| |
| |||||||
Log-Analyse und Auswertung: Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% AuslastungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.05.2015, 11:10
| #1 |
| |  Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung Hallo, bin neu hier und bin auf eure Hilfe angewiesen. Seit paar Wochen arbeitet mein Laptop seeeeehr langsam. Die CPU und der Arbeitsspeicher sind ohne laufenden Programme mind. bei 80 % Auslastung. Habe schon alles versucht. Suchdurchlauf mit ADW Cleaner und Malwarebytes hat nichts ergeben. Windows und alle weiteren Programme wie Firefox, Graka-Treiber etc. sind immer auf dem neuesten Stand. Es ist mir auch aufgefallen, dass sich Malwarebytes nicht mehr aktualisieren lässt. Die Aktualisierung der Datenbank verläuft in eine Endlossschleife.  |
|
18.05.2015, 11:21
| #2 |
| /// the machine /// TB-Ausbilder    | Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.05.2015, 11:56
| #3 |
| | Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung Hier der FRST.txt
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02 Ran by Rico (administrator) on RICO-PC on 18-05-2015 12:49:56 Running from C:\Users\Rico\Desktop Loaded Profiles: Rico (Available profiles: Rico) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKU\S-1-5-21-3794730434-1299558751-751304628-1000\...\MountPoints2: {db72ce52-6c10-11e4-b311-001f16c1a4dd} - F:\SETUP.EXE HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-13] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3794730434-1299558751-751304628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\o12he46t.default FF Homepage: www.t-online.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Extension: Citavi Picker - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\o12he46t.default\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2015-05-12] FF Extension: NoScript - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\o12he46t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-05] FF Extension: Download YouTube Videos as MP4 - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\o12he46t.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-01-06] FF Extension: Adblock Plus - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\o12he46t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-05-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-11-14] () [File not signed] S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-01-23] (Cisco Systems, Inc.) U3 ai7znear; C:\Windows\System32\Drivers\ai7znear.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-18 12:49 - 2015-05-18 12:50 - 00009117 _____ () C:\Users\Rico\Desktop\FRST.txt 2015-05-18 12:49 - 2015-05-18 12:50 - 00000000 ____D () C:\FRST 2015-05-18 12:48 - 2015-05-18 12:49 - 02107392 _____ (Farbar) C:\Users\Rico\Desktop\FRST64.exe 2015-05-18 12:13 - 2015-05-18 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2015-05-18 12:13 - 2015-05-18 12:13 - 00000000 ____D () C:\Program Files (x86)\FinalWire 2015-05-18 12:09 - 2015-05-18 12:09 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\ATI 2015-05-18 12:09 - 2015-05-18 12:09 - 00000000 ____D () C:\Users\Rico\AppData\Local\ATI 2015-05-18 12:09 - 2015-05-18 12:09 - 00000000 ____D () C:\ProgramData\ATI 2015-05-18 12:09 - 2015-05-18 12:09 - 00000000 ____D () C:\ProgramData\AMD 2015-05-18 12:09 - 2015-05-18 12:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2015-05-18 12:09 - 2015-05-18 12:09 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2015-05-18 12:09 - 2015-05-18 12:09 - 00000000 ____D () C:\Program Files (x86)\AMD APP 2015-05-18 12:08 - 2015-05-18 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center 2015-05-18 11:57 - 2015-05-18 11:57 - 00007625 _____ () C:\Users\Rico\AppData\Local\Resmon.ResmonCfg 2015-05-17 01:11 - 2015-05-17 01:13 - 00000000 ____D () C:\Users\Rico\Desktop\dokumentvorlage_abschlussarbeit_1_4 2015-05-17 01:11 - 2015-05-17 01:11 - 00595828 _____ () C:\Users\Rico\Desktop\dokumentvorlage_abschlussarbeit_1_4.zip 2015-05-14 16:56 - 2015-05-14 16:56 - 00000000 ____D () C:\ProgramData\Gibraltar 2015-05-14 15:16 - 2015-05-14 15:16 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Langmeier Software 2015-05-14 15:13 - 2015-05-14 15:13 - 00002099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Rambazamba.lnk 2015-05-14 15:13 - 2015-05-14 15:13 - 00000000 ____D () C:\Program Files (x86)\Langmeier Software 2015-05-14 10:21 - 2015-05-14 10:21 - 00015201 _____ () C:\Program Files\MemTest41.zip 2015-05-13 17:55 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 17:55 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 17:55 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 17:55 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 17:55 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 17:54 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 17:54 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 17:54 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 17:54 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 17:54 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 17:54 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 17:54 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 17:54 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 17:54 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 17:54 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 17:54 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 17:54 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 17:54 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 17:54 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 17:54 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 17:54 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 17:54 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 17:54 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 17:54 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 17:54 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 17:54 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 17:54 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 17:54 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 17:54 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 17:54 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 17:54 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 17:54 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 17:54 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 17:54 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 17:54 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 17:54 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 17:54 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 17:54 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 17:54 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 17:54 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 17:54 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 17:54 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 17:54 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 17:54 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 17:54 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 17:54 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 17:54 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 17:54 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 17:54 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 17:54 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 17:54 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 17:54 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 17:54 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 17:54 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 17:54 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 17:54 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 17:54 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 17:54 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 17:54 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 17:54 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 17:54 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 17:54 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 17:54 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 17:54 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 17:54 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 17:53 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 17:53 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 17:53 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 17:53 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 17:53 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 17:53 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-12 18:39 - 2015-05-12 18:39 - 00000000 ____D () C:\Users\Rico\Desktop\Casino_Life_2_Brown_Bag_Legend-(DatPiff.com) 2015-05-12 18:33 - 2015-05-13 18:29 - 00000000 ____D () C:\Users\Rico\Documents\Citavi 5 2015-05-12 18:33 - 2015-05-13 18:04 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Swiss Academic Software 2015-05-12 18:33 - 2015-05-12 19:38 - 00000000 ____D () C:\ProgramData\Swiss Academic Software 2015-05-12 18:14 - 2015-05-12 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5 2015-05-12 18:13 - 2015-05-12 18:14 - 00000000 ____D () C:\Program Files (x86)\Citavi 5 2015-05-11 23:52 - 2015-05-11 23:52 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2015-05-11 23:52 - 2015-05-11 23:52 - 00000000 ____D () C:\ProgramData\Samsung 2015-05-11 23:51 - 2015-05-11 23:53 - 00000000 ____D () C:\Users\Rico\Documents\samsung 2015-05-11 23:51 - 2015-05-11 23:51 - 00000000 ____D () C:\Users\Rico\Documents\SelfMV 2015-05-11 23:49 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-05-11 12:50 - 2015-05-11 12:50 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Aspell 2015-05-11 12:46 - 2015-05-11 12:46 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Foxit Advanced PDF Editor 2015-05-11 12:46 - 2015-05-11 12:46 - 00000000 ____D () C:\Users\Rico\AppData\Local\Foxit Advanced PDF Editor 2015-05-11 12:46 - 2015-05-11 12:46 - 00000000 ____D () C:\Users\Rico\AppData\Local\Aspell 2015-05-11 12:46 - 2015-05-11 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Advanced PDF Editor 2015-05-11 12:46 - 2015-05-11 12:46 - 00000000 ____D () C:\ProgramData\Foxit Advanced PDF Editor 2015-05-11 12:46 - 2015-05-11 12:46 - 00000000 ____D () C:\ProgramData\Aspell 2015-05-11 12:46 - 2015-05-11 12:46 - 00000000 ____D () C:\Program Files (x86)\Foxit Software 2015-05-07 16:37 - 2015-05-09 20:08 - 00000000 ____D () C:\Users\Rico\Desktop\Lohnsteuererklärung_Catia_2014 2015-05-07 01:05 - 2015-05-08 14:15 - 00000000 ____D () C:\Users\Rico\Desktop\Word2007_Bericht 2015-05-07 01:05 - 2015-05-07 01:05 - 00766797 _____ () C:\Users\Rico\Desktop\PowerPoint2007.zip 2015-05-07 01:05 - 2015-05-07 01:05 - 00128356 _____ () C:\Users\Rico\Desktop\Word2007_Bericht.zip 2015-05-06 13:18 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-06 13:18 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-06 13:18 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-06 13:18 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-06 13:18 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-06 13:18 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-06 13:18 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-06 13:18 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-06 13:18 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-06 13:18 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-06 13:18 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-06 13:18 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-06 13:18 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-06 13:18 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-06 13:18 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-06 13:18 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-06 13:18 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-06 13:18 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-06 13:18 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-06 13:18 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-06 13:18 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-06 13:18 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-06 13:18 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-06 13:18 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-06 13:18 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-06 13:18 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-06 13:18 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-06 13:18 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-06 13:18 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-06 13:18 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-06 13:18 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-06 13:18 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-06 13:18 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-06 13:18 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-06 13:18 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-06 13:18 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-06 13:18 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-06 13:18 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-06 13:18 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-06 13:18 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-06 13:18 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-06 13:18 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-06 13:18 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-06 