1568 System windows directory: C:\Windows
20:03:12.0039 0x1568 Running under WOW64
20:03:12.0039 0x1568 Processor architecture: Intel x64
20:03:12.0039 0x1568 Number of processors: 2
20:03:12.0039 0x1568 Page size: 0x1000
20:03:12.0039 0x1568 Boot type: Normal boot
20:03:12.0039 0x1568 ============================================================
20:03:14.0676 0x1568 KLMD registered as C:\Windows\system32\drivers\92935773.sys
20:03:15.0217 0x1568 System UUID: {56737458-9208-F6B3-1C6B-C3C51A8E79EE}
20:03:15.0792 0x1568 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 ( 93.16 Gb ), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:03:15.0802 0x1568 ============================================================
20:03:15.0802 0x1568 \Device\Harddisk0\DR0:
20:03:15.0802 0x1568 MBR partitions:
20:03:15.0802 0x1568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:03:15.0802 0x1568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4DEE000
20:03:15.0802 0x1568 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4E20800, BlocksNum 0x6C31000
20:03:15.0802 0x1568 ============================================================
20:03:15.0825 0x1568 C: <-> \Device\Harddisk0\DR0\Partition2
20:03:15.0865 0x1568 D: <-> \Device\Harddisk0\DR0\Partition3
20:03:15.0865 0x1568 ============================================================
20:03:15.0865 0x1568 Initialize success
20:03:15.0865 0x1568 ============================================================
20:03:47.0133 0x0520 ============================================================
20:03:47.0133 0x0520 Scan started
20:03:47.0133 0x0520 Mode: Manual; SigCheck; TDLFS;
20:03:47.0133 0x0520 ============================================================
20:03:47.0133 0x0520 KSN ping started
20:04:04.0060 0x0520 KSN ping finished: true
20:04:06.0354 0x0520 ================ Scan system memory ========================
20:04:06.0354 0x0520 System memory - ok
20:04:06.0354 0x0520 ================ Scan services =============================
20:04:06.0549 0x0520 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:04:06.0658 0x0520 1394ohci - ok
20:04:06.0704 0x0520 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:04:06.0729 0x0520 ACPI - ok
20:04:06.0754 0x0520 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:04:06.0847 0x0520 AcpiPmi - ok
20:04:06.0944 0x0520 [ 6C4B9E202A497782070CE383CBD5D737, DE09569366AF09314BF75D024F36D30C17D1C36D330855A84E669F366163E780 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
20:04:06.0961 0x0520 AcPrfMgrSvc - ok
20:04:07.0017 0x0520 [ B3BF04C7E3E4FB0925BB4F8422763A3D, 77E5205D67167B8E00A7AFC6A78ACCDF5FE6EE8854166CF853DEEC260E87E58E ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
20:04:07.0037 0x0520 AcSvc - ok
20:04:07.0100 0x0520 [ 560649E6A9C11F6124F97310EF387C45, 6F6E0467BBBBA2D67E050C5730D66032A6265049A1B77C27C470D1F928F16166 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
20:04:07.0163 0x0520 ADIHdAudAddService - ok
20:04:07.0289 0x0520 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:04:07.0347 0x0520 AdobeARMservice - ok
20:04:07.0427 0x0520 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:04:07.0458 0x0520 adp94xx - ok
20:04:07.0501 0x0520 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:04:07.0526 0x0520 adpahci - ok
20:04:07.0548 0x0520 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:04:07.0568 0x0520 adpu320 - ok
20:04:07.0604 0x0520 [ 3BDB13C79CC8C06E2F8182595903ED69, 9E00D6649E862DE6812718B091C350E05A2C5C4D28DE8E05E3DD1F789A04EE96 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
20:04:07.0620 0x0520 AEADIFilters - ok
20:04:07.0643 0x0520 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:04:07.0683 0x0520 AeLookupSvc - ok
20:04:07.0732 0x0520 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
20:04:07.0781 0x0520 AFD - ok
20:04:07.0824 0x0520 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:04:07.0840 0x0520 agp440 - ok
20:04:07.0861 0x0520 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:04:07.0930 0x0520 ALG - ok
20:04:07.0972 0x0520 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:04:07.0997 0x0520 aliide - ok
20:04:08.0042 0x0520 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:04:08.0056 0x0520 amdide - ok
20:04:08.0101 0x0520 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:04:08.0119 0x0520 AmdK8 - ok
20:04:08.0136 0x0520 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:04:08.0154 0x0520 AmdPPM - ok
20:04:08.0188 0x0520 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:04:08.0206 0x0520 amdsata - ok
20:04:08.0225 0x0520 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:04:08.0246 0x0520 amdsbs - ok
20:04:08.0268 0x0520 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:04:08.0282 0x0520 amdxata - ok
20:04:08.0317 0x0520 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
20:04:08.0456 0x0520 AppID - ok
20:04:08.0482 0x0520 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:04:08.0534 0x0520 AppIDSvc - ok
20:04:08.0572 0x0520 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
20:04:08.0602 0x0520 Appinfo - ok
20:04:08.0636 0x0520 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
20:04:08.0667 0x0520 AppMgmt - ok
20:04:08.0709 0x0520 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
20:04:08.0725 0x0520 arc - ok
20:04:08.0742 0x0520 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:04:08.0758 0x0520 arcsas - ok
20:04:08.0873 0x0520 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:04:08.0905 0x0520 aspnet_state - ok
20:04:08.0946 0x0520 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:04:08.0986 0x0520 AsyncMac - ok
20:04:09.0039 0x0520 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:04:09.0053 0x0520 atapi - ok
20:04:09.0066 0x0520 athr - ok
20:04:09.0122 0x0520 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:04:09.0172 0x0520 AudioEndpointBuilder - ok
20:04:09.0197 0x0520 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:04:09.0228 0x0520 AudioSrv - ok
20:04:09.0283 0x0520 [ 54FE1CAFA3B3029B282E6A05EA672031, E972B8A22322FF06903A1E3AB20585E02A21C3A6EA9A75C172231494A08D14D1 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
20:04:09.0319 0x0520 Avgdiska - ok
20:04:09.0534 0x0520 [ 2568C3B3A5B58D04CE89A37C12576B73, D7178D0E780071C9C8B2917B873F2ED105890DFB87472B377B5A8C2EC1E3F0D0 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
20:04:09.0665 0x0520 AVGIDSAgent - ok
20:04:09.0723 0x0520 [ A3124AC9C0AF30ABD000A7CB5779C101, 1719EE6986FC29EE4EA383B2DAF4CAF9C1E70A1F547F75F8D51EDA027D3E5236 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:04:09.0744 0x0520 AVGIDSDriver - ok
20:04:09.0783 0x0520 [ 68070AEEE757ACC6EC5BC291B1E8EA1A, 8A4902CE6F4696F33CD6CF98F96FDA7895B99A676916F3137CF34192AF3C25A4 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
20:04:09.0806 0x0520 AVGIDSHA - ok
20:04:09.0825 0x0520 [ 7C9E8FD2BFCE60BDF9B5944C0BE47C87, 0F51507BAECDEF7B6F553066621A03832FF070EC6837A8E304AABA1227F779BF ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
20:04:09.0846 0x0520 Avgldx64 - ok
20:04:09.0886 0x0520 [ 734DCC05A7F327FDCE43A18BA011FD4E, E5245314E60D86911A6A9FC1FE4A0C0D0284D972CE642C28B9B1A43D1553AFA5 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
20:04:09.0908 0x0520 Avgloga - ok
20:04:09.0936 0x0520 [ B4D589C734D796B5B76E0A0E5DA50397, CACAB2C0D01583CEB55C62334A4E9BB46A2E399BE9B7EDC988AEC785DF1FCC1C ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
20:04:09.0969 0x0520 Avgmfx64 - ok
20:04:10.0043 0x0520 [ 3CE824D46BA1871713ABF147E6BAD556, B4D8AFC388BE06D6E3C5CDC865F80FF101E731E1D2B221FFC6C1E28487E1B3CD ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
20:04:10.0057 0x0520 Avgrkx64 - ok
20:04:10.0083 0x0520 [ 0BB7ECAC81554D83A66A0B9F961BB9D0, BBCE86FE8980E06F5A92E8636D6D3F2FD7B6EF7DB999BBEB0E68A5FCB220EDC9 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
20:04:10.0105 0x0520 Avgtdia - ok
20:04:10.0154 0x0520 [ 9B3B23AF6396FCC8899F0214A27EE49A, 187D8D2726891000702A4FAFDE9DFF1750F8B9C7EDE474547177E1213E0CCAF7 ] avgwd C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
20:04:10.0176 0x0520 avgwd - ok
20:04:10.0222 0x0520 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:04:10.0294 0x0520 AxInstSV - ok
20:04:10.0352 0x0520 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:04:10.0394 0x0520 b06bdrv - ok
20:04:10.0429 0x0520 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:04:10.0465 0x0520 b57nd60a - ok
20:04:10.0504 0x0520 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:04:10.0533 0x0520 BDESVC - ok
20:04:10.0569 0x0520 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:04:10.0607 0x0520 Beep - ok
20:04:10.0662 0x0520 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:04:10.0713 0x0520 BFE - ok
20:04:10.0772 0x0520 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
20:04:10.0850 0x0520 BITS - ok
20:04:10.0877 0x0520 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:04:10.0894 0x0520 blbdrive - ok
20:04:10.0931 0x0520 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:04:10.0973 0x0520 bowser - ok
20:04:11.0036 0x0520 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:04:11.0056 0x0520 BrFiltLo - ok
20:04:11.0074 0x0520 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:04:11.0106 0x0520 BrFiltUp - ok
20:04:11.0141 0x0520 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:04:11.0170 0x0520 Browser - ok
20:04:11.0197 0x0520 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:04:11.0238 0x0520 Brserid - ok
20:04:11.0267 0x0520 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:04:11.0286 0x0520 BrSerWdm - ok
20:04:11.0313 0x0520 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:04:11.0333 0x0520 BrUsbMdm - ok
20:04:11.0344 0x0520 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:04:11.0361 0x0520 BrUsbSer - ok
20:04:11.0405 0x0520 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:04:11.0439 0x0520 BthEnum - ok
20:04:11.0456 0x0520 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:04:11.0488 0x0520 BTHMODEM - ok
20:04:11.0521 0x0520 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:04:11.0543 0x0520 BthPan - ok
20:04:11.0589 0x0520 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:04:11.0625 0x0520 BTHPORT - ok
20:04:11.0659 0x0520 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:04:11.0709 0x0520 bthserv - ok
20:04:11.0733 0x0520 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:04:11.0751 0x0520 BTHUSB - ok
20:04:11.0788 0x0520 [ 2641A3FE3D7B0646308F33B67F3B5300, 8D2E37F6524D10197D36AAE41F59028B3DF0692A113EA342BB1AC36DEA13D8F6 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
20:04:11.0820 0x0520 btusbflt - ok
20:04:11.0855 0x0520 [ A72A9101F9730DB7332714E566614E4D, 7C75772EA40EAEDDE2565E5FF901B17EA9B748563B8CE40062D86D4B0F1DBF0C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:04:11.0870 0x0520 btwaudio - ok
20:04:11.0901 0x0520 [ 5CEEC634B617525F2B6AD29F871033F7, 0A48E08FB3C3384860783F72C85022F6AD11D8F7023580D007478AA94F6F41C5 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
20:04:11.0917 0x0520 btwavdt - ok
20:04:12.0081 0x0520 [ FFE8C1C3ABBF75CE4E74E9A0942DAE7D, 650B2403BB7FBC43CD111A9ABE71D48D685BE4AF84CD91ACA9A9A4C21A45E565 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
20:04:12.0126 0x0520 btwdins - ok
20:04:12.0162 0x0520 [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:04:12.0173 0x0520 btwl2cap - ok
20:04:12.0194 0x0520 [ 2AF5604D28BEF77B7CF4B9D232FE7CD3, 758524012FE284EDFC27DF095A2DD5853A0F084999F14DA66784103176E938E4 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:04:12.0206 0x0520 btwrchid - ok
20:04:12.0237 0x0520 [ FDB53A8D3BC52DC29884587E768E3388, 2D80EEFA7A01C5E62676B7B3804E2B2FE80BF350001FFD4ECC547B23CBA378A3 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
20:04:12.0273 0x0520 CAXHWAZL - ok
20:04:12.0313 0x0520 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:04:12.0353 0x0520 cdfs - ok