13:18 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-06 13:18 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-06 13:18 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-06 13:18 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-06 13:18 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-05 19:31 - 2015-05-08 10:54 - 00000039 _____ () C:\Windows\vbaddin.ini 2015-05-05 19:31 - 2015-05-06 13:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works 2015-05-05 19:29 - 2015-05-05 19:29 - 00000162 _____ () C:\Windows\ODBC.INI 2015-05-05 00:09 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-05 00:09 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-05 00:09 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-05 00:09 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-05 00:09 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-05 00:09 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-05 00:09 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-05 00:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-05 00:09 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-04 15:37 - 2015-05-04 15:37 - 00000000 ____D () C:\Users\Rico\Desktop\Xa-BaAllBaDE20NO 2015-04-29 10:08 - 2015-04-29 10:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\386F5BA1.sys 2015-04-29 09:52 - 2015-04-29 09:53 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Skype 2015-04-29 09:52 - 2015-04-29 09:52 - 00000000 ____D () C:\Users\Rico\AppData\Local\Skype 2015-04-29 09:51 - 2015-04-29 09:53 - 00000000 ____D () C:\ProgramData\Skype 2015-04-24 11:08 - 2015-05-16 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-22 14:40 - 2015-04-22 14:40 - 00000000 ____D () C:\Users\Rico\AppData\Local\PDFCreator 2015-04-22 14:34 - 2015-04-22 14:35 - 00000000 ____D () C:\Program Files\PDFCreator 2015-04-22 14:34 - 2015-04-22 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-04-22 14:34 - 2015-04-01 19:47 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2015-04-22 10:27 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-04-22 10:27 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-04-22 10:27 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-04-22 10:27 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-04-22 10:27 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-04-22 10:27 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-04-22 10:12 - 2015-04-22 10:12 - 00846936 _____ () C:\Windows\Minidump\042215-23088-01.dmp 2015-04-21 17:49 - 2015-04-29 13:16 - 00000000 ____D () C:\ProgramData\Cisco 2015-04-21 17:49 - 2015-04-29 13:16 - 00000000 ____D () C:\Program Files (x86)\Cisco 2015-04-21 17:49 - 2015-04-21 17:49 - 00000000 ____D () C:\Users\Rico\AppData\Local\Cisco 2015-04-21 17:49 - 2015-04-21 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2015-04-21 16:58 - 2015-04-21 16:58 - 00000000 ___SD () C:\Users\Rico\Documents\Meine Datenquellen 2015-04-20 17:46 - 2015-04-20 17:46 - 00034192 _____ (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnevents.dll 2015-04-20 17:46 - 2015-04-20 17:46 - 00011152 _____ (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpncategories.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-18 12:47 - 2014-11-14 19:53 - 00000000 ____D () C:\Users\Rico\Documents\Outlook-Dateien 2015-05-18 12:11 - 2014-11-12 18:34 - 01258883 _____ () C:\Windows\WindowsUpdate.log 2015-05-18 12:11 - 2009-07-14 19:58 - 00661690 _____ () C:\Windows\system32\perfh007.dat 2015-05-18 12:11 - 2009-07-14 19:58 - 00141670 _____ () C:\Windows\system32\perfc007.dat 2015-05-18 12:11 - 2009-07-14 07:13 - 01528516 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-18 12:08 - 2015-02-01 16:10 - 00000000 ____D () C:\Program Files\ATI Technologies 2015-05-18 12:07 - 2009-07-14 06:51 - 00030542 _____ () C:\Windows\setupact.log 2015-05-18 11:57 - 2009-07-14 06:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-18 11:57 - 2009-07-14 06:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-18 11:50 - 2014-11-26 17:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-18 11:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-18 11:14 - 2014-11-28 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-18 11:14 - 2014-11-13 11:37 - 00118712 _____ () C:\Windows\PFRO.log 2015-05-14 10:15 - 2014-11-14 19:22 - 00000000 ____D () C:\Windows\pss 2015-05-14 10:06 - 2014-11-13 00:50 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-14 09:33 - 2009-07-14 06:45 - 00287376 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-13 19:24 - 2014-11-14 19:26 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 19:23 - 2014-11-13 19:51 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-05-13 19:23 - 2014-11-13 19:50 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-13 19:23 - 2014-11-13 19:50 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-05-13 19:23 - 2014-11-13 19:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-05-13 19:21 - 2014-11-12 20:01 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 19:17 - 2014-11-12 20:01 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-12 18:12 - 2015-03-08 14:12 - 00000000 ____D () C:\Users\Rico\AppData\Local\Downloaded Installations 2015-05-12 00:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-05-12 00:07 - 2015-03-08 14:13 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-05-11 23:52 - 2015-03-08 14:36 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Samsung 2015-05-11 23:51 - 2015-03-08 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-05-11 23:49 - 2014-12-03 14:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-11 22:19 - 2015-04-09 11:23 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-05-11 12:37 - 2014-11-14 20:26 - 00000000 ____D () C:\ProgramData\Adobe 2015-05-09 11:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-05-08 17:36 - 2014-11-14 19:17 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\vlc 2015-05-06 00:45 - 2014-11-12 19:55 - 00064232 _____ () C:\Users\Rico\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-05 19:32 - 2014-11-14 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-05-05 19:31 - 2014-11-14 19:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-05-05 19:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-05-05 19:28 - 2014-11-14 19:27 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-05-04 22:22 - 2014-11-14 19:18 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Dropbox 2015-05-04 15:43 - 2015-01-29 12:42 - 00000000 ____D () C:\AdwCleaner 2015-04-29 00:53 - 2014-11-14 19:20 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-22 14:46 - 2014-11-14 19:26 - 00000000 ____D () C:\Users\Rico\AppData\Local\Microsoft Help 2015-04-22 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-04-22 10:12 - 2015-01-13 11:12 - 00000000 ____D () C:\Windows\Minidump 2015-04-20 17:25 - 2015-01-23 02:09 - 00112496 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys ==================== Files in the root of some directories ======= 2015-05-14 10:21 - 2015-05-14 10:21 - 0015201 _____ () C:\Program Files\MemTest41.zip 2015-05-18 11:57 - 2015-05-18 11:57 - 0007625 _____ () C:\Users\Rico\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-14 17:15 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Und hier der Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Rico at 2015-05-18 12:50:53
Running from C:\Users\Rico\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3794730434-1299558751-751304628-500 - Administrator - Disabled)
Gast (S-1-5-21-3794730434-1299558751-751304628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3794730434-1299558751-751304628-1002 - Limited - Enabled)
Rico (S-1-5-21-3794730434-1299558751-751304628-1000 - Administrator - Enabled) => C:\Users\Rico
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
AIDA64 Extreme v5.20 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.20 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Brother MFL-Pro Suite DCP-130C (HKLM-x32\...\{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{9D2D6008-1122-47F3-8322-D6235CD8D1C5}) (Version: 3.1.08009 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.08009 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.08009 - Cisco Systems, Inc.) Hidden
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
Dropbox (HKU\S-1-5-21-3794730434-1299558751-751304628-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
eLearn CDROM 1.0 (HKLM-x32\...\eLearn 1.2.1_is1) (Version: - FIAT Auto S.p.A.)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
IsoBuster 2.6 (HKLM-x32\...\IsoBuster_is1) (Version: 2.6 - Smart Projects)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
PC Rambazamba (HKLM-x32\...\{4706FB18-24CA-4B8D-A827-452840E7E722}) (Version: 1.00.0000 - Langmeier Software GmbH)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3794730434-1299558751-751304628-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2592602D-258C-4A3A-B904-51B9309634A9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {424E053E-84F7-41E0-B248-4F6F1372841A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {537C28CA-EF00-4FF7-9153-426FE45616A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {A442873D-C2EA-47FE-A8B1-2EB4B57D49A7} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {AA15084A-459C-4CD8-A913-878B18280947} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
==================== Loaded Modules (Whitelisted) ==============
2014-11-14 01:00 - 2009-08-16 18:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-31 13:16 - 2014-07-31 13:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3794730434-1299558751-751304628-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Rico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AllShareAgent => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\pdf24\pdf24.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9D0EB2FD-EAE4-4186-A20F-8392AC46ECAC}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{FA242C90-2843-4A87-8ECF-D6EAB7EDD782}] => (Allow) C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B23F70D7-19F1-46B0-95B1-A1472110FE4B}] => (Allow) C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EE1F88B1-60C1-4B51-ABF4-A85DF81E5CA6}C:\users\rico\appdata\local\temp\rarsfx0\bie_kms.exe] => (Allow) C:\users\rico\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [UDP Query User{5C954267-38DC-40F6-B1E1-C9E7E1B40022}C:\users\rico\appdata\local\temp\rarsfx0\bie_kms.exe] => (Allow) C:\users\rico\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [{2F59A489-1D72-4A93-9E34-681FEFFDCAF3}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{04F6AC73-ABBC-44F6-88D7-BA5561CD75B2}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{C3D4E5C7-4DE1-4AE1-A047-4045E6CAAD64}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{C0C12626-24FB-4A6A-AB32-17C07A2EDFC1}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{BBCFF12F-2251-4260-925D-8E433B9075B5}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{A87F0FA0-6C0E-410C-AC81-36AD42B16A0E}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E62E4DF2-8081-481B-AF1A-A65437C697EF}C:\users\rico\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\rico\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CC7CF530-FAB5-4610-A101-628408CA3EE2}C:\users\rico\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\rico\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{6ACEE574-792C-4F03-932F-E8D8EB90BEAF}C:\users\rico\appdata\local\temp\rarsfx1\bie_kms.exe] => (Allow) C:\users\rico\appdata\local\temp\rarsfx1\bie_kms.exe
FirewallRules: [UDP Query User{FF9EE014-7537-4E9C-AC08-3ABAB39C8CDF}C:\users\rico\appdata\local\temp\rarsfx1\bie_kms.exe] => (Allow) C:\users\rico\appdata\local\temp\rarsfx1\bie_kms.exe
FirewallRules: [{4BC3711E-FC90-485F-A86A-5950FCCEE55C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F288805C-09DE-4381-9ADC-770AE6DB63EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C95D2681-5B67-477E-B066-A9DD38E02313}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
FirewallRules: [{652634B4-9E78-4633-B0BA-14070E034D24}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
FirewallRules: [{3B9D35CA-6B29-4218-ACC1-D8EF9AEC2E4C}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
FirewallRules: [TCP Query User{8EF08D0F-689A-4BC0-AD8C-A28A11C15362}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3AD7162C-ED95-452B-B004-7DD07D72C320}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F2BF739E-AED0-4FD4-AEBB-99A8CCC9A5D4}D:\tools (ohne games)\programme\microsoft visio professional 2013\kmsmicro\kmsmicro-wo-en\qemu\qemu.exe] => (Block) D:\tools (ohne games)\programme\microsoft visio professional 2013\kmsmicro\kmsmicro-wo-en\qemu\qemu.exe
FirewallRules: [UDP Query User{F13353C0-6B90-46C2-A4B7-EA84EFFDA45A}D:\tools (ohne games)\programme\microsoft visio professional 2013\kmsmicro\kmsmicro-wo-en\qemu\qemu.exe] => (Block) D:\tools (ohne games)\programme\microsoft visio professional 2013\kmsmicro\kmsmicro-wo-en\qemu\qemu.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2015 03:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x5d8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
Error: (05/13/2015 07:26:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x7e4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
Error: (05/12/2015 02:17:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x778
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
Error: (05/12/2015 00:17:21 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile C:\Program Files (x86)\BlueStacks\HD-CreateSymlink.exe because this image is not a valid Win32 application.
Error: (05/11/2015 11:58:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x1158
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (05/08/2015 05:17:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (05/08/2015 04:13:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xaa4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (05/08/2015 11:04:45 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (05/08/2015 11:03:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000006ec12
ID des fehlerhaften Prozesses: 0x8b8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0
Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1
Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2
Berichtskennung: svchost.exe_DiagTrack3
Error: (05/08/2015 11:02:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1122, Zeitstempel: 0x517f4031
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1122, Zeitstempel: 0x517f4031
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001794d
ID des fehlerhaften Prozesses: 0x45c
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
System errors:
=============
Error: (05/18/2015 11:52:23 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{D7232C14-1D09-422D-9C3A-4E4BB4DC046B}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (05/18/2015 11:27:10 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/18/2015 11:26:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.05.2015 um 11:25:00 unerwartet heruntergefahren.
Error: (05/17/2015 00:19:24 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/15/2015 10:47:24 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/14/2015 05:47:23 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{D7232C14-1D09-422D-9C3A-4E4BB4DC046B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (05/14/2015 03:38:47 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{D7232C14-1D09-422D-9C3A-4E4BB4DC046B}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (05/14/2015 03:27:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/14/2015 03:27:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/14/2015 03:21:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 44%
Total physical RAM: 4090.84 MB
Available physical RAM: 2274.94 MB
Total Pagefile: 8179.88 MB
Available Pagefile: 6012.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:50 GB) (Free:5.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:415.56 GB) (Free:17.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4DBD1D3D)
Partition 1: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 |
|
19.05.2015, 07:07
| #4 |
| /// the machine /// TB-Ausbilder | Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.05.2015, 22:43
| #5 |
| | Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung Hi, bei beiden Suchläufen wurde nichts gefunden. Hier die Files: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.19.05
rootkit: v2015.05.16.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Rico :: RICO-PC [administrator]
19.05.2015 23:03:37
mbar-log-2015-05-19 (23-03-37).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 345734
Time elapsed: 16 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 23:39:18.0843 0x0d44 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:39:23.0453 0x0d44 ============================================================
23:39:23.0453 0x0d44 Current date / time: 2015/05/19 23:39:23.0453
23:39:23.0453 0x0d44 SystemInfo:
23:39:23.0453 0x0d44
23:39:23.0453 0x0d44 OS Version: 6.1.7601 ServicePack: 1.0
23:39:23.0453 0x0d44 Product type: Workstation
23:39:23.0453 0x0d44 ComputerName: RICO-PC
23:39:23.0453 0x0d44 UserName: Rico
23:39:23.0453 0x0d44 Windows directory: C:\Windows
23:39:23.0453 0x0d44 System windows directory: C:\Windows
23:39:23.0453 0x0d44 Running under WOW64
23:39:23.0453 0x0d44 Processor architecture: Intel x64
23:39:23.0453 0x0d44 Number of processors: 2
23:39:23.0453 0x0d44 Page size: 0x1000
23:39:23.0453 0x0d44 Boot type: Normal boot
23:39:23.0453 0x0d44 ============================================================
23:39:25.0204 0x0d44 KLMD registered as C:\Windows\system32\drivers\30198918.sys
23:39:25.0847 0x0d44 System UUID: {6D3BF481-98DD-E2C6-E24F-7BE0EB766527}
23:39:26.0848 0x0d44 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:39:26.0854 0x0d44 ============================================================
23:39:26.0854 0x0d44 \Device\Harddisk0\DR0:
23:39:26.0854 0x0d44 MBR partitions:
23:39:26.0854 0x0d44 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6400000
23:39:26.0854 0x0d44 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6464800, BlocksNum 0x33F21000
23:39:26.0854 0x0d44 ============================================================
23:39:26.0882 0x0d44 C: <-> \Device\Harddisk0\DR0\Partition1
23:39:26.0961 0x0d44 D: <-> \Device\Harddisk0\DR0\Partition2
23:39:26.0961 0x0d44 ============================================================
23:39:26.0961 0x0d44 Initialize success
23:39:26.0961 0x0d44 ============================================================
23:40:29.0056 0x0f78 ============================================================
23:40:29.0056 0x0f78 Scan started
23:40:29.0056 0x0f78 Mode: Manual; SigCheck; TDLFS;
23:40:29.0056 0x0f78 ============================================================
23:40:29.0056 0x0f78 KSN ping started
23:40:43.0002 0x0f78 KSN ping finished: true
23:40:43.0829 0x0f78 ================ Scan system memory ========================
23:40:43.0829 0x0f78 System memory - ok
23:40:43.0829 0x0f78 ================ Scan services =============================
23:40:44.0016 0x0f78 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:40:44.0219 0x0f78 1394ohci - ok
23:40:44.0281 0x0f78 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:40:44.0313 0x0f78 ACPI - ok
23:40:44.0359 0x0f78 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:40:44.0437 0x0f78 AcpiPmi - ok
23:40:44.0484 0x0f78 [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
23:40:44.0562 0x0f78 acsock - ok
23:40:44.0609 0x0f78 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:40:44.0640 0x0f78 adp94xx - ok
23:40:44.0687 0x0f78 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:40:44.0718 0x0f78 adpahci - ok
23:40:44.0749 0x0f78 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:40:44.0765 0x0f78 adpu320 - ok
23:40:44.0812 0x0f78 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:40:44.0890 0x0f78 AeLookupSvc - ok
23:40:44.0937 0x0f78 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
23:40:45.0015 0x0f78 AFD - ok
23:40:45.0093 0x0f78 [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
23:40:45.0202 0x0f78 AgereSoftModem - ok
23:40:45.0233 0x0f78 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
23:40:45.0249 0x0f78 agp440 - ok
23:40:45.0295 0x0f78 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:40:45.0358 0x0f78 ALG - ok
23:40:45.0389 0x0f78 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
23:40:45.0405 0x0f78 aliide - ok
23:40:45.0436 0x0f78 [ DDEA39A56B801A675E118429AF6A30D2, D61A702E8777514A6926D1D5EB180F33C6317871013B355E7C17FE37C14C5D7F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:40:45.0498 0x0f78 AMD External Events Utility - ok
23:40:45.0514 0x0f78 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
23:40:45.0529 0x0f78 amdide - ok
23:40:45.0561 0x0f78 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:40:45.0607 0x0f78 AmdK8 - ok
23:40:46.0029 0x0f78 [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:40:46.0684 0x0f78 amdkmdag - ok
23:40:46.0746 0x0f78 [ 8E2A3479CF4E871F37D0F023692E6694, BE995D5679ABEF800E24208A068C44A10607305A8C328FF29A11DCAAB4D18FBB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:40:46.0809 0x0f78 amdkmdap - ok
23:40:46.0840 0x0f78 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:40:46.0855 0x0f78 AmdPPM - ok
23:40:46.0887 0x0f78 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:40:46.0918 0x0f78 amdsata - ok
23:40:46.0933 0x0f78 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:40:46.0965 0x0f78 amdsbs - ok
23:40:46.0965 0x0f78 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:40:46.0980 0x0f78 amdxata - ok
23:40:47.0027 0x0f78 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
23:40:47.0089 0x0f78 AppID - ok
23:40:47.0089 0x0f78 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:40:47.0121 0x0f78 AppIDSvc - ok
23:40:47.0152 0x0f78 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
23:40:47.0183 0x0f78 Appinfo - ok
23:40:47.0261 0x0f78 [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:40:47.0277 0x0f78 Apple Mobile Device - ok
23:40:47.0323 0x0f78 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
23:40:47.0370 0x0f78 AppMgmt - ok
23:40:47.0401 0x0f78 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:40:47.0417 0x0f78 arc - ok
23:40:47.0448 0x0f78 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:40:47.0464 0x0f78 arcsas - ok
23:40:47.0557 0x0f78 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:40:47.0589 0x0f78 aspnet_state - ok
23:40:47.0604 0x0f78 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:40:47.0729 0x0f78 AsyncMac - ok
23:40:47.0760 0x0f78 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
23:40:47.0776 0x0f78 atapi - ok
23:40:47.0823 0x0f78 [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:40:47.0838 0x0f78 AtiHDAudioService - ok