20:04:12.0394 0x0520 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:04:12.0430 0x0520 cdrom - ok
20:04:12.0464 0x0520 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:04:12.0502 0x0520 CertPropSvc - ok
20:04:12.0538 0x0520 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
20:04:12.0558 0x0520 circlass - ok
20:04:12.0595 0x0520 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
20:04:12.0617 0x0520 CLFS - ok
20:04:12.0680 0x0520 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:04:12.0696 0x0520 clr_optimization_v2.0.50727_32 - ok
20:04:12.0751 0x0520 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:04:12.0768 0x0520 clr_optimization_v2.0.50727_64 - ok
20:04:12.0851 0x0520 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:04:12.0904 0x0520 clr_optimization_v4.0.30319_32 - ok
20:04:12.0943 0x0520 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:04:12.0970 0x0520 clr_optimization_v4.0.30319_64 - ok
20:04:13.0008 0x0520 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:04:13.0025 0x0520 CmBatt - ok
20:04:13.0042 0x0520 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:04:13.0056 0x0520 cmdide - ok
20:04:13.0123 0x0520 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
20:04:13.0193 0x0520 CNG - ok
20:04:13.0219 0x0520 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:04:13.0234 0x0520 Compbatt - ok
20:04:13.0255 0x0520 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:04:13.0275 0x0520 CompositeBus - ok
20:04:13.0286 0x0520 COMSysApp - ok
20:04:13.0299 0x0520 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:04:13.0313 0x0520 crcdisk - ok
20:04:13.0361 0x0520 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:04:13.0395 0x0520 CryptSvc - ok
20:04:13.0441 0x0520 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
20:04:13.0489 0x0520 CSC - ok
20:04:13.0536 0x0520 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
20:04:13.0585 0x0520 CscService - ok
20:04:13.0638 0x0520 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:04:13.0702 0x0520 DcomLaunch - ok
20:04:13.0755 0x0520 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:04:13.0803 0x0520 defragsvc - ok
20:04:13.0828 0x0520 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:04:13.0880 0x0520 DfsC - ok
20:04:13.0915 0x0520 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:04:13.0956 0x0520 Dhcp - ok
20:04:14.0113 0x0520 [ 98804934152C30555C7FD3CDD26F1164, B2726F2A5A6F5D12EB357ED4900FF26928F1E921594F0D2CFD1797A69AC59524 ] Disc Soft Ultra Bus Service C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
20:04:14.0173 0x0520 Disc Soft Ultra Bus Service - ok
20:04:14.0193 0x0520 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:04:14.0235 0x0520 discache - ok
20:04:14.0282 0x0520 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
20:04:14.0299 0x0520 Disk - ok
20:04:14.0325 0x0520 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:04:14.0350 0x0520 dmvsc - ok
20:04:14.0386 0x0520 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:04:14.0418 0x0520 Dnscache - ok
20:04:14.0447 0x0520 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:04:14.0492 0x0520 dot3svc - ok
20:04:14.0550 0x0520 [ 9597BCB69286FF017DB1A0FB8144408D, B477E4E7C3B49A77075B3165079E29FF1908C81E2BCCB930B47DCCF7DA5C417C ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
20:04:14.0573 0x0520 DozeSvc - ok
20:04:14.0594 0x0520 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:04:14.0638 0x0520 DPS - ok
20:04:14.0678 0x0520 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:04:14.0709 0x0520 drmkaud - ok
20:04:14.0751 0x0520 [ 96E7FBED116D3C598BF7E67F85ADCB41, 7EE7A501DEBC6ED932E36053D4232A6375BD386BDAFD17FFC4E538F853EFFC76 ] dtultrascsibus C:\Windows\system32\DRIVERS\dtultrascsibus.sys
20:04:14.0764 0x0520 dtultrascsibus - ok
20:04:14.0837 0x0520 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:04:14.0889 0x0520 DXGKrnl - ok
20:04:14.0921 0x0520 [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
20:04:14.0934 0x0520 DzHDD64 - ok
20:04:14.0973 0x0520 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E, 2B8FE69BFCE48CFD25E0B9FEBA0F15EE144F3565B5D208509FCF548DD2CC4EF7 ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
20:04:14.0998 0x0520 e1express - ok
20:04:15.0034 0x0520 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:04:15.0075 0x0520 EapHost - ok
20:04:15.0234 0x0520 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:04:15.0368 0x0520 ebdrv - ok
20:04:15.0414 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
20:04:15.0441 0x0520 EFS - ok
20:04:15.0519 0x0520 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:04:15.0581 0x0520 ehRecvr - ok
20:04:15.0598 0x0520 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:04:15.0619 0x0520 ehSched - ok
20:04:15.0674 0x0520 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:04:15.0707 0x0520 elxstor - ok
20:04:15.0721 0x0520 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:04:15.0747 0x0520 ErrDev - ok
20:04:15.0809 0x0520 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:04:15.0874 0x0520 EventSystem - ok
20:04:15.0921 0x0520 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:04:15.0964 0x0520 exfat - ok
20:04:15.0997 0x0520 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:04:16.0081 0x0520 fastfat - ok
20:04:16.0131 0x0520 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:04:16.0178 0x0520 Fax - ok
20:04:16.0208 0x0520 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
20:04:16.0230 0x0520 fdc - ok
20:04:16.0256 0x0520 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:04:16.0306 0x0520 fdPHost - ok
20:04:16.0330 0x0520 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:04:16.0369 0x0520 FDResPub - ok
20:04:16.0393 0x0520 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:04:16.0409 0x0520 FileInfo - ok
20:04:16.0421 0x0520 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:04:16.0464 0x0520 Filetrace - ok
20:04:16.0611 0x0520 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:04:16.0654 0x0520 FLEXnet Licensing Service - ok
20:04:16.0681 0x0520 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:04:16.0723 0x0520 flpydisk - ok
20:04:16.0764 0x0520 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:04:16.0801 0x0520 FltMgr - ok
20:04:16.0934 0x0520 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
20:04:17.0049 0x0520 FontCache - ok
20:04:17.0123 0x0520 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:04:17.0153 0x0520 FontCache3.0.0.0 - ok
20:04:17.0199 0x0520 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:04:17.0220 0x0520 FsDepends - ok
20:04:17.0269 0x0520 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:04:17.0295 0x0520 Fs_Rec - ok
20:04:17.0427 0x0520 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:04:17.0465 0x0520 fvevol - ok
20:04:17.0501 0x0520 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:04:17.0531 0x0520 gagp30kx - ok
20:04:17.0636 0x0520 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:04:17.0715 0x0520 gpsvc - ok
20:04:17.0863 0x0520 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:04:17.0881 0x0520 gupdate - ok
20:04:17.0901 0x0520 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:04:17.0913 0x0520 gupdatem - ok
20:04:17.0955 0x0520 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:04:18.0018 0x0520 hcw85cir - ok
20:04:18.0079 0x0520 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:04:18.0124 0x0520 HdAudAddService - ok
20:04:18.0208 0x0520 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:04:18.0233 0x0520 HDAudBus - ok
20:04:18.0262 0x0520 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:04:18.0293 0x0520 HidBatt - ok
20:04:18.0314 0x0520 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:04:18.0337 0x0520 HidBth - ok
20:04:18.0365 0x0520 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
20:04:18.0386 0x0520 HidIr - ok
20:04:18.0410 0x0520 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
20:04:18.0450 0x0520 hidserv - ok
20:04:18.0488 0x0520 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:04:18.0519 0x0520 HidUsb - ok
20:04:18.0545 0x0520 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:04:18.0584 0x0520 hkmsvc - ok
20:04:18.0621 0x0520 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:04:18.0658 0x0520 HomeGroupListener - ok
20:04:18.0686 0x0520 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:04:18.0708 0x0520 HomeGroupProvider - ok
20:04:18.0742 0x0520 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:04:18.0759 0x0520 HpSAMD - ok
20:04:18.0857 0x0520 [ E90D0E3D9715F3BEC7DB2D6321DDDEE8, 60102A7D454971A120CDDCFD30BDEBDD02ECEA981D723A59788AEF4E858BA828 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
20:04:18.0938 0x0520 HSF_DPV - ok
20:04:19.0009 0x0520 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:04:19.0072 0x0520 HTTP - ok
20:04:19.0093 0x0520 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:04:19.0107 0x0520 hwpolicy - ok
20:04:19.0126 0x0520 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:04:19.0146 0x0520 i8042prt - ok
20:04:19.0198 0x0520 [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:04:19.0218 0x0520 iaStor - ok
20:04:19.0265 0x0520 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:04:19.0292 0x0520 iaStorV - ok
20:04:19.0325 0x0520 [ A410235155EAC4D43262532B53F229E3, A4C40F513CB56BC11DCD40F8B5EDC0D575FD7503A04A72803AD324ECDB2282DD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:04:19.0339 0x0520 IBMPMDRV - ok
20:04:19.0355 0x0520 [ A0680FF223F055DE508E72B185A41484, 7FFB4F9B7F4395CFDF059D5744BDEACF91C70C08B6C399A17BDDA5610D879B15 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
20:04:19.0368 0x0520 IBMPMSVC - ok
20:04:19.0401 0x0520 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:04:19.0409 0x0520 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:04:21.0881 0x0520 Detect skipped due to KSN trusted
20:04:21.0881 0x0520 IDriverT - ok
20:04:22.0009 0x0520 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:04:22.0083 0x0520 idsvc - ok
20:04:22.0102 0x0520 IEEtwCollectorService - ok
20:04:22.0520 0x0520 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:04:22.0888 0x0520 igfx - ok
20:04:22.0939 0x0520 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:04:22.0954 0x0520 iirsp - ok
20:04:23.0016 0x0520 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:04:23.0064 0x0520 IKEEXT - ok
20:04:23.0102 0x0520 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:04:23.0117 0x0520 intelide - ok
20:04:23.0165 0x0520 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:04:23.0197 0x0520 intelppm - ok
20:04:23.0229 0x0520 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:04:23.0272 0x0520 IPBusEnum - ok
20:04:23.0298 0x0520 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:04:23.0338 0x0520 IpFilterDriver - ok
20:04:23.0394 0x0520 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:04:23.0442 0x0520 iphlpsvc - ok
20:04:23.0463 0x0520 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:04:23.0493 0x0520 IPMIDRV - ok
20:04:23.0513 0x0520 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:04:23.0557 0x0520 IPNAT - ok
20:04:23.0593 0x0520 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:04:23.0614 0x0520 IRENUM - ok
20:04:23.0633 0x0520 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:04:23.0647 0x0520 isapnp - ok
20:04:23.0684 0x0520 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:04:23.0708 0x0520 iScsiPrt - ok
20:04:23.0731 0x0520 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:04:23.0748 0x0520 kbdclass - ok
20:04:23.0772 0x0520 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:04:23.0790 0x0520 kbdhid - ok
20:04:23.0812 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
20:04:23.0831 0x0520 KeyIso - ok
20:04:23.0860 0x0520 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:04:23.0877 0x0520 KSecDD - ok
20:04:23.0894 0x0520 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:04:23.0913 0x0520 KSecPkg - ok
20:04:23.0940 0x0520 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:04:23.0981 0x0520 ksthunk - ok
20:04:24.0055 0x0520 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:04:24.0106 0x0520 KtmRm - ok
20:04:24.0140 0x0520 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:04:24.0198 0x0520 LanmanServer - ok
20:04:24.0240 0x0520 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:04:24.0283 0x0520 LanmanWorkstation - ok
20:04:24.0364 0x0520 [ A062A18F4F792534F898AEB3BD723D01, 4B620E9BBADAC69F4F116F19BA00B07E49F01DE0516A6091772E8515A8636B72 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
20:04:24.0380 0x0520 LENOVO.MICMUTE - ok
20:04:24.0409 0x0520 [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
20:04:24.0420 0x0520 lenovo.smi - ok
20:04:24.0453 0x0520 [ 606DA892A53FA863B67F8D3F8FF016A0, FB026285C07C8A77C1702698E40C2EA694B054C35C62E45C9A5C498BC94BAD49 ] LenovoRd C:\Windows\system32\Drivers\LenovoRd.sys
20:04:24.0480 0x0520 LenovoRd - ok
20:04:24.0520 0x0520 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:04:24.0560 0x0520 lltdio - ok
20:04:24.0601 0x0520 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:04:24.0650 0x0520 lltdsvc - ok
20:04:24.0683 0x0520 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:04:24.0724 0x0520 lmhosts - ok
20:04:24.0776 0x0520 [ 2808470E5E91D8838243D9045588C303, 4516559853EEEDD86260F4A1EFAD41190C00E5B5317DB3CF5C709DF207AE42A9 ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
20:04:24.0788 0x0520 LSCWinService - ok
20:04:24.0845 0x0520 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:04:24.0863 0x0520 LSI_FC - ok
20:04:24.0905 0x0520 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:04:24.0922 0x0520 LSI_SAS - ok
20:04:24.0958 0x0520 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:04:24.0975 0x0520 LSI_SAS2 - ok
20:04:25.0030 0x0520 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:04:25.0048 0x0520 LSI_SCSI - ok
20:04:25.0073 0x0520 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:04:25.0114 0x0520 luafv - ok
20:04:25.0145 0x0520 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:04:25.0167 0x0520 Mcx2Svc - ok
20:04:25.0181 0x0520 [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:04:25.0220 0x0520 mdmxsdk - ok
20:04:25.0237 0x0520 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
20:04:25.0253 0x0520 megasas - ok
20:04:25.0295 0x0520 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:04:25.0318 0x0520 MegaSR - ok
20:04:25.0350 0x0520 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:04:25.0390 0x0520 MMCSS - ok
20:04:25.0414 0x0520 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:04:25.0452 0x0520 Modem - ok
20:04:25.0477 0x0520 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:04:25.0496 0x0520 monitor - ok
20:04:25.0520 0x0520 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:04:25.0536 0x0520 mouclass - ok
20:04:25.0559 0x0520 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:04:25.0576 0x0520 mouhid - ok
20:04:25.0601 0x0520 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:04:25.0618 0x0520 mountmgr - ok
20:04:25.0659 0x0520 [ 5C2B2F10C847834C6DA4E680A4093BA3, 0222EBC8789765613184F47339A1DBD118ED209B72BC5565A8A7D4FB4CCF5418 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:04:25.0677 0x0520 MozillaMaintenance - ok
20:04:25.0697 0x0520 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:04:25.0717 0x0520 mpio - ok
20:04:25.0747 0x0520 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:04:25.0787 0x0520 mpsdrv - ok
20:04:25.0846 0x0520 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:04:25.0914 0x0520 MpsSvc - ok
20:04:25.0949 0x0520 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:04:25.0983 0x0520 MRxDAV - ok
20:04:26.0036 0x0520 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:04:26.0065 0x0520 mrxsmb - ok
20:04:26.0088 0x0520 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:04:26.0116 0x0520 mrxsmb10 - ok
20:04:26.0134 0x0520 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:04:26.0154 0x0520 mrxsmb20 - ok
20:04:26.0179 0x0520 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:04:26.0194 0x0520 msahci - ok
20:04:26.0232 0x0520 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:04:26.0251 0x0520 msdsm - ok
20:04:26.0272 0x0520 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:04:26.0294 0x0520 MSDTC - ok
20:04:26.0322 0x0520 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:04:26.0361 0x0520 Msfs - ok
20:04:26.0373 0x0520 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:04:26.0412 0x0520 mshidkmdf - ok
20:04:26.0428 0x0520 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:04:26.0443 0x0520 msisadrv - ok
20:04:26.0489 0x0520 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:04:26.0543 0x0520 MSiSCSI - ok
20:04:26.0548 0x0520 msiserver - ok
20:04:26.0578 0x0520 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:04:26.0617 0x0520 MSKSSRV - ok
20:04:26.0637 0x0520 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:04:26.0674 0x0520 MSPCLOCK - ok
20:04:26.0682 0x0520 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:04:26.0722 0x0520 MSPQM - ok
20:04:26.0764 0x0520 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:04:26.0790 0x0520 MsRPC - ok
20:04:26.0806 0x0520 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:04:26.0820 0x0520 mssmbios - ok
20:04:26.0825 0x0520 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:04:26.0864 0x0520 MSTEE - ok
20:04:26.0882 0x0520 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:04:26.0899 0x0520 MTConfig - ok
20:04:26.0919 0x0520 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:04:26.0935 0x0520 Mup - ok
20:04:26.0980 0x0520 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:04:27.0036 0x0520 napagent - ok
20:04:27.0098 0x0520 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:04:27.0130 0x0520 NativeWifiP - ok
20:04:27.0195 0x0520 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
20:04:27.0243 0x0520 NDIS - ok
20:04:27.0258 0x0520 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:04:27.0299 0x0520 NdisCap - ok
20:04:27.0318 0x0520 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:04:27.0358 0x0520 NdisTapi - ok
20:04:27.0385 0x0520 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:04:27.0436 0x0520 Ndisuio - ok
20:04:27.0470 0x0520 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:04:27.0513 0x0520 NdisWan - ok
20:04:27.0527 0x0520 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:04:27.0565 0x0520 NDProxy - ok
20:04:27.0589 0x0520 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:04:27.0628 0x0520 NetBIOS - ok
20:04:27.0650 0x0520 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:04:27.0696 0x0520 NetBT - ok
20:04:27.0730 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
20:04:27.0765 0x0520 Netlogon - ok
20:04:27.0808 0x0520 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:04:27.0858 0x0520 Netman - ok
20:04:27.0902 0x0520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:27.0942 0x0520 NetMsmqActivator - ok
20:04:27.0954 0x0520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:27.0973 0x0520 NetPipeActivator - ok
20:04:28.0037 0x0520 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:04:28.0091 0x0520 netprofm - ok
20:04:28.0106 0x0520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:28.0124 0x0520 NetTcpActivator - ok
20:04:28.0132 0x0520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:28.0151 0x0520 NetTcpPortSharing - ok
20:04:28.0400 0x0520 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:04:28.0679 0x0520 netw5v64 - ok
20:04:28.0727 0x0520 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:04:28.0743 0x0520 nfrd960 - ok
20:04:28.0778 0x0520 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:04:28.0817 0x0520 NlaSvc - ok
20:04:28.0837 0x0520 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:04:28.0878 0x0520 Npfs - ok
20:04:28.0904 0x0520 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:04:28.0944 0x0520 nsi - ok
20:04:28.0955 0x0520 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:04:28.0996 0x0520 nsiproxy - ok
20:04:29.0103 0x0520 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:04:29.0174 0x0520 Ntfs - ok
20:04:29.0203 0x0520 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:04:29.0242 0x0520 Null - ok
20:04:29.0754 0x0520 [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:04:30.0350 0x0520 nvlddmkm - ok
20:04:30.0435 0x0520 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:04:30.0455 0x0520 nvraid - ok
20:04:30.0482 0x0520 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:04:30.0502 0x0520 nvstor - ok
20:04:30.0571 0x0520 [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc C:\Windows\system32\nvvsvc.exe
20:04:30.0630 0x0520 nvsvc - ok
20:04:30.0660 0x0520 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:04:30.0679 0x0520 nv_agp - ok
20:04:30.0716 0x0520 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:04:30.0768 0x0520 ohci1394 - ok
20:04:30.0851 0x0520 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:04:30.0873 0x0520 ose - ok
20:04:31.0131 0x0520 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:04:31.0391 0x0520 osppsvc - ok
20:04:31.0444 0x0520 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:04:31.0495 0x0520 p2pimsvc - ok
20:04:31.0536 0x0520 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:04:31.0581 0x0520 p2psvc - ok
20:04:31.0613 0x0520 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
20:04:31.0635 0x0520 Parport - ok
20:04:31.0667 0x0520 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:04:31.0684 0x0520 partmgr - ok
20:04:31.0701 0x0520 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
20:04:31.0729 0x0520 PcaSvc - ok
20:04:31.0744 0x0520 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:04:31.0766 0x0520 pci - ok
20:04:31.0785 0x0520 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:04:31.0800 0x0520 pciide - ok
20:04:31.0824 0x0520 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:04:31.0847 0x0520 pcmcia - ok
20:04:31.0860 0x0520 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:04:31.0876 0x0520 pcw - ok
20:04:31.0917 0x0520 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:04:31.0989 0x0520 PEAUTH - ok
20:04:32.0084 0x0520 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:04:32.0161 0x0520 PeerDistSvc - ok
20:04:32.0245 0x0520 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:04:32.0263 0x0520 PerfHost - ok
20:04:32.0352 0x0520 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:04:32.0437 0x0520 pla - ok
20:04:32.0491 0x0520 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:04:32.0545 0x0520 PlugPlay - ok
20:04:32.0576 0x0520 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:04:32.0603 0x0520 PNRPAutoReg - ok
20:04:32.0635 0x0520 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:04:32.0660 0x0520 PNRPsvc - ok
20:04:32.0706 0x0520 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:04:32.0764 0x0520 PolicyAgent - ok
20:04:32.0807 0x0520 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
20:04:32.0852 0x0520 Power - ok
20:04:32.0968 0x0520 [ D47E74C5D68F28CDF90486C4B297A4EB, 71CDF87AB64F35D3F261E73414C188B808CEF6E073CB0AF5783E7BBAD52CCB43 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
20:04:33.0048 0x0520 Power Manager DBC Service - ok
20:04:33.0103 0x0520 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:04:33.0144 0x0520 PptpMiniport - ok
20:04:33.0166 0x0520 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
20:04:33.0186 0x0520 Processor - ok
20:04:33.0220 0x0520 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
20:04:33.0252 0x0520 ProfSvc - ok
20:04:33.0270 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:04:33.0289 0x0520 ProtectedStorage - ok