23:40:48.0244 0x0f78 [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:40:48.0571 0x0f78 atikmdag - ok
23:40:48.0681 0x0f78 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:40:48.0743 0x0f78 AudioEndpointBuilder - ok
23:40:48.0774 0x0f78 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:40:48.0805 0x0f78 AudioSrv - ok
23:40:48.0852 0x0f78 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:40:48.0930 0x0f78 AxInstSV - ok
23:40:48.0977 0x0f78 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:40:49.0039 0x0f78 b06bdrv - ok
23:40:49.0071 0x0f78 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:40:49.0133 0x0f78 b57nd60a - ok
23:40:49.0164 0x0f78 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:40:49.0211 0x0f78 BDESVC - ok
23:40:49.0227 0x0f78 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:40:49.0273 0x0f78 Beep - ok
23:40:49.0336 0x0f78 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
23:40:49.0445 0x0f78 BFE - ok
23:40:49.0492 0x0f78 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
23:40:49.0679 0x0f78 BITS - ok
23:40:49.0695 0x0f78 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:40:49.0726 0x0f78 blbdrive - ok
23:40:49.0757 0x0f78 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:40:49.0804 0x0f78 bowser - ok
23:40:49.0835 0x0f78 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:40:49.0913 0x0f78 BrFiltLo - ok
23:40:49.0913 0x0f78 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:40:49.0944 0x0f78 BrFiltUp - ok
23:40:49.0991 0x0f78 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
23:40:50.0053 0x0f78 Browser - ok
23:40:50.0069 0x0f78 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:40:50.0116 0x0f78 Brserid - ok
23:40:50.0116 0x0f78 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:40:50.0147 0x0f78 BrSerWdm - ok
23:40:50.0178 0x0f78 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:40:50.0303 0x0f78 BrUsbMdm - ok
23:40:50.0319 0x0f78 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:40:50.0365 0x0f78 BrUsbSer - ok
23:40:50.0412 0x0f78 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:40:50.0475 0x0f78 BTHMODEM - ok
23:40:50.0506 0x0f78 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:40:50.0553 0x0f78 bthserv - ok
23:40:50.0584 0x0f78 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:40:50.0646 0x0f78 cdfs - ok
23:40:50.0677 0x0f78 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:40:50.0693 0x0f78 cdrom - ok
23:40:50.0724 0x0f78 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
23:40:50.0787 0x0f78 CertPropSvc - ok
23:40:50.0818 0x0f78 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:40:50.0849 0x0f78 circlass - ok
23:40:50.0896 0x0f78 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
23:40:50.0943 0x0f78 CLFS - ok
23:40:50.0974 0x0f78 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:40:51.0005 0x0f78 clr_optimization_v2.0.50727_32 - ok
23:40:51.0021 0x0f78 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:40:51.0052 0x0f78 clr_optimization_v2.0.50727_64 - ok
23:40:51.0114 0x0f78 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:40:51.0145 0x0f78 clr_optimization_v4.0.30319_32 - ok
23:40:51.0161 0x0f78 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:40:51.0192 0x0f78 clr_optimization_v4.0.30319_64 - ok
23:40:51.0239 0x0f78 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:40:51.0270 0x0f78 CmBatt - ok
23:40:51.0286 0x0f78 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:40:51.0301 0x0f78 cmdide - ok
23:40:51.0333 0x0f78 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
23:40:51.0395 0x0f78 CNG - ok
23:40:51.0426 0x0f78 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:40:51.0442 0x0f78 Compbatt - ok
23:40:51.0473 0x0f78 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:40:51.0504 0x0f78 CompositeBus - ok
23:40:51.0520 0x0f78 COMSysApp - ok
23:40:51.0535 0x0f78 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:40:51.0551 0x0f78 crcdisk - ok
23:40:51.0598 0x0f78 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:40:51.0645 0x0f78 CryptSvc - ok
23:40:51.0676 0x0f78 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
23:40:51.0754 0x0f78 CSC - ok
23:40:51.0801 0x0f78 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
23:40:51.0879 0x0f78 CscService - ok
23:40:51.0925 0x0f78 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:40:52.0019 0x0f78 DcomLaunch - ok
23:40:52.0050 0x0f78 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:40:52.0113 0x0f78 defragsvc - ok
23:40:52.0159 0x0f78 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:40:52.0222 0x0f78 DfsC - ok
23:40:52.0253 0x0f78 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:40:52.0300 0x0f78 dg_ssudbus - ok
23:40:52.0331 0x0f78 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:40:52.0409 0x0f78 Dhcp - ok
23:40:52.0487 0x0f78 [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll
23:40:52.0581 0x0f78 DiagTrack - ok
23:40:52.0596 0x0f78 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:40:52.0659 0x0f78 discache - ok
23:40:52.0705 0x0f78 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:40:52.0721 0x0f78 Disk - ok
23:40:52.0768 0x0f78 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:40:52.0815 0x0f78 Dnscache - ok
23:40:52.0861 0x0f78 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
23:40:52.0939 0x0f78 dot3svc - ok
23:40:52.0955 0x0f78 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
23:40:53.0017 0x0f78 DPS - ok
23:40:53.0049 0x0f78 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:40:53.0095 0x0f78 drmkaud - ok
23:40:53.0158 0x0f78 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:40:53.0220 0x0f78 DXGKrnl - ok
23:40:53.0267 0x0f78 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:40:53.0314 0x0f78 EapHost - ok
23:40:53.0454 0x0f78 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:40:53.0610 0x0f78 ebdrv - ok
23:40:53.0641 0x0f78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe
23:40:53.0688 0x0f78 EFS - ok
23:40:53.0719 0x0f78 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:40:53.0766 0x0f78 elxstor - ok
23:40:53.0797 0x0f78 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:40:53.0829 0x0f78 ErrDev - ok
23:40:53.0875 0x0f78 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:40:53.0953 0x0f78 EventSystem - ok
23:40:54.0000 0x0f78 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
23:40:54.0047 0x0f78 exfat - ok
23:40:54.0063 0x0f78 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:40:54.0125 0x0f78 fastfat - ok
23:40:54.0141 0x0f78 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:40:54.0172 0x0f78 fdc - ok
23:40:54.0203 0x0f78 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:40:54.0250 0x0f78 fdPHost - ok
23:40:54.0265 0x0f78 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:40:54.0312 0x0f78 FDResPub - ok
23:40:54.0328 0x0f78 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:40:54.0359 0x0f78 FileInfo - ok
23:40:54.0359 0x0f78 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:40:54.0421 0x0f78 Filetrace - ok
23:40:54.0437 0x0f78 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:40:54.0468 0x0f78 flpydisk - ok
23:40:54.0499 0x0f78 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:40:54.0546 0x0f78 FltMgr - ok
23:40:54.0609 0x0f78 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
23:40:54.0733 0x0f78 FontCache - ok
23:40:54.0749 0x0f78 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:40:54.0780 0x0f78 FsDepends - ok
23:40:54.0796 0x0f78 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:40:54.0811 0x0f78 Fs_Rec - ok
23:40:54.0858 0x0f78 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:40:54.0874 0x0f78 fvevol - ok
23:40:54.0905 0x0f78 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:40:54.0921 0x0f78 gagp30kx - ok
23:40:54.0967 0x0f78 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:40:54.0983 0x0f78 GEARAspiWDM - ok
23:40:55.0030 0x0f78 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
23:40:55.0108 0x0f78 gpsvc - ok
23:40:55.0123 0x0f78 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:40:55.0155 0x0f78 hcw85cir - ok
23:40:55.0233 0x0f78 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:40:55.0279 0x0f78 HdAudAddService - ok
23:40:55.0295 0x0f78 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:40:55.0326 0x0f78 HDAudBus - ok
23:40:55.0326 0x0f78 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:40:55.0357 0x0f78 HidBatt - ok
23:40:55.0373 0x0f78 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:40:55.0404 0x0f78 HidBth - ok
23:40:55.0420 0x0f78 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:40:55.0451 0x0f78 HidIr - ok
23:40:55.0467 0x0f78 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
23:40:55.0529 0x0f78 hidserv - ok
23:40:55.0560 0x0f78 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:40:55.0623 0x0f78 HidUsb - ok
23:40:55.0638 0x0f78 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:40:55.0701 0x0f78 hkmsvc - ok
23:40:55.0716 0x0f78 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:40:55.0779 0x0f78 HomeGroupListener - ok
23:40:55.0810 0x0f78 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:40:55.0841 0x0f78 HomeGroupProvider - ok
23:40:55.0872 0x0f78 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:40:55.0903 0x0f78 HpSAMD - ok
23:40:55.0966 0x0f78 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:40:56.0028 0x0f78 HTTP - ok