20:04:33.0317 0x0520 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:04:33.0361 0x0520 Psched - ok
20:04:33.0461 0x0520 [ 88831D5178E82C77BEA028761293E695, C29434D66AA82A2941A5A683D0F10D2B61D732BD96E5A3AFB2BD7D550A36E1D7 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
20:04:33.0528 0x0520 PwmEWSvc - ok
20:04:33.0625 0x0520 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:04:33.0693 0x0520 ql2300 - ok
20:04:33.0722 0x0520 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:04:33.0741 0x0520 ql40xx - ok
20:04:33.0778 0x0520 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:04:33.0810 0x0520 QWAVE - ok
20:04:33.0823 0x0520 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:04:33.0847 0x0520 QWAVEdrv - ok
20:04:33.0873 0x0520 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:04:33.0913 0x0520 RasAcd - ok
20:04:33.0943 0x0520 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:04:33.0993 0x0520 RasAgileVpn - ok
20:04:34.0015 0x0520 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:04:34.0060 0x0520 RasAuto - ok
20:04:34.0075 0x0520 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:04:34.0118 0x0520 Rasl2tp - ok
20:04:34.0146 0x0520 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:04:34.0197 0x0520 RasMan - ok
20:04:34.0211 0x0520 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:04:34.0254 0x0520 RasPppoe - ok
20:04:34.0277 0x0520 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:04:34.0344 0x0520 RasSstp - ok
20:04:34.0368 0x0520 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:04:34.0417 0x0520 rdbss - ok
20:04:34.0446 0x0520 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:04:34.0466 0x0520 rdpbus - ok
20:04:34.0484 0x0520 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:04:34.0524 0x0520 RDPCDD - ok
20:04:34.0549 0x0520 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:04:34.0579 0x0520 RDPDR - ok
20:04:34.0600 0x0520 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:04:34.0641 0x0520 RDPENCDD - ok
20:04:34.0654 0x0520 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:04:34.0704 0x0520 RDPREFMP - ok
20:04:34.0739 0x0520 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:04:34.0766 0x0520 RdpVideoMiniport - ok
20:04:34.0798 0x0520 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:04:34.0854 0x0520 RDPWD - ok
20:04:34.0906 0x0520 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:04:34.0927 0x0520 rdyboost - ok
20:04:34.0958 0x0520 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:04:35.0012 0x0520 RemoteAccess - ok
20:04:35.0054 0x0520 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:04:35.0109 0x0520 RemoteRegistry - ok
20:04:35.0151 0x0520 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:04:35.0178 0x0520 RFCOMM - ok
20:04:35.0207 0x0520 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF, A0F6D5C912FE5FF3E3F3826F14D42D6B8219B109A04CEC30BDDF8A05FE22902E ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
20:04:35.0236 0x0520 rismxdp - ok
20:04:35.0253 0x0520 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:04:35.0296 0x0520 RpcEptMapper - ok
20:04:35.0325 0x0520 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:04:35.0344 0x0520 RpcLocator - ok
20:04:35.0404 0x0520 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:04:35.0498 0x0520 RpcSs - ok
20:04:35.0578 0x0520 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:04:35.0680 0x0520 rspndr - ok
20:04:35.0752 0x0520 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:04:35.0844 0x0520 s3cap - ok
20:04:35.0862 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
20:04:35.0890 0x0520 SamSs - ok
20:04:35.0911 0x0520 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:04:35.0928 0x0520 sbp2port - ok
20:04:35.0967 0x0520 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:04:36.0017 0x0520 SCardSvr - ok
20:04:36.0035 0x0520 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:04:36.0078 0x0520 scfilter - ok
20:04:36.0139 0x0520 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
20:04:36.0237 0x0520 Schedule - ok
20:04:36.0270 0x0520 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:04:36.0314 0x0520 SCPolicySvc - ok
20:04:36.0349 0x0520 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:04:36.0398 0x0520 sdbus - ok
20:04:36.0438 0x0520 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:04:36.0498 0x0520 SDRSVC - ok
20:04:36.0548 0x0520 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:04:36.0615 0x0520 secdrv - ok
20:04:36.0629 0x0520 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:04:36.0708 0x0520 seclogon - ok
20:04:36.0742 0x0520 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
20:04:36.0794 0x0520 SENS - ok
20:04:36.0818 0x0520 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:04:36.0891 0x0520 SensrSvc - ok
20:04:36.0926 0x0520 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:04:36.0945 0x0520 Serenum - ok
20:04:37.0020 0x0520 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
20:04:37.0045 0x0520 Serial - ok
20:04:37.0098 0x0520 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:04:37.0115 0x0520 sermouse - ok
20:04:37.0156 0x0520 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:04:37.0202 0x0520 SessionEnv - ok
20:04:37.0218 0x0520 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:04:37.0239 0x0520 sffdisk - ok
20:04:37.0258 0x0520 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:04:37.0290 0x0520 sffp_mmc - ok
20:04:37.0315 0x0520 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:04:37.0346 0x0520 sffp_sd - ok
20:04:37.0361 0x0520 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:04:37.0380 0x0520 sfloppy - ok
20:04:37.0420 0x0520 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:04:37.0472 0x0520 SharedAccess - ok
20:04:37.0506 0x0520 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:04:37.0558 0x0520 ShellHWDetection - ok
20:04:37.0585 0x0520 [ 21144BECAEC1012FF0F6C6C1D6177232, 4ACDC8B9F2EB862F440A7C1D31FEC9A13386DEA50D9B98EAB5FC311BC8FF0065 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
20:04:37.0604 0x0520 Shockprf - ok
20:04:37.0625 0x0520 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:04:37.0641 0x0520 SiSRaid2 - ok
20:04:37.0680 0x0520 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:04:37.0698 0x0520 SiSRaid4 - ok
20:04:37.0732 0x0520 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:04:37.0775 0x0520 Smb - ok
20:04:37.0818 0x0520 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:04:37.0837 0x0520 SNMPTRAP - ok
20:04:37.0849 0x0520 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:04:37.0865 0x0520 spldr - ok
20:04:37.0911 0x0520 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
20:04:37.0957 0x0520 Spooler - ok
20:04:38.0119 0x0520 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:04:38.0302 0x0520 sppsvc - ok
20:04:38.0339 0x0520 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:04:38.0382 0x0520 sppuinotify - ok
20:04:38.0425 0x0520 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:04:38.0469 0x0520 srv - ok
20:04:38.0500 0x0520 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:04:38.0529 0x0520 srv2 - ok
20:04:38.0575 0x0520 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:04:38.0601 0x0520 SrvHsfHDA - ok
20:04:38.0684 0x0520 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:04:38.0753 0x0520 SrvHsfV92 - ok
20:04:38.0802 0x0520 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:04:38.0846 0x0520 SrvHsfWinac - ok
20:04:38.0876 0x0520 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:04:38.0910 0x0520 srvnet - ok
20:04:38.0947 0x0520 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:04:39.0007 0x0520 SSDPSRV - ok
20:04:39.0037 0x0520 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:04:39.0080 0x0520 SstpSvc - ok
20:04:39.0112 0x0520 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:04:39.0128 0x0520 stexstor - ok
20:04:39.0180 0x0520 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:04:39.0224 0x0520 stisvc - ok
20:04:39.0244 0x0520 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:04:39.0259 0x0520 storflt - ok
20:04:39.0299 0x0520 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:04:39.0314 0x0520 storvsc - ok
20:04:39.0414 0x0520 [ F07850E89839894F731E4562B64E08A5, BF11E096E1CC57B57FFB4E0528DB43F6B049A7E8A0C00C34E03A00EF2F2092B6 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
20:04:39.0426 0x0520 SUService - ok
20:04:39.0441 0x0520 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:04:39.0456 0x0520 swenum - ok
20:04:39.0503 0x0520 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:04:39.0563 0x0520 swprv - ok
20:04:39.0582 0x0520 [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
20:04:39.0599 0x0520 Synth3dVsc - ok
20:04:39.0653 0x0520 [ AEAE48AF681BAF5904608FF5D84E3C9C, 39B362E9E64A43B9AF5CCE2E704CCAE5E10B5BA0B45E535098BC0E40A4F772A8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:04:39.0682 0x0520 SynTP - ok
20:04:39.0782 0x0520 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
20:04:39.0863 0x0520 SysMain - ok
20:04:39.0885 0x0520 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:04:39.0912 0x0520 TabletInputService - ok
20:04:39.0939 0x0520 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:04:39.0989 0x0520 TapiSrv - ok
20:04:40.0045 0x0520 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:04:40.0089 0x0520 TBS - ok
20:04:40.0188 0x0520 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:04:40.0278 0x0520 Tcpip - ok
20:04:40.0359 0x0520 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:04:40.0431 0x0520 TCPIP6 - ok
20:04:40.0460 0x0520 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:04:40.0477 0x0520 tcpipreg - ok
20:04:40.0509 0x0520 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:04:40.0535 0x0520 TDPIPE - ok
20:04:40.0558 0x0520 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:04:40.0575 0x0520 TDTCP - ok
20:04:40.0617 0x0520 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:04:40.0653 0x0520 tdx - ok
20:04:40.0687 0x0520 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:04:40.0703 0x0520 TermDD - ok
20:04:40.0736 0x0520 [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt C:\Windows\system32\drivers\terminpt.sys
20:04:40.0767 0x0520 terminpt - ok
20:04:40.0834 0x0520 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
20:04:40.0889 0x0520 TermService - ok
20:04:40.0918 0x0520 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:04:40.0942 0x0520 Themes - ok
20:04:40.0974 0x0520 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:04:41.0024 0x0520 THREADORDER - ok
20:04:41.0047 0x0520 [ 8CC4CABFC4D35B61ABF596CE024C438C, 674BC35916AE4D0C425D9F0A4473335408499B06BCEF8AF64DF724D44FB310C5 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
20:04:41.0060 0x0520 TPDIGIMN - ok
20:04:41.0080 0x0520 [ 25AD1E90D51382173D49F55963B59C64, 84CE25338E1CE78037488160B204392FD85EBB1F3E4CD636F60FDB2E24839D9B ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
20:04:41.0097 0x0520 TPHDEXLGSVC - ok
20:04:41.0175 0x0520 [ 6FE3085AB39EA391FCABE7275C8A380C, A3BBD17237D29BE9C11E1CA15C89028218ECAEB5E1151047D12957CEB7F434E2 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
20:04:41.0190 0x0520 TPHKLOAD - ok
20:04:41.0204 0x0520 [ F7B2314456B1676777AA9FFEF6776B45, FC6B4909BB698BC9EC151EC68357F1C27725E8F0AF8074338FD9502B1DEBCD0B ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:04:41.0220 0x0520 TPHKSVC - ok
20:04:41.0254 0x0520 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
20:04:41.0272 0x0520 TPM - ok
20:04:41.0311 0x0520 [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
20:04:41.0331 0x0520 TPPWRIF - ok
20:04:41.0359 0x0520 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:04:41.0405 0x0520 TrkWks - ok
20:04:41.0453 0x0520 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:04:41.0498 0x0520 TrustedInstaller - ok
20:04:41.0533 0x0520 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:04:41.0551 0x0520 tssecsrv - ok
20:04:41.0596 0x0520 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:04:41.0627 0x0520 TsUsbFlt - ok
20:04:41.0659 0x0520 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:04:41.0694 0x0520 TsUsbGD - ok
20:04:41.0730 0x0520 [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
20:04:41.0766 0x0520 tsusbhub - ok
20:04:41.0803 0x0520 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:04:41.0854 0x0520 tunnel - ok
20:04:41.0872 0x0520 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:04:41.0892 0x0520 uagp35 - ok
20:04:41.0922 0x0520 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:04:41.0980 0x0520 udfs - ok
20:04:42.0030 0x0520 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:04:42.0050 0x0520 UI0Detect - ok
20:04:42.0097 0x0520 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:04:42.0113 0x0520 uliagpkx - ok
20:04:42.0143 0x0520 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:04:42.0162 0x0520 umbus - ok
20:04:42.0181 0x0520 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
20:04:42.0198 0x0520 UmPass - ok
20:04:42.0226 0x0520 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
20:04:42.0250 0x0520 UmRdpService - ok
20:04:42.0275 0x0520 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:04:42.0332 0x0520 upnphost - ok
20:04:42.0365 0x0520 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
20:04:42.0398 0x0520 usbccgp - ok
20:04:42.0437 0x0520 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:04:42.0474 0x0520 usbcir - ok
20:04:42.0500 0x0520 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:04:42.0518 0x0520 usbehci - ok
20:04:42.0571 0x0520 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:04:42.0636 0x0520 usbhub - ok
20:04:42.0676 0x0520 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:04:42.0694 0x0520 usbohci - ok
20:04:42.0750 0x0520 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:04:42.0775 0x0520 usbprint - ok
20:04:42.0804 0x0520 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:04:42.0851 0x0520 USBSTOR - ok
20:04:42.0886 0x0520 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:04:42.0923 0x0520 usbuhci - ok
20:04:42.0971 0x0520 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:04:43.0120 0x0520 usbvideo - ok
20:04:43.0158 0x0520 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:04:43.0208 0x0520 UxSms - ok
20:04:43.0236 0x0520 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
20:04:43.0345 0x0520 VaultSvc - ok
20:04:43.0375 0x0520 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:04:43.0393 0x0520 vdrvroot - ok
20:04:43.0441 0x0520 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:04:43.0518 0x0520 vds - ok
20:04:43.0546 0x0520 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:04:43.0573 0x0520 vga - ok
20:04:43.0606 0x0520 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:04:43.0695 0x0520 VgaSave - ok
20:04:43.0711 0x0520 VGPU - ok
20:04:43.0741 0x0520 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:04:43.0764 0x0520 vhdmp - ok
20:04:43.0793 0x0520 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:04:43.0809 0x0520 viaide - ok
20:04:43.0843 0x0520 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:04:43.0865 0x0520 vmbus - ok
20:04:43.0888 0x0520 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:04:43.0916 0x0520 VMBusHID - ok
20:04:43.0973 0x0520 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:04:44.0028 0x0520 volmgr - ok
20:04:44.0068 0x0520 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:04:44.0105 0x0520 volmgrx - ok
20:04:44.0136 0x0520 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:04:44.0172 0x0520 volsnap - ok
20:04:44.0199 0x0520 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:04:44.0222 0x0520 vsmraid - ok
20:04:44.0356 0x0520 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:04:44.0470 0x0520 VSS - ok
20:04:44.0949 0x0520 [ 47A543ECF4D8D1BA5E5DC8F7EF08BF91, 9831953754C7E4E980FAFEE652F6CC91589BE09DACE20EB2B1FBF5ECFFA89A28 ] vToolbarUpdater18.4.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
20:04:45.0084 0x0520 vToolbarUpdater18.4.0 - ok
20:04:45.0117 0x0520 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:04:45.0153 0x0520 vwifibus - ok
20:04:45.0195 0x0520 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:04:45.0220 0x0520 vwififlt - ok
20:04:45.0315 0x0520 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:04:45.0434 0x0520 W32Time - ok
20:04:45.0461 0x0520 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:04:45.0494 0x0520 WacomPen - ok
20:04:45.0550 0x0520 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:04:45.0593 0x0520 WANARP - ok
20:04:45.0599 0x0520 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:04:45.0653 0x0520 Wanarpv6 - ok
20:04:45.0845 0x0520 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:04:45.0945 0x0520 wbengine - ok
20:04:45.0997 0x0520 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:04:46.0040 0x0520 WbioSrvc - ok
20:04:46.0081 0x0520 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:04:46.0179 0x0520 wcncsvc - ok
20:04:46.0207 0x0520 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:04:46.0278 0x0520 WcsPlugInService - ok
20:04:46.0319 0x0520 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
20:04:46.0336 0x0520 Wd - ok
20:04:46.0408 0x0520 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:04:46.0459 0x0520 Wdf01000 - ok
20:04:46.0509 0x0520 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:04:46.0541 0x0520 WdiServiceHost - ok
20:04:46.0549 0x0520 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:04:46.0572 0x0520 WdiSystemHost - ok
20:04:46.0606 0x0520 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
20:04:46.0668 0x0520 WebClient - ok
20:04:46.0705 0x0520 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:04:46.0756 0x0520 Wecsvc - ok
20:04:46.0774 0x0520 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:04:46.0819 0x0520 wercplsupport - ok
20:04:46.0855 0x0520 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:04:46.0907 0x0520 WerSvc - ok
20:04:46.0926 0x0520 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:04:46.0970 0x0520 WfpLwf - ok
20:04:47.0006 0x0520 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:04:47.0024 0x0520 WIMMount - ok
20:04:47.0082 0x0520 [ 057B062CF9A11E04DB45B8C3AFC28B11, 9D1617F79BFBE4608BF69AB84B5FCC5CCFC039EDF9748D12322E593127B1D5CC ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:04:47.0137 0x0520 winachsf - ok
20:04:47.0167 0x0520 WinDefend - ok
20:04:47.0188 0x0520 WinHttpAutoProxySvc - ok
20:04:47.0251 0x0520 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:04:47.0304 0x0520 Winmgmt - ok
20:04:47.0410 0x0520 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
20:04:47.0526 0x0520 WinRM - ok
20:04:47.0580 0x0520 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:04:47.0602 0x0520 WinUsb - ok
20:04:47.0665 0x0520 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:04:47.0728 0x0520 Wlansvc - ok
20:04:47.0758 0x0520 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:04:47.0787 0x0520 WmiAcpi - ok
20:04:47.0821 0x0520 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:04:47.0846 0x0520 wmiApSrv - ok
20:04:47.0874 0x0520 WMPNetworkSvc - ok
20:04:47.0895 0x0520 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:04:47.0926 0x0520 WPCSvc - ok
20:04:47.0941 0x0520 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:04:47.0969 0x0520 WPDBusEnum - ok
20:04:47.0981 0x0520 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:04:48.0025 0x0520 ws2ifsl - ok
20:04:48.0044 0x0520 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
20:04:48.0074 0x0520 wscsvc - ok
20:04:48.0079 0x0520 WSearch - ok
20:04:48.0210 0x0520 [ FFD80DC0CDA145C3376A5076360162C8, 2DA34929DC416164A001B7C711D7CF1046FAE53F8B31697F3EC4AF75C45163E5 ] WtuSystemSupport C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
20:04:48.0256 0x0520 WtuSystemSupport - ok
20:04:48.0671 0x0520 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
20:04:48.0860 0x0520 wuauserv - ok
20:04:48.0908 0x0520 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:04:48.0965 0x0520 WudfPf - ok
20:04:49.0024 0x0520 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:04:49.0083 0x0520 WUDFRd - ok
20:04:49.0121 0x0520 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:04:49.0154 0x0520 wudfsvc - ok
20:04:49.0219 0x0520 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:04:49.0284 0x0520 WwanSvc - ok
20:04:49.0375 0x0520 [ 638C99D993AFAB0E1FAB226E2BBE6D79, 2EED237A65D6440804524DC349D74A4AC36837592B86631A6A6469BDA7F67F19 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
20:04:49.0401 0x0520 XAudio - ok
20:04:49.0449 0x0520 [ 3E775F0BD28DDEFF53D78578B97A3CFF, 19A808CA7810420FB56C3722ADB557E04820CCF2009AB5A5C72666763B08F7B1 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
20:04:49.0488 0x0520 XAudioService - ok
20:04:49.0526 0x0520 ================ Scan global ===============================
20:04:49.0552 0x0520 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:04:49.0590 0x0520 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:04:49.0613 0x0520 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:04:49.0637 0x0520 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:04:49.0679 0x0520 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:04:49.0690 0x0520 [ Global ] - ok
20:04:49.0691 0x0520 ================ Scan MBR ==================================
20:04:49.0702 0x0520 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:04:50.0477 0x0520 \Device\Harddisk0\DR0 - ok
20:04:50.0477 0x0520 ================ Scan VBR ==================================
20:04:50.0481 0x0520 [ E20E8D76A1410B1D1EA7E21E8AFA7F33 ] \Device\Harddisk0\DR0\Partition1
20:04:50.0483 0x0520 \Device\Harddisk0\DR0\Partition1 - ok
20:04:50.0497 0x0520 [ FC78DDC43CC61BF6763AF1B6E5CC5499 ] \Device\Harddisk0\DR0\Partition2
20:04:50.0499 0x0520 \Device\Harddisk0\DR0\Partition2 - ok
20:04:50.0521 0x0520 [ 0A05698394C0C986A041245FB58B2B60 ] \Device\Harddisk0\DR0\Partition3
20:04:50.0523 0x0520 \Device\Harddisk0\DR0\Partition3 - ok
20:04:50.0524 0x0520 ================ Scan generic autorun ======================
20:04:50.0557 0x0520 [ 747A1B5CF84312898E836D60EB0D0D7D, 3734A74A1FB734E690E8C2263FA41F77B250C5E497E92B1BB1AB620D3B7511E0 ] C:\Windows\system32\TpShocks.exe
20:04:50.0585 0x0520 TpShocks - ok
20:04:50.0640 0x0520 [ 142A09BC16E53D2A51F75FEABB5B7154, 9D6109349411AFEF30A0032A93B90639DC44807AAEE371B431EF1FAA6BEE0E3C ] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
20:04:50.0656 0x0520 AcWin7Hlpr - ok
20:04:50.0660 0x0520 SynTPEnh - ok
20:04:50.0855 0x0520 [ FD28C482645DB5918D918A94A9A87682, 6BE5B1E00A66CF690897FBB7CFC04B0DDA3665FE84CACDB888B8DE874DA35D3A ] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
20:04:50.0961 0x0520 nwiz - ok
20:04:51.0195 0x0520 [ 9DB4F8D6F900D0511CC216783C7F7D48, 63FD23A41C26186302104B9752EFEC91FDCB7AEF68ECC4956809F5009B6A65C5 ] C:\Program Files (x86)\AVG\AVG2015\avgui.exe
20:04:51.0303 0x0520 AVG_UI - ok
20:04:51.0428 0x0520 [ AFD15F701B550037FFDDE6B18171479D, 38C049529611653832944B9A624BA9E336E0AFE668CEDD95BDAF550A9605ADF5 ] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
20:04:51.0497 0x0520 SoundMAXPnP - ok
20:04:51.0504 0x0520 PWMTRV - ok
20:04:51.0596 0x0520 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:04:51.0682 0x0520 Sidebar - ok
20:04:51.0712 0x0520 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:04:51.0751 0x0520 mctadmin - ok
20:04:51.0791 0x0520 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:04:51.0842 0x0520 Sidebar - ok
20:04:51.0852 0x0520 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:04:51.0883 0x0520 mctadmin - ok