23:40:56.0059 0x0f78 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:40:56.0075 0x0f78 hwpolicy - ok
23:40:56.0091 0x0f78 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:40:56.0137 0x0f78 i8042prt - ok
23:40:56.0184 0x0f78 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:40:56.0215 0x0f78 iaStorV - ok
23:40:56.0231 0x0f78 IEEtwCollectorService - ok
23:40:56.0262 0x0f78 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:40:56.0278 0x0f78 iirsp - ok
23:40:56.0325 0x0f78 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
23:40:56.0387 0x0f78 IKEEXT - ok
23:40:56.0418 0x0f78 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
23:40:56.0434 0x0f78 intelide - ok
23:40:56.0449 0x0f78 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:40:56.0481 0x0f78 intelppm - ok
23:40:56.0512 0x0f78 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:40:56.0559 0x0f78 IPBusEnum - ok
23:40:56.0590 0x0f78 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:40:56.0637 0x0f78 IpFilterDriver - ok
23:40:56.0683 0x0f78 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:40:56.0761 0x0f78 iphlpsvc - ok
23:40:56.0777 0x0f78 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:40:56.0808 0x0f78 IPMIDRV - ok
23:40:56.0839 0x0f78 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:40:56.0902 0x0f78 IPNAT - ok
23:40:57.0011 0x0f78 [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:40:57.0042 0x0f78 iPod Service - ok
23:40:57.0073 0x0f78 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:40:57.0120 0x0f78 IRENUM - ok
23:40:57.0151 0x0f78 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:40:57.0167 0x0f78 isapnp - ok
23:40:57.0198 0x0f78 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:40:57.0229 0x0f78 iScsiPrt - ok
23:40:57.0276 0x0f78 [ 7DBAFE10C1B777305C80BEA42FBDA710, 768638FAD1FF94F2C15E2F1558F9A03730195B041CCBBC82241EC1F92CD7D46F ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
23:40:57.0307 0x0f78 k57nd60a - ok
23:40:57.0354 0x0f78 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:40:57.0370 0x0f78 kbdclass - ok
23:40:57.0385 0x0f78 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:40:57.0417 0x0f78 kbdhid - ok
23:40:57.0432 0x0f78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe
23:40:57.0463 0x0f78 KeyIso - ok
23:40:57.0479 0x0f78 [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:40:57.0495 0x0f78 KSecDD - ok
23:40:57.0510 0x0f78 [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:40:57.0541 0x0f78 KSecPkg - ok
23:40:57.0541 0x0f78 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:40:57.0604 0x0f78 ksthunk - ok
23:40:57.0651 0x0f78 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:40:57.0713 0x0f78 KtmRm - ok
23:40:57.0760 0x0f78 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:40:57.0822 0x0f78 LanmanServer - ok
23:40:57.0869 0x0f78 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:40:57.0916 0x0f78 LanmanWorkstation - ok
23:40:57.0978 0x0f78 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:40:58.0041 0x0f78 lltdio - ok
23:40:58.0072 0x0f78 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:40:58.0150 0x0f78 lltdsvc - ok
23:40:58.0181 0x0f78 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:40:58.0228 0x0f78 lmhosts - ok
23:40:58.0259 0x0f78 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:40:58.0275 0x0f78 LSI_FC - ok
23:40:58.0306 0x0f78 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:40:58.0321 0x0f78 LSI_SAS - ok
23:40:58.0353 0x0f78 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:40:58.0368 0x0f78 LSI_SAS2 - ok
23:40:58.0384 0x0f78 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:40:58.0399 0x0f78 LSI_SCSI - ok
23:40:58.0431 0x0f78 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
23:40:58.0477 0x0f78 luafv - ok
23:40:58.0509 0x0f78 [ D3311B31C470E7681B14D9B014CBF9ED, 8F7053B92E0354D779988ABDADA265C102F13FD56F825054F21721BA36A15EA8 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
23:40:58.0540 0x0f78 mbamchameleon - ok
23:40:58.0555 0x0f78 [ 5C3669B71657F22E67A1D4BD49D2CBE7, 7CAE59AA6CA9CBBD70BBD707A155FB169BF3F71096275BF7C0F415B6A092C671 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:40:58.0571 0x0f78 MBAMProtector - ok
23:40:58.0696 0x0f78 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
23:40:58.0774 0x0f78 MBAMScheduler - ok
23:40:58.0836 0x0f78 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
23:40:58.0899 0x0f78 MBAMService - ok
23:40:58.0914 0x0f78 [ 95EF63A7827D4E3A229CBBCB42619E93, FA38DD035B2C4FC82B60868F49D45A39FBBC96096AAD5A2C8BD752A250255BA7 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
23:40:58.0930 0x0f78 MBAMWebAccessControl - ok
23:40:58.0945 0x0f78 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:40:58.0961 0x0f78 megasas - ok
23:40:58.0992 0x0f78 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:40:59.0008 0x0f78 MegaSR - ok
23:40:59.0101 0x0f78 Microsoft SharePoint Workspace Audit Service - ok
23:40:59.0133 0x0f78 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:40:59.0179 0x0f78 MMCSS - ok
23:40:59.0195 0x0f78 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:40:59.0242 0x0f78 Modem - ok
23:40:59.0257 0x0f78 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:40:59.0289 0x0f78 monitor - ok
23:40:59.0304 0x0f78 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:40:59.0320 0x0f78 mouclass - ok
23:40:59.0351 0x0f78 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:40:59.0382 0x0f78 mouhid - ok
23:40:59.0413 0x0f78 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:40:59.0429 0x0f78 mountmgr - ok
23:40:59.0460 0x0f78 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:40:59.0491 0x0f78 MozillaMaintenance - ok
23:40:59.0538 0x0f78 [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
23:40:59.0569 0x0f78 MpFilter - ok
23:40:59.0601 0x0f78 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:40:59.0616 0x0f78 mpio - ok
23:40:59.0663 0x0f78 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:40:59.0710 0x0f78 mpsdrv - ok
23:40:59.0772 0x0f78 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:40:59.0866 0x0f78 MpsSvc - ok
23:40:59.0897 0x0f78 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:40:59.0959 0x0f78 MRxDAV - ok
23:40:59.0975 0x0f78 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:41:00.0037 0x0f78 mrxsmb - ok
23:41:00.0053 0x0f78 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:41:00.0084 0x0f78 mrxsmb10 - ok
23:41:00.0100 0x0f78 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:41:00.0131 0x0f78 mrxsmb20 - ok
23:41:00.0162 0x0f78 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
23:41:00.0178 0x0f78 msahci - ok
23:41:00.0193 0x0f78 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:41:00.0209 0x0f78 msdsm - ok
23:41:00.0225 0x0f78 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:41:00.0271 0x0f78 MSDTC - ok
23:41:00.0318 0x0f78 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:41:00.0365 0x0f78 Msfs - ok
23:41:00.0381 0x0f78 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:41:00.0427 0x0f78 mshidkmdf - ok
23:41:00.0459 0x0f78 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:41:00.0474 0x0f78 msisadrv - ok
23:41:00.0521 0x0f78 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:41:00.0583 0x0f78 MSiSCSI - ok
23:41:00.0583 0x0f78 msiserver - ok
23:41:00.0615 0x0f78 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:41:00.0646 0x0f78 MSKSSRV - ok
23:41:00.0693 0x0f78 [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:41:00.0724 0x0f78 MsMpSvc - ok
23:41:00.0724 0x0f78 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:41:00.0786 0x0f78 MSPCLOCK - ok
23:41:00.0802 0x0f78 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:41:00.0864 0x0f78 MSPQM - ok
23:41:00.0895 0x0f78 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:41:00.0927 0x0f78 MsRPC - ok
23:41:00.0958 0x0f78 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:41:00.0973 0x0f78 mssmbios - ok
23:41:00.0989 0x0f78 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:41:01.0036 0x0f78 MSTEE - ok
23:41:01.0051 0x0f78 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:41:01.0083 0x0f78 MTConfig - ok
23:41:01.0114 0x0f78 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:41:01.0129 0x0f78 Mup - ok
23:41:01.0176 0x0f78 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
23:41:01.0239 0x0f78 napagent - ok
23:41:01.0285 0x0f78 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:41:01.0348 0x0f78 NativeWifiP - ok
23:41:01.0457 0x0f78 [ E59AFB64C2F6E0C99350E1C944C75088, 10A9044192D0A83857A57286EABB05037922860483DA2B05AFCC485A8311E4EF ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
23:41:01.0504 0x0f78 NAUpdate - ok
23:41:01.0582 0x0f78 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
23:41:01.0644 0x0f78 NDIS - ok
23:41:01.0691 0x0f78 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:41:01.0738 0x0f78 NdisCap - ok
23:41:01.0753 0x0f78 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:41:01.0816 0x0f78 NdisTapi - ok
23:41:01.0863 0x0f78 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:41:01.0909 0x0f78 Ndisuio - ok
23:41:01.0925 0x0f78 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:41:01.0987 0x0f78 NdisWan - ok
23:41:02.0019 0x0f78 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:41:02.0081 0x0f78 NDProxy - ok