20:04:52.0075 0x0520 [ 3AC24F892E6CC38BA4A1767F6489ABAF, 44F369567C4FD0D935F6D5C5C276ED0D5800036724943D0622BA408F870CE38F ] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe
20:04:52.0279 0x0520 DAEMON Tools Ultra Agent - ok
20:04:52.0289 0x0520 Waiting for KSN requests completion. In queue: 101
20:04:53.0289 0x0520 Waiting for KSN requests completion. In queue: 101
20:04:54.0289 0x0520 Waiting for KSN requests completion. In queue: 101
20:04:55.0360 0x0520 AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5646 ), 0x41000 ( enabled : updated )
20:04:55.0433 0x0520 Win FW state via NFP2: enabled
20:04:57.0923 0x0520 ============================================================
20:04:57.0923 0x0520 Scan finished
20:04:57.0923 0x0520 ============================================================
20:04:57.0937 0x1600 Detected object count: 0
20:04:57.0937 0x1600 Actual detected object count: 0
20:07:08.0525 0x060c Deinitialize success
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.03.05
rootkit: v2015.02.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Benny :: KOMPUTTA [administrator]
03.03.2015 20:17:12
mbar-log-2015-03-03 (20-17-12).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 389521
Time elapsed: 20 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
04.03.2015, 08:50
| #5 |
| /// the machine /// TB-Ausbilder | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.03.2015, 11:16
| #6 |
| | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet Moin schrauber, Combofix ist durchgelaufen und hat den Laptop neu gestartet, steht jetzt aber seit 30 minuten bei ' bereite Log Datei vor. starte keine anderen Programme bevor Combofix fertig ist'. der Laptop zeigt auch keine aktivität mehr an, soll ich es beenden? Vielen dank, Benny |
|
04.03.2015, 11:33
| #7 |
| /// the machine /// TB-Ausbilder | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet Ist dein AV wegen dem Neustart wieder aktiviert? Wenn ja wieder deaktivieren und warten. Wenn in weiteren 30 min nix passiert beenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.03.2015, 11:46
| #8 |
| | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet Der AV war noch deaktiviert, als ich versucht habe ihn zu starten bekam ich den von dir beschriebenen Fehler bzgl. des Registrierungsschlüssels. Habe dann Combofix beendet und neugestartet. Hier der Inhalt der Combofix.txt aus dem Combofix Ordner auf C:, direkt auf C: habe ich keine Combofix.txt gefunden: Code:
ATTFilter ComboFix 15-03-01.01 - Benny 04.03.2015 10:26:28.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2030.690 [GMT 1:00]
ausgeführt von:: C:\Users\Benny\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Benny |
|
04.03.2015, 16:23
| #9 |
| /// the machine /// TB-Ausbilder | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.03.2015, 16:59
| #10 |
| | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet hier das protokoll von mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.03.2015 Suchlauf-Zeit: 16:34:00 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.04.04 Rootkit Datenbank: v2015.02.25.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Benny Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 384097 Verstrichene Zeit: 18 Min, 45 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
04.03.2015, 17:36
| #11 |
| /// the machine /// TB-Ausbilder | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet poste alle Logs auf einmal, wenn Du sie zusammen hast 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.03.2015, 18:33
| #12 |
| | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet und hier AdwCleaner: Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 04/03/2015 um 18:07:03
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-02.3 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Benny - KOMPUTTA
# Gestarted von : C:\Users\Benny\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v36.0 (x86 de)
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [1604 Bytes] - [04/03/2015 18:03:44]
AdwCleaner[S0].txt - [1522 Bytes] - [04/03/2015 18:07:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1581 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Ultimate x64
Ran by Benny on 04.03.2015 at 18:17:12,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Benny\AppData\Roaming\mozilla\firefox\profiles\9fwfn2wj.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.03.2015 at 18:25:04,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 Ran by Benny (administrator) on KOMPUTTA on 04-03-2015 18:30:15 Running from C:\Users\Benny\Desktop Loaded Profiles: Benny (Available profiles: Marcel & Benny) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-06-20] (Lenovo.) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] () HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2605916418-3193630820-2758046491-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2605916418-3193630820-2758046491-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\9fwfn2wj.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.) S3 Disc Soft Ultra Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [1378576 2014-12-09] (Disc Soft Ltd) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-02-26] () S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30352 2014-12-27] (Disc Soft Ltd) R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 athr; system32\DRIVERS\athrx.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 18:29 - 2015-03-04 18:29 - 00000000 ____D () C:\Users\Benny\Desktop\FRST-OlderVersion 2015-03-04 18:25 - 2015-03-04 18:25 - 00000752 _____ () C:\Users\Benny\Desktop\JRT.txt 2015-03-04 18:03 - 2015-03-04 18:07 - 00000000 ____D () C:\AdwCleaner 2015-03-04 16:57 - 2015-03-04 16:57 - 00001201 _____ () C:\Users\Benny\Desktop\mbam.txt 2015-03-04 16:29 - 2015-03-04 16:29 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-04 16:29 - 2015-03-04 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-04 16:29 - 2015-03-04 16:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-04 16:29 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-04 16:29 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-04 16:26 - 2015-03-04 16:26 - 01388333 _____ (Thisisu) C:\Users\Benny\Desktop\JRT.exe 2015-03-04 16:25 - 2015-03-04 16:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Benny\Desktop\mbam-setup-2.0.4.1028.exe 2015-03-04 16:25 - 2015-03-04 16:26 - 02126848 _____ () C:\Users\Benny\Desktop\AdwCleaner_4.111.exe 2015-03-04 13:18 - 2015-03-04 13:19 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\vlc 2015-03-04 10:23 - 2015-03-04 10:40 - 00000000 ___SD () C:\ComboFix 2015-03-04 10:23 - 2015-03-04 10:23 - 00000000 ____D () C:\Qoobox 2015-03-04 10:23 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-04 10:23 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-04 10:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-04 10:22 - 2015-03-04 10:37 - 00000000 ____D () C:\Windows\erdnt 2015-03-04 10:17 - 2015-03-04 10:17 - 05612482 ____R (Swearware) C:\Users\Benny\Desktop\ComboFix.exe 2015-03-03 20:17 - 2015-03-04 16:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-03 20:16 - 2015-03-04 18:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-03 20:16 - 2015-03-03 21:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-03 20:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-03 20:14 - 2015-03-03 20:15 - 00000000 ____D () C:\Users\Benny\Desktop\mbar-1.09.1.1004 2015-03-03 20:14 - 2015-03-03 20:14 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\WinRAR 2015-03-03 20:04 - 2015-03-03 20:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Benny\Desktop\mbar-1.09.1.1004.exe 2015-03-03 19:58 - 2015-03-03 19:58 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Benny\Desktop\tdsskiller.exe 2015-03-03 12:23 - 2015-03-03 12:23 - 00524672 _____ () C:\Windows\Minidump\030315-55239-01.dmp 2015-03-03 12:23 - 2015-03-03 12:23 - 00000000 ____D () C:\Windows\Minidump 2015-03-03 12:06 - 2015-03-03 12:06 - 00003037 _____ () C:\Users\Benny\Desktop\Gmer.txt 2015-03-03 11:57 - 2015-03-03 11:57 - 00380416 _____ () C:\Users\Benny\Desktop\Gmer-19357.exe 2015-03-03 11:56 - 2015-03-03 11:57 - 00024107 _____ () C:\Users\Benny\Desktop\Addition.txt 2015-03-03 11:55 - 2015-03-04 18:30 - 00012402 _____ () C:\Users\Benny\Desktop\FRST.txt 2015-03-03 11:54 - 2015-03-04 18:30 - 00000000 ____D () C:\FRST 2015-03-03 11:53 - 2015-03-04 18:29 - 02093056 _____ (Farbar) C:\Users\Benny\Desktop\FRST64.exe 2015-03-03 11:52 - 2015-03-03 11:52 - 00000472 _____ () C:\Users\Benny\Desktop\defogger_disable.log 2015-03-03 11:52 - 2015-03-03 11:52 - 00000000 _____ () C:\Users\Benny\defogger_reenable 2015-03-03 11:51 - 2015-03-03 11:51 - 00050477 _____ () C:\Users\Benny\Desktop\Defogger.exe 2015-03-03 09:19 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-03 09:19 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-03 09:19 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-03 09:19 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-03 09:19 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 09:19 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 09:19 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 09:19 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-03-01 14:53 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-03-01 14:53 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-03-01 14:24 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-01 14:24 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-01 14:24 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-01 14:24 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-01 14:24 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-01 14:24 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-01 14:24 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-01 14:24 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-01 14:24 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-01 14:24 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-01 14:24 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-01 14:24 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-01 14:24 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-01 14:24 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-01 14:24 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-01 14:24 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-01 14:24 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-01 14:24 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-01 14:24 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-01 14:24 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-01 14:24 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-01 14:24 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-01 14:24 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-01 14:24 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-01 14:24 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-01 14:24 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-01 14:24 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-01 14:24 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-01 14:24 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-01 14:24 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-01 14:24 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-01 14:24 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-01 14:24 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-01 14:24 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-01 14:24 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-01 14:24 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-01 14:24 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-01 14:24 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-01 14:24 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-01 14:24 