23:41:02.0112 0x0f78 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:41:02.0175 0x0f78 NetBIOS - ok
23:41:02.0206 0x0f78 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:41:02.0284 0x0f78 NetBT - ok
23:41:02.0299 0x0f78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe
23:41:02.0315 0x0f78 Netlogon - ok
23:41:02.0346 0x0f78 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:41:02.0409 0x0f78 Netman - ok
23:41:02.0455 0x0f78 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:41:02.0487 0x0f78 NetMsmqActivator - ok
23:41:02.0502 0x0f78 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:41:02.0533 0x0f78 NetPipeActivator - ok
23:41:02.0549 0x0f78 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:41:02.0611 0x0f78 netprofm - ok
23:41:02.0627 0x0f78 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:41:02.0643 0x0f78 NetTcpActivator - ok
23:41:02.0658 0x0f78 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:41:02.0674 0x0f78 NetTcpPortSharing - ok
23:41:02.0939 0x0f78 [ 4D85A450EDEF10C38882182753A49AAE, FB6C2D91B2CF834315498BB31F931E2A49066A3158A588FD705F59628DF2F8FC ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
23:41:03.0313 0x0f78 NETw5s64 - ok
23:41:03.0532 0x0f78 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
23:41:03.0766 0x0f78 netw5v64 - ok
23:41:03.0828 0x0f78 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:41:03.0844 0x0f78 nfrd960 - ok
23:41:03.0906 0x0f78 [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:41:03.0922 0x0f78 NisDrv - ok
23:41:03.0953 0x0f78 [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
23:41:04.0000 0x0f78 NisSrv - ok
23:41:04.0047 0x0f78 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:41:04.0109 0x0f78 NlaSvc - ok
23:41:04.0125 0x0f78 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:41:04.0171 0x0f78 Npfs - ok
23:41:04.0187 0x0f78 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
23:41:04.0249 0x0f78 nsi - ok
23:41:04.0281 0x0f78 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:41:04.0343 0x0f78 nsiproxy - ok
23:41:04.0405 0x0f78 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:41:04.0499 0x0f78 Ntfs - ok
23:41:04.0515 0x0f78 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
23:41:04.0577 0x0f78 Null - ok
23:41:04.0593 0x0f78 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:41:04.0624 0x0f78 nvraid - ok
23:41:04.0639 0x0f78 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:41:04.0671 0x0f78 nvstor - ok
23:41:04.0702 0x0f78 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:41:04.0717 0x0f78 nv_agp - ok
23:41:04.0827 0x0f78 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:41:04.0858 0x0f78 odserv - ok
23:41:04.0905 0x0f78 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:41:04.0936 0x0f78 ohci1394 - ok
23:41:04.0967 0x0f78 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:41:04.0983 0x0f78 ose - ok
23:41:05.0201 0x0f78 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:41:05.0419 0x0f78 osppsvc - ok
23:41:05.0466 0x0f78 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:41:05.0544 0x0f78 p2pimsvc - ok
23:41:05.0575 0x0f78 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:41:05.0622 0x0f78 p2psvc - ok
23:41:05.0653 0x0f78 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:41:05.0669 0x0f78 Parport - ok
23:41:05.0700 0x0f78 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:41:05.0716 0x0f78 partmgr - ok
23:41:05.0747 0x0f78 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:41:05.0794 0x0f78 PcaSvc - ok
23:41:05.0809 0x0f78 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
23:41:05.0841 0x0f78 pci - ok
23:41:05.0856 0x0f78 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
23:41:05.0872 0x0f78 pciide - ok
23:41:05.0887 0x0f78 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:41:05.0919 0x0f78 pcmcia - ok
23:41:05.0934 0x0f78 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:41:05.0950 0x0f78 pcw - ok
23:41:05.0981 0x0f78 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:41:06.0043 0x0f78 PEAUTH - ok
23:41:06.0121 0x0f78 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:41:06.0231 0x0f78 PeerDistSvc - ok
23:41:06.0309 0x0f78 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:41:06.0340 0x0f78 PerfHost - ok
23:41:06.0418 0x0f78 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
23:41:06.0527 0x0f78 pla - ok
23:41:06.0574 0x0f78 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:41:06.0652 0x0f78 PlugPlay - ok
23:41:06.0667 0x0f78 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:41:06.0699 0x0f78 PNRPAutoReg - ok
23:41:06.0730 0x0f78 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:41:06.0745 0x0f78 PNRPsvc - ok
23:41:06.0808 0x0f78 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:41:06.0886 0x0f78 PolicyAgent - ok
23:41:06.0917 0x0f78 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
23:41:06.0979 0x0f78 Power - ok
23:41:07.0011 0x0f78 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:41:07.0057 0x0f78 PptpMiniport - ok
23:41:07.0089 0x0f78 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:41:07.0120 0x0f78 Processor - ok
23:41:07.0135 0x0f78 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
23:41:07.0198 0x0f78 ProfSvc - ok
23:41:07.0213 0x0f78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:41:07.0245 0x0f78 ProtectedStorage - ok
23:41:07.0276 0x0f78 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:41:07.0323 0x0f78 Psched - ok
23:41:07.0385 0x0f78 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:41:07.0479 0x0f78 ql2300 - ok
23:41:07.0510 0x0f78 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:41:07.0525 0x0f78 ql40xx - ok
23:41:07.0557 0x0f78 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:41:07.0603 0x0f78 QWAVE - ok
23:41:07.0619 0x0f78 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:41:07.0666 0x0f78 QWAVEdrv - ok
23:41:07.0666 0x0f78 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:41:07.0728 0x0f78 RasAcd - ok
23:41:07.0759 0x0f78 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:41:07.0806 0x0f78 RasAgileVpn - ok
23:41:07.0837 0x0f78 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:41:07.0884 0x0f78 RasAuto - ok
23:41:07.0931 0x0f78 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:41:07.0978 0x0f78 Rasl2tp - ok
23:41:08.0009 0x0f78 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
23:41:08.0087 0x0f78 RasMan - ok
23:41:08.0118 0x0f78 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:41:08.0165 0x0f78 RasPppoe - ok
23:41:08.0196 0x0f78 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:41:08.0259 0x0f78 RasSstp - ok
23:41:08.0290 0x0f78 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:41:08.0368 0x0f78 rdbss - ok
23:41:08.0383 0x0f78 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:41:08.0415 0x0f78 rdpbus - ok
23:41:08.0430 0x0f78 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:41:08.0477 0x0f78 RDPCDD - ok
23:41:08.0524 0x0f78 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:41:08.0571 0x0f78 RDPDR - ok
23:41:08.0586 0x0f78 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:41:08.0633 0x0f78 RDPENCDD - ok
23:41:08.0649 0x0f78 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:41:08.0695 0x0f78 RDPREFMP - ok
23:41:08.0789 0x0f78 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:41:08.0851 0x0f78 RdpVideoMiniport - ok
23:41:08.0883 0x0f78 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:41:08.0929 0x0f78 RDPWD - ok
23:41:08.0976 0x0f78 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:41:08.0992 0x0f78 rdyboost - ok
23:41:09.0023 0x0f78 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:41:09.0070 0x0f78 RemoteAccess - ok
23:41:09.0101 0x0f78 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:41:09.0163 0x0f78 RemoteRegistry - ok
23:41:09.0179 0x0f78 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:41:09.0226 0x0f78 RpcEptMapper - ok
23:41:09.0257 0x0f78 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:41:09.0288 0x0f78 RpcLocator - ok
23:41:09.0335 0x0f78 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
23:41:09.0382 0x0f78 RpcSs - ok
23:41:09.0413 0x0f78 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:41:09.0475 0x0f78 rspndr - ok
23:41:09.0491 0x0f78 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:41:09.0538 0x0f78 s3cap - ok
23:41:09.0553 0x0f78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe
23:41:09.0569 0x0f78 SamSs - ok
23:41:09.0631 0x0f78 [ 328100AF2EFD951EAB657384EC361B6F, 2DECBF74E13511395AA13F931F06F4D557E67654DA3314D0095C332FB758B4D9 ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
23:41:09.0647 0x0f78 SamsungAllShareV2.0 - ok
23:41:09.0678 0x0f78 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:41:09.0694 0x0f78 sbp2port - ok
23:41:09.0725 0x0f78 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:41:09.0787 0x0f78 SCardSvr - ok
23:41:09.0803 0x0f78 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:41:09.0865 0x0f78 scfilter - ok
23:41:09.0928 0x0f78 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
23:41:10.0037 0x0f78 Schedule - ok
23:41:10.0068 0x0f78 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:41:10.0099 0x0f78 SCPolicySvc - ok
23:41:10.0131 0x0f78 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:41:10.0177 0x0f78 SDRSVC - ok
23:41:10.0209 0x0f78 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:41:10.0255 0x0f78 secdrv - ok
23:41:10.0271 0x0f78 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
23:41:10.0333 0x0f78 seclogon - ok
23:41:10.0365 0x0f78 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
23:41:10.0396 0x0f78 SENS - ok
23:41:10.0411 0x0f78 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:41:10.0443 0x0f78 SensrSvc - ok
23:41:10.0443 0x0f78 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:41:10.0474 0x0f78 Serenum - ok
23:41:10.0505 0x0f78 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:41:10.0536 0x0f78 Serial - ok
23:41:10.0552 0x0f78 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:41:10.0583 0x0f78 sermouse - ok
23:41:10.0630 0x0f78 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
23:41:10.0692 0x0f78 SessionEnv - ok
23:41:10.0708 0x0f78 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:41:10.0739 0x0f78 sffdisk - ok
23:41:10.0755 0x0f78 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:41:10.0786 0x0f78 sffp_mmc - ok
23:41:10.0801 0x0f78 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:41:10.0817 0x0f78 sffp_sd - ok
23:41:10.0833 0x0f78 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:41:10.0864 0x0f78 sfloppy - ok
23:41:10.0895 0x0f78 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:41:10.0973 0x0f78 SharedAccess - ok
23:41:11.0004 0x0f78 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:41:11.0067 0x0f78 ShellHWDetection - ok
23:41:11.0098 0x0f78 [ 1980FE1F5A32067DAD1D8776B63C2669, 26B53EAF89CDBBA8FFA154DBB1F1DA348F894FE1F1D0CA4060E32496464DD5D2 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
23:41:11.0113 0x0f78 SimpleSlideShowServer - ok
23:41:11.0113 0x0f78 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:41:11.0129 0x0f78 SiSRaid2 - ok
23:41:11.0160 0x0f78 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:41:11.0176 0x0f78 SiSRaid4 - ok
23:41:11.0191 0x0f78 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:41:11.0254 0x0f78 Smb - ok
23:41:11.0269 0x0f78 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:41:11.0301 0x0f78 SNMPTRAP - ok
23:41:11.0332 0x0f78 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:41:11.0347 0x0f78 spldr - ok
23:41:11.0394 0x0f78 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
23:41:11.0472 0x0f78 Spooler - ok
23:41:11.0613 0x0f78 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
23:41:11.0800 0x0f78 sppsvc - ok
23:41:11.0847 0x0f78 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:41:11.0893 0x0f78 sppuinotify - ok
23:41:11.0971 0x0f78 [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd C:\Windows\system32\Drivers\sptd.sys
23:41:11.0971 0x0f78 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB, sha256: C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA
23:41:11.0987 0x0f78 sptd - detected LockedFile.Multi.Generic ( 1 )
23:41:14.0811 0x0f78 Detect skipped due to KSN trusted
23:41:14.0811 0x0f78 sptd - ok
23:41:14.0873 0x0f78 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:41:14.0951 0x0f78 srv - ok
23:41:14.0982 0x0f78 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:41:15.0013 0x0f78 srv2 - ok
23:41:15.0060 0x0f78 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:41:15.0091 0x0f78 srvnet - ok
23:41:15.0123 0x0f78 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:41:15.0185 0x0f78 SSDPSRV - ok
23:41:15.0201 0x0f78 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:41:15.0247 0x0f78 SstpSvc - ok
23:41:15.0294 0x0f78 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
23:41:15.0325 0x0f78 ssudmdm - ok
23:41:15.0357 0x0f78 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:41:15.0388 0x0f78 stexstor - ok
23:41:15.0450 0x0f78 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
23:41:15.0513 0x0f78 stisvc - ok
23:41:15.0544 0x0f78 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:41:15.0559 0x0f78 storflt - ok
23:41:15.0591 0x0f78 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
23:41:15.0637 0x0f78 StorSvc - ok
23:41:15.0653 0x0f78 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:41:15.0669 0x0f78 storvsc - ok
23:41:15.0684 0x0f78 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
23:41:15.0700 0x0f78 swenum - ok
23:41:15.0747 0x0f78 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:41:15.0825 0x0f78 swprv - ok
23:41:15.0903 0x0f78 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
23:41:16.0027 0x0f78 SysMain - ok
23:41:16.0090 0x0f78 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:41:16.0121 0x0f78 TabletInputService - ok
23:41:16.0152 0x0f78 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
23:41:16.0215 0x0f78 TapiSrv - ok
23:41:16.0246 0x0f78 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
23:41:16.0308 0x0f78 TBS - ok
23:41:16.0402 0x0f78 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:41:16.0511 0x0f78 Tcpip - ok
23:41:16.0589 0x0f78 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:41:16.0651 0x0f78 TCPIP6 - ok
23:41:16.0683 0x0f78 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:41:16.0714 0x0f78 tcpipreg - ok
23:41:16.0745 0x0f78 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:41:16.0792 0x0f78 TDPIPE - ok
23:41:16.0807 0x0f78 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:41:16.0839 0x0f78 TDTCP - ok
23:41:16.0854 0x0f78 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:41:16.0917 0x0f78 tdx - ok
23:41:16.0948 0x0f78 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
23:41:16.0963 0x0f78 TermDD - ok
23:41:16.0995 0x0f78 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
23:41:17.0088 0x0f78 TermService - ok
23:41:17.0104 0x0f78 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:41:17.0151 0x0f78 Themes - ok
23:41:17.0182 0x0f78 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:41:17.0260 0x0f78 THREADORDER - ok
23:41:17.0275 0x0f78 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:41:17.0338 0x0f78 TrkWks - ok
23:41:17.0385 0x0f78 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:41:17.0447 0x0f78 TrustedInstaller - ok
23:41:17.0463 0x0f78 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:41:17.0509 0x0f78 tssecsrv - ok
23:41:17.0525 0x0f78 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:41:17.0572 0x0f78 TsUsbFlt - ok
23:41:17.0619 0x0f78 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:41:17.0665 0x0f78 tunnel - ok
23:41:17.0697 0x0f78 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:41:17.0712 0x0f78 uagp35 - ok
23:41:17.0743 0x0f78 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:41:17.0821 0x0f78 udfs - ok
23:41:17.0868 0x0f78 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:41:17.0899 0x0f78 UI0Detect - ok
23:41:17.0931 0x0f78 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:41:17.0946 0x0f78 uliagpkx - ok
23:41:17.0978 0x0f78 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:41:18.0009 0x0f78 umbus - ok
23:41:18.0040 0x0f78 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:41:18.0071 0x0f78 UmPass - ok
23:41:18.0118 0x0f78 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
23:41:18.0165 0x0f78 UmRdpService - ok
23:41:18.0196 0x0f78 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:41:18.0274 0x0f78 upnphost - ok
23:41:18.0305 0x0f78 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:41:18.0336 0x0f78 USBAAPL64 - ok
23:41:18.0368 0x0f78 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:41:18.0430 0x0f78 usbccgp - ok
23:41:18.0446 0x0f78 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:41:18.0492 0x0f78 usbcir - ok
23:41:18.0524 0x0f78 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:41:18.0539 0x0f78 usbehci - ok
23:41:18.0586 0x0f78 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:41:18.0633 0x0f78 usbhub - ok
23:41:18.0648 0x0f78 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:41:18.0680 0x0f78 usbohci - ok
23:41:18.0711 0x0f78 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:41:18.0742 0x0f78 usbprint - ok
23:41:18.0773 0x0f78 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:41:18.0820 0x0f78 usbscan - ok
23:41:18.0851 0x0f78 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:41:18.0882 0x0f78 USBSTOR - ok
23:41:18.0914 0x0f78 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:41:18.0929 0x0f78 usbuhci - ok
23:41:18.0976 0x0f78 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:41:19.0007 0x0f78 usbvideo - ok
23:41:19.0038 0x0f78 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:41:19.0085 0x0f78 UxSms - ok
23:41:19.0101 0x0f78 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe
23:41:19.0116 0x0f78 VaultSvc - ok
23:41:19.0163 0x0f78 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:41:19.0179 0x0f78 vdrvroot - ok
23:41:19.0226 0x0f78 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
23:41:19.0304 0x0f78 vds - ok
23:41:19.0319 0x0f78 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:41:19.0350 0x0f78 vga - ok
23:41:19.0366 0x0f78 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:41:19.0413 0x0f78 VgaSave - ok
23:41:19.0460 0x0f78 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:41:19.0475 0x0f78 vhdmp - ok
23:41:19.0506 0x0f78 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
23:41:19.0522 0x0f78 viaide - ok
23:41:19.0553 0x0f78 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:41:19.0569 0x0f78 vmbus - ok