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-01 14:24 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-01 14:24 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-01 14:24 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-01 14:24 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-01 14:24 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-01 14:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-01 14:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-01 14:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-01 14:23 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-01 14:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-01 14:23 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-01 14:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-01 14:21 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-01 14:21 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-01 14:20 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-01 14:20 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-01 14:20 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-01 14:20 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-01 14:20 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-01 14:20 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-01 14:20 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-01 14:20 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-01 14:20 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-01 14:20 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-01 14:20 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-01 14:20 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-01 14:20 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-01 14:20 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-01 14:20 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-01 14:20 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-01 14:20 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-01 14:20 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-01 14:20 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-01 14:20 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-01 14:20 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-03-01 14:20 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-03-01 14:20 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-01 14:20 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-01 14:20 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-01 14:20 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-01 14:19 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-03-01 14:19 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-03-01 14:16 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-01 14:16 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-01 14:16 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-01 14:16 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-01 14:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-01 14:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-01 14:16 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-01 14:05 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-27 22:07 - 2015-02-27 22:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb 2015-02-26 21:27 - 2015-02-27 22:07 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp 2015-02-26 21:27 - 2015-02-26 21:29 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp 2015-02-24 22:52 - 2015-02-24 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 18:18 - 2013-09-19 21:36 - 01055353 _____ () C:\Windows\WindowsUpdate.log 2015-03-04 18:16 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-04 18:16 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-04 18:10 - 2014-12-27 10:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-04 18:10 - 2014-12-27 10:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-04 18:09 - 2012-01-10 20:14 - 00020397 _____ () C:\Windows\setupact.log 2015-03-04 18:09 - 2010-11-21 04:47 - 00118482 _____ () C:\Windows\PFRO.log 2015-03-04 18:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-04 14:10 - 2013-09-19 22:29 - 00000000 ____D () C:\ProgramData\MFAData 2015-03-04 13:19 - 2011-04-12 08:43 - 00699534 _____ () C:\Windows\system32\perfh007.dat 2015-03-04 13:19 - 2011-04-12 08:43 - 00149642 _____ () C:\Windows\system32\perfc007.dat 2015-03-04 13:19 - 2009-07-14 06:13 - 01620080 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-04 13:17 - 2015-01-12 20:02 - 00000000 ___RD () C:\Users\Benny\Dropbox 2015-03-04 13:17 - 2015-01-12 19:57 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Dropbox 2015-03-04 10:38 - 2009-07-14 03:34 - 64487424 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-03-04 10:38 - 2009-07-14 03:34 - 15466496 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-03-04 10:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2015-03-04 10:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2015-03-04 10:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-03-03 20:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-03 12:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-03 11:52 - 2014-12-31 18:33 - 00000000 ____D () C:\Users\Benny 2015-03-03 07:50 - 2015-01-24 09:04 - 00000000 ____D () C:\Users\Benny\AppData\Local\Avg2015 2015-03-02 15:47 - 2009-07-14 05:45 - 00364520 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-01 19:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-03-01 18:32 - 2013-11-17 20:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-01 18:32 - 2013-11-17 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-01 18:32 - 2013-09-19 22:18 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Adobe 2015-03-01 14:48 - 2014-12-27 11:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-01 14:46 - 2014-12-27 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-03-01 14:39 - 2013-09-20 00:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-01 14:33 - 2013-11-17 20:44 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-03-01 14:30 - 2012-01-10 19:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-01 10:59 - 2015-01-12 20:02 - 00001017 _____ () C:\Users\Benny\Desktop\Dropbox.lnk 2015-03-01 10:59 - 2015-01-12 20:00 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-01 10:12 - 2015-01-12 20:26 - 00000000 ____D () C:\Users\Benny\AppData\Local\Adobe 2015-02-26 21:00 - 2013-09-19 21:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-08 13:05 - 2014-12-27 10:59 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-08 13:05 - 2014-12-27 10:59 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Benny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwgpzhr.dll C:\Users\Benny\AppData\Local\Temp\Quarantine.exe C:\Users\Benny\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-23 18:55 ==================== End Of Log ============================ --- --- --- Vielen Dank, Benny |
|
05.03.2015, 07:07
| #13 |
| /// the machine /// TB-Ausbilder | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.03.2015, 11:45
| #14 |
| | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet Moin Schrauber! Jetzt muss ich mal nachfragen: Ich soll meinen AV und die Windows-Firewall ausschalten und den Rechner trotzdem im Netz lassen damit sich der Eset seine Definitionen runterladen kann? Das widerspricht allem was ich bisher gelernt hatte, nie ungeschützt ins Netz zu gehen? Ich habe den Eset erstmal mit Firewall und AVG durchlaufen lassen, hier das Ergebnis: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1eac612ae78d1c45b7b782fadbdd7f91
# engine=22761
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-05 10:27:24
# local_time=2015-03-05 11:27:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 98 182002 112685228 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 94299 177181094 0 0
# scanned=197774
# found=0
# cleaned=0
# scan_time=5116
Code:
ATTFilter Results of screen317's Security Check version 0.99.96 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2015 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader XI Mozilla Firefox (36.0) Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01 Ran by Benny (administrator) on KOMPUTTA on 05-03-2015 11:43:58 Running from C:\Users\Benny\Desktop Loaded Profiles: Benny (Available profiles: Marcel & Benny) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-06-20] (Lenovo.) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] () HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Benny\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2605916418-3193630820-2758046491-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2605916418-3193630820-2758046491-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\9fwfn2wj.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.) R3 Disc Soft Ultra Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [1378576 2014-12-09] (Disc Soft Ltd) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-02-26] () S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30352 2014-12-27] (Disc Soft Ltd) R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 athr; system32\DRIVERS\athrx.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-05 11:31 - 2015-03-05 11:31 - 00852594 _____ () C:\Users\Benny\Desktop\SecurityCheck.exe 2015-03-05 09:49 - 2015-03-05 09:49 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-05 09:38 - 2015-03-05 09:38 - 02347384 _____ (ESET) C:\Users\Benny\Desktop\esetsmartinstaller_deu.exe 2015-03-04 18:29 - 2015-03-05 11:42 - 00000000 ____D () C:\Users\Benny\Desktop\FRST-OlderVersion 2015-03-04 18:25 - 2015-03-04 18:25 - 00000752 _____ () C:\Users\Benny\Desktop\JRT.txt 2015-03-04 18:03 - 2015-03-04 18:07 - 00000000 ____D () C:\AdwCleaner 2015-03-04 16:57 - 2015-03-04 16:57 - 00001201 _____ () C:\Users\Benny\Desktop\mbam.txt 2015-03-04 16:29 - 2015-03-04 16:29 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-04 16:29 - 2015-03-04 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-04 16:29 - 2015-03-04 16:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-04 16:29 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-04 16:29 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-04 16:26 - 2015-03-04 16:26 - 01388333 _____ (Thisisu) C:\Users\Benny\Desktop\JRT.exe 2015-03-04 16:25 - 2015-03-04 16:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Benny\Desktop\mbam-setup-2.0.4.1028.exe 2015-03-04 16:25 - 2015-03-04 16:26 - 02126848 _____ () C:\Users\Benny\Desktop\AdwCleaner_4.111.exe 2015-03-04 13:18 - 2015-03-04 13:19 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\vlc 2015-03-04 10:23 - 2015-03-04 10:40 - 00000000 ___SD () C:\ComboFix 2015-03-04 10:23 - 2015-03-04 10:23 - 00000000 ____D () C:\Qoobox 2015-03-04 10:23 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-04 10:23 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-04 10:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-04 10:23 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-04 10:22 - 2015-03-04 10:37 - 00000000 ____D () C:\Windows\erdnt 2015-03-04 10:17 - 2015-03-04 10:17 - 05612482 ____R (Swearware) C:\Users\Benny\Desktop\ComboFix.exe 2015-03-03 20:17 - 2015-03-04 16:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-03 20:16 - 2015-03-05 10:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-03 20:16 - 2015-03-03 21:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-03 20:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-03 20:14 - 2015-03-03 20:15 - 00000000 ____D () C:\Users\Benny\Desktop\mbar-1.09.1.1004 2015-03-03 20:14 - 2015-03-03 20:14 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\WinRAR 2015-03-03 20:04 - 2015-03-03 20:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Benny\Desktop\mbar-1.09.1.1004.exe 2015-03-03 19:58 - 2015-03-03 19:58 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Benny\Desktop\tdsskiller.exe 2015-03-03 