23:41:19.0584 0x0f78 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:41:19.0600 0x0f78 VMBusHID - ok
23:41:19.0616 0x0f78 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:41:19.0631 0x0f78 volmgr - ok
23:41:19.0678 0x0f78 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:41:19.0709 0x0f78 volmgrx - ok
23:41:19.0740 0x0f78 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:41:19.0772 0x0f78 volsnap - ok
23:41:19.0834 0x0f78 [ 0BD37CBF66CF79F43A68F7ADEDD6769D, 33A7DA47AA3689AE37929B0011A3DB9F55E8BDDB166C13DF2F4BE07000804264 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
23:41:19.0896 0x0f78 vpnagent - ok
23:41:19.0928 0x0f78 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\Windows\system32\DRIVERS\vpnva64-6.sys
23:41:19.0959 0x0f78 vpnva - ok
23:41:20.0006 0x0f78 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:41:20.0037 0x0f78 vsmraid - ok
23:41:20.0099 0x0f78 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
23:41:20.0224 0x0f78 VSS - ok
23:41:20.0240 0x0f78 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:41:20.0271 0x0f78 vwifibus - ok
23:41:20.0286 0x0f78 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:41:20.0318 0x0f78 vwififlt - ok
23:41:20.0349 0x0f78 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:41:20.0427 0x0f78 W32Time - ok
23:41:20.0442 0x0f78 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:41:20.0474 0x0f78 WacomPen - ok
23:41:20.0505 0x0f78 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:41:20.0567 0x0f78 WANARP - ok
23:41:20.0567 0x0f78 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:41:20.0614 0x0f78 Wanarpv6 - ok
23:41:20.0692 0x0f78 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:41:20.0770 0x0f78 WatAdminSvc - ok
23:41:20.0832 0x0f78 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
23:41:20.0942 0x0f78 wbengine - ok
23:41:20.0973 0x0f78 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:41:21.0020 0x0f78 WbioSrvc - ok
23:41:21.0051 0x0f78 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:41:21.0113 0x0f78 wcncsvc - ok
23:41:21.0129 0x0f78 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:41:21.0176 0x0f78 WcsPlugInService - ok
23:41:21.0207 0x0f78 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:41:21.0222 0x0f78 Wd - ok
23:41:21.0269 0x0f78 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:41:21.0332 0x0f78 Wdf01000 - ok
23:41:21.0363 0x0f78 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:41:21.0394 0x0f78 WdiServiceHost - ok
23:41:21.0410 0x0f78 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:41:21.0425 0x0f78 WdiSystemHost - ok
23:41:21.0472 0x0f78 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
23:41:21.0534 0x0f78 WebClient - ok
23:41:21.0566 0x0f78 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:41:21.0612 0x0f78 Wecsvc - ok
23:41:21.0628 0x0f78 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:41:21.0675 0x0f78 wercplsupport - ok
23:41:21.0722 0x0f78 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:41:21.0768 0x0f78 WerSvc - ok
23:41:21.0784 0x0f78 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:41:21.0831 0x0f78 WfpLwf - ok
23:41:21.0846 0x0f78 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:41:21.0862 0x0f78 WIMMount - ok
23:41:21.0893 0x0f78 WinDefend - ok
23:41:21.0893 0x0f78 WinHttpAutoProxySvc - ok
23:41:21.0956 0x0f78 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:41:22.0002 0x0f78 Winmgmt - ok
23:41:22.0096 0x0f78 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
23:41:22.0221 0x0f78 WinRM - ok
23:41:22.0268 0x0f78 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:41:22.0283 0x0f78 WinUsb - ok
23:41:22.0346 0x0f78 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:41:22.0408 0x0f78 Wlansvc - ok
23:41:22.0455 0x0f78 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:41:22.0486 0x0f78 WmiAcpi - ok
23:41:22.0517 0x0f78 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:41:22.0564 0x0f78 wmiApSrv - ok
23:41:22.0580 0x0f78 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:41:22.0611 0x0f78 WPCSvc - ok
23:41:22.0642 0x0f78 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:41:22.0704 0x0f78 WPDBusEnum - ok
23:41:22.0720 0x0f78 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:41:22.0751 0x0f78 ws2ifsl - ok
23:41:22.0782 0x0f78 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
23:41:22.0814 0x0f78 wscsvc - ok
23:41:22.0814 0x0f78 WSearch - ok
23:41:22.0923 0x0f78 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
23:41:23.0063 0x0f78 wuauserv - ok
23:41:23.0094 0x0f78 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:41:23.0126 0x0f78 WudfPf - ok
23:41:23.0172 0x0f78 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:41:23.0219 0x0f78 WUDFRd - ok
23:41:23.0250 0x0f78 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:41:23.0266 0x0f78 wudfsvc - ok
23:41:23.0297 0x0f78 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
23:41:23.0328 0x0f78 WwanSvc - ok
23:41:23.0360 0x0f78 ================ Scan global ===============================
23:41:23.0391 0x0f78 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:41:23.0406 0x0f78 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
23:41:23.0422 0x0f78 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
23:41:23.0453 0x0f78 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:41:23.0484 0x0f78 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
23:41:23.0500 0x0f78 [ Global ] - ok
23:41:23.0500 0x0f78 ================ Scan MBR ==================================
23:41:23.0516 0x0f78 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:41:23.0796 0x0f78 \Device\Harddisk0\DR0 - ok
23:41:23.0796 0x0f78 ================ Scan VBR ==================================
23:41:23.0812 0x0f78 [ AB7B6DA4F5478BB08D5B8C6745A3F827 ] \Device\Harddisk0\DR0\Partition1
23:41:23.0812 0x0f78 \Device\Harddisk0\DR0\Partition1 - ok
23:41:23.0812 0x0f78 [ BDF88A7D2CDE281C35ABA1E91C0F66C5 ] \Device\Harddisk0\DR0\Partition2
23:41:23.0812 0x0f78 \Device\Harddisk0\DR0\Partition2 - ok
23:41:23.0812 0x0f78 ================ Scan generic autorun ======================
23:41:23.0937 0x0f78 [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe
23:41:24.0015 0x0f78 MSC - ok
23:41:24.0108 0x0f78 [ AFF32534C8DEBC60607CDBCA3F18619C, 0701F91FFD15458383DD2AC40E538440F470A6BF5A5E53C55282083C8DF99912 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:41:24.0171 0x0f78 StartCCC - ok
23:41:24.0171 0x0f78 AMD AVT - ok
23:41:24.0218 0x0f78 [ 41864A56D8CCA3834788BA1E6CE9C97F, 268C90AD8800625582BFDDEB1BEA66C7ECB4749DBC90F52DA992C8CBF863950B ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
23:41:24.0436 0x0f78 Cisco AnyConnect Secure Mobility Agent for Windows - ok
23:41:24.0514 0x0f78 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:41:24.0608 0x0f78 Sidebar - ok
23:41:24.0639 0x0f78 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:41:24.0670 0x0f78 mctadmin - ok
23:41:24.0701 0x0f78 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:41:24.0748 0x0f78 Sidebar - ok
23:41:24.0764 0x0f78 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:41:24.0795 0x0f78 mctadmin - ok
23:41:24.0857 0x0f78 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
23:41:24.0951 0x0f78 Sidebar - ok
23:41:25.0076 0x0f78 [ 7E6B4AD487ED241D8224108E8E86A351, 8246F75DF64BBCC35CDC8DFF2F5157AD9523179344AC0517D42BAC99F2E87E8D ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe
23:41:25.0154 0x0f78 FlashPlayerUpdate - ok
23:41:25.0154 0x0f78 Waiting for KSN requests completion. In queue: 111
23:41:26.0168 0x0f78 Waiting for KSN requests completion. In queue: 111
23:41:27.0182 0x0f78 Waiting for KSN requests completion. In queue: 111
23:41:28.0305 0x0f78 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
23:41:28.0320 0x0f78 Win FW state via NFP2: enabled
23:41:31.0097 0x0f78 ============================================================
23:41:31.0097 0x0f78 Scan finished
23:41:31.0097 0x0f78 ============================================================
23:41:31.0113 0x0778 Detected object count: 0
23:41:31.0113 0x0778 Actual detected object count: 0
|
|
20.05.2015, 12:32
| #6 |
| /// the machine /// TB-Ausbilder | Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).
__________________ --> Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung |
|
25.05.2015, 22:55
| #7 |
| | Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung Danke für deine Hilfe bis jetzt Hier der Screenshot nach einem Neustart:  Was mir aufgefallen ist, dass Firefox und Adobe Reader immer einen Crash bzw. Freeze des Arbeitsspeichers verursacht haben. Auslastung ist dann immer auf 99-100% gewesen. Foxit hat jetzt Adobe ersetzt, aber bei Firefox besteht das Problem weiterhin. Kann das nicht nachvollziehen, weil das Problem erst seit kurzem besteht und bis jetzt der Arbeitsspeicher von 4GB immer gereicht hat für diese Anwendungen Danke |
|
26.05.2015, 18:55
| #8 |
| /// the machine /// TB-Ausbilder | Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Arbeitsspeicher / CPU vom Laptop (Acer Aspire 5738G) im Leerlauf bei mind. 80% Auslastung |
| acer, aktualisieren, aktualisierung, arbeitet, arbeitsspeicher, aspire, auslastung, cleaner, cpu, datenbank, firefox, laptop, laufenden, malwarebytes, neu, neues, neueste, nicht mehr, nichts, programme, seeeeehr, versuch, windows, woche, wochen |
Linear-Darstellung