12:23 - 2015-03-03 12:23 - 00524672 _____ () C:\Windows\Minidump\030315-55239-01.dmp 2015-03-03 12:23 - 2015-03-03 12:23 - 00000000 ____D () C:\Windows\Minidump 2015-03-03 12:06 - 2015-03-03 12:06 - 00003037 _____ () C:\Users\Benny\Desktop\Gmer.txt 2015-03-03 11:57 - 2015-03-03 11:57 - 00380416 _____ () C:\Users\Benny\Desktop\Gmer-19357.exe 2015-03-03 11:56 - 2015-03-03 11:57 - 00024107 _____ () C:\Users\Benny\Desktop\Addition.txt 2015-03-03 11:55 - 2015-03-05 11:43 - 00012671 _____ () C:\Users\Benny\Desktop\FRST.txt 2015-03-03 11:54 - 2015-03-05 11:44 - 00000000 ____D () C:\FRST 2015-03-03 11:53 - 2015-03-05 11:42 - 02092544 _____ (Farbar) C:\Users\Benny\Desktop\FRST64.exe 2015-03-03 11:52 - 2015-03-03 11:52 - 00000472 _____ () C:\Users\Benny\Desktop\defogger_disable.log 2015-03-03 11:52 - 2015-03-03 11:52 - 00000000 _____ () C:\Users\Benny\defogger_reenable 2015-03-03 11:51 - 2015-03-03 11:51 - 00050477 _____ () C:\Users\Benny\Desktop\Defogger.exe 2015-03-03 09:19 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-03 09:19 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-03 09:19 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-03 09:19 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-03 09:19 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 09:19 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 09:19 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 09:19 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-03-01 14:53 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-03-01 14:53 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-03-01 14:24 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-01 14:24 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-01 14:24 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-01 14:24 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-01 14:24 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-01 14:24 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-01 14:24 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-01 14:24 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-01 14:24 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-01 14:24 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-01 14:24 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-01 14:24 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-01 14:24 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-01 14:24 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-01 14:24 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-01 14:24 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-01 14:24 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-01 14:24 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-01 14:24 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-01 14:24 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-01 14:24 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-01 14:24 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-01 14:24 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-01 14:24 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-01 14:24 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-01 14:24 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-01 14:24 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-01 14:24 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-01 14:24 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-01 14:24 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-01 14:24 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-01 14:24 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-01 14:24 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-01 14:24 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-01 14:24 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-01 14:24 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-01 14:24 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-01 14:24 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-01 14:24 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-01 14:24 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-01 14:24 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-01 14:24 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-01 14:24 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-01 14:24 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-01 14:24 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-01 14:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-01 14:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-01 14:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-01 14:23 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-01 14:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-01 14:23 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-01 14:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-01 14:21 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-01 14:21 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-01 14:21 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-01 14:21 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-01 14:20 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-01 14:20 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-01 14:20 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-01 14:20 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-01 14:20 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-01 14:20 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-01 14:20 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-01 14:20 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-01 14:20 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-01 14:20 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-01 14:20 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-01 14:20 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-01 14:20 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-01 14:20 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-01 14:20 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-01 14:20 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-01 14:20 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-01 14:20 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-01 14:20 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-01 14:20 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-01 14:20 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-03-01 14:20 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-03-01 14:20 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-01 14:20 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-01 14:20 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-01 14:20 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-01 14:19 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-03-01 14:19 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-03-01 14:16 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-01 14:16 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-01 14:16 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-01 14:16 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-01 14:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-01 14:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-01 14:16 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-01 14:05 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-27 22:07 - 2015-02-27 22:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb 2015-02-26 21:27 - 2015-02-27 22:07 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp 2015-02-26 21:27 - 2015-02-26 21:29 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp 2015-02-24 22:52 - 2015-02-24 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-05 11:10 - 2014-12-27 10:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-05 10:48 - 2013-09-19 21:36 - 01095796 _____ () C:\Windows\WindowsUpdate.log 2015-03-05 09:21 - 2014-12-27 10:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-05 09:18 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-05 09:18 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-05 09:15 - 2013-09-19 22:29 - 00000000 ____D () C:\ProgramData\MFAData 2015-03-05 09:10 - 2012-01-10 20:14 - 00020487 _____ () C:\Windows\setupact.log 2015-03-05 09:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-04 18:09 - 2010-11-21 04:47 - 00118482 _____ () C:\Windows\PFRO.log 2015-03-04 13:19 - 2011-04-12 08:43 - 00699534 _____ () C:\Windows\system32\perfh007.dat 2015-03-04 13:19 - 2011-04-12 08:43 - 00149642 _____ () C:\Windows\system32\perfc007.dat 2015-03-04 13:19 - 2009-07-14 06:13 - 01620080 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-04 13:17 - 2015-01-12 20:02 - 00000000 ___RD () C:\Users\Benny\Dropbox 2015-03-04 13:17 - 2015-01-12 19:57 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Dropbox 2015-03-04 10:38 - 2009-07-14 03:34 - 64487424 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-03-04 10:38 - 2009-07-14 03:34 - 15466496 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-03-04 10:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2015-03-04 10:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2015-03-04 10:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-03-03 20:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-03 12:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-03 11:52 - 2014-12-31 18:33 - 00000000 ____D () C:\Users\Benny 2015-03-03 07:50 - 2015-01-24 09:04 - 00000000 ____D () C:\Users\Benny\AppData\Local\Avg2015 2015-03-02 15:47 - 2009-07-14 05:45 - 00364520 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-01 19:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-03-01 18:32 - 2013-11-17 20:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-01 18:32 - 2013-11-17 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-01 18:32 - 2013-09-19 22:18 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Adobe 2015-03-01 14:48 - 2014-12-27 11:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-01 14:46 - 2014-12-27 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-03-01 14:39 - 2013-09-20 00:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-01 14:33 - 2013-11-17 20:44 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-03-01 14:30 - 2012-01-10 19:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-01 10:59 - 2015-01-12 20:02 - 00001017 _____ () C:\Users\Benny\Desktop\Dropbox.lnk 2015-03-01 10:59 - 2015-01-12 20:00 - 00000000 ____D () C:\Users\Benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-01 10:12 - 2015-01-12 20:26 - 00000000 ____D () C:\Users\Benny\AppData\Local\Adobe 2015-02-26 21:00 - 2013-09-19 21:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-08 13:05 - 2014-12-27 10:59 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-08 13:05 - 2014-12-27 10:59 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Benny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwgpzhr.dll C:\Users\Benny\AppData\Local\Temp\Quarantine.exe C:\Users\Benny\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-23 18:55 ==================== End Of Log ============================ |
|
05.03.2015, 18:57
| #15 |
| /// the machine /// TB-Ausbilder | Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet Firewall kann man anlassen, AV muss aus weil es ab und an rein funkt. Und solange Du keine nackten Frauen-Videos im Netz schaust während ESET scannt passiert da nix .Bestehen noch Probleme mit dem System?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Zip-Datei mit Trojaner: Crypt3.CDYN geöffnet |
| adobe, adware, antivirus, avg, bildschirm, browser, cpu, defender, feedback, festplatte, firefox, flash player, frage, mozilla, programm, registry, rundll, scan, schutz, secure search, security, services.exe, software, svchost.exe, trojaner, vtoolbarupdater, windows, wuauclt.